package io.trino.tests.product.hive;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.inject.Inject;
import com.google.inject.name.Named;
import io.trino.tempto.AfterMethodWithContext;
import io.trino.tempto.BeforeMethodWithContext;
import io.trino.tempto.assertions.QueryAssert;
import io.trino.tempto.query.QueryExecutor;
import io.trino.tests.product.TestGroups;
import io.trino.tests.product.cassandra.TestConstants;
import io.trino.tests.product.utils.QueryExecutors;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Stream;
import org.assertj.core.api.Assertions;
import org.testng.SkipException;
import org.testng.annotations.Test;

/* loaded from: input_file:io/trino/tests/product/hive/TestRoles.class */
public class TestRoles extends HiveProductTest {
    private static final String ROLE1 = "role1";
    private static final String ROLE2 = "role2";
    private static final String ROLE3 = "role3";
    private static final Set<String> TEST_ROLES = ImmutableSet.of(ROLE1, ROLE2, ROLE3);

    @Named("databases.presto.jdbc_user")
    @Inject
    private String userName;

    @BeforeMethodWithContext
    public void setUp() {
        QueryExecutors.onTrino().executeQuery("SET ROLE admin IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onHive().executeQuery("SET ROLE admin", new QueryExecutor.QueryParam[0]);
        cleanup();
    }

    @AfterMethodWithContext
    public void tearDown() {
        cleanup();
    }

    private void cleanup() {
        Set<String> listRoles = listRoles();
        for (String str : TEST_ROLES) {
            if (listRoles.contains(str)) {
                QueryExecutors.onHive().executeQuery(String.format("DROP ROLE %s", str), new QueryExecutor.QueryParam[0]);
            }
        }
    }

    private Set<String> listRoles() {
        Stream map = QueryExecutors.onHive().executeQuery("SHOW ROLES", new QueryExecutor.QueryParam[0]).rows().stream().map((v0) -> {
            return Iterables.getOnlyElement(v0);
        });
        Class<String> cls = String.class;
        Objects.requireNonNull(String.class);
        return (Set) map.map(cls::cast).collect(ImmutableSet.toImmutableSet());
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testCreateRole() {
        QueryExecutors.onTrino().executeQuery(String.format("CREATE ROLE %s IN hive", ROLE1), new QueryExecutor.QueryParam[0]);
        Assertions.assertThat(listRoles()).contains(new String[]{ROLE1});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testDropRole() {
        QueryExecutors.onHive().executeQuery(String.format("CREATE ROLE %s", ROLE1), new QueryExecutor.QueryParam[0]);
        Assertions.assertThat(listRoles()).contains(new String[]{ROLE1});
        QueryExecutors.onTrino().executeQuery(String.format("DROP ROLE %s IN hive", ROLE1), new QueryExecutor.QueryParam[0]);
        Assertions.assertThat(listRoles()).doesNotContain(new String[]{ROLE1});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testListRoles() {
        QueryExecutors.onTrino().executeQuery(String.format("CREATE ROLE %s IN hive", ROLE1), new QueryExecutor.QueryParam[0]);
        Assertions.assertThat(QueryExecutors.onTrino().executeQuery("SELECT * FROM hive.information_schema.roles", new QueryExecutor.QueryParam[0]).rows()).containsOnly((List[]) QueryExecutors.onHive().executeQuery("SHOW ROLES", new QueryExecutor.QueryParam[0]).rows().toArray(new List[0]));
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testListGrants() {
        if (getHiveVersionMajor() >= 3) {
            throw new SkipException("");
        }
        QueryExecutors.onTrino().executeQuery("SHOW GRANTS", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("SELECT * FROM information_schema.table_privileges", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE TABLE test_list_grants(c int)", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(QueryExecutors.onTrino().executeQuery("SHOW GRANTS", new QueryExecutor.QueryParam[0]))).contains(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{this.userName, "USER", this.userName, "USER", "hive", "default", "test_list_grants", "SELECT", "YES", null}), QueryAssert.Row.row(new Object[]{this.userName, "USER", this.userName, "USER", "hive", "default", "test_list_grants", "INSERT", "YES", null}), QueryAssert.Row.row(new Object[]{this.userName, "USER", this.userName, "USER", "hive", "default", "test_list_grants", "UPDATE", "YES", null}), QueryAssert.Row.row(new Object[]{this.userName, "USER", this.userName, "USER", "hive", "default", "test_list_grants", "DELETE", "YES", null})});
        ((QueryAssert) Assertions.assertThat(QueryExecutors.onTrino().executeQuery("SELECT * FROM information_schema.table_privileges", new QueryExecutor.QueryParam[0]))).contains(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{this.userName, "USER", this.userName, "USER", "hive", "default", "test_list_grants", "SELECT", "YES", null}), QueryAssert.Row.row(new Object[]{this.userName, "USER", this.userName, "USER", "hive", "default", "test_list_grants", "INSERT", "YES", null}), QueryAssert.Row.row(new Object[]{this.userName, "USER", this.userName, "USER", "hive", "default", "test_list_grants", "UPDATE", "YES", null}), QueryAssert.Row.row(new Object[]{this.userName, "USER", this.userName, "USER", "hive", "default", "test_list_grants", "DELETE", "YES", null})});
        QueryExecutors.onTrino().executeQuery("DROP TABLE test_list_grants", new QueryExecutor.QueryParam[0]);
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testCreateDuplicateRole() {
        QueryExecutors.onTrino().executeQuery(String.format("CREATE ROLE %s IN hive", ROLE1), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertQueryFailure(() -> {
            return QueryExecutors.onTrino().executeQuery(String.format("CREATE ROLE %s IN hive", ROLE1), new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Role '%s' already exists", new Object[]{ROLE1});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testDropNonExistentRole() {
        QueryAssert.assertQueryFailure(() -> {
            return QueryExecutors.onTrino().executeQuery(String.format("DROP ROLE %s IN hive", ROLE3), new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Role '%s' does not exist", new Object[]{ROLE3});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testCreateDropRoleAccessControl() {
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoAlice().executeQuery(String.format("CREATE ROLE %s IN hive", ROLE3), new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Cannot create role %s", new Object[]{ROLE3});
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoAlice().executeQuery(String.format("DROP ROLE %s IN hive", ROLE3), new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Cannot drop role %s", new Object[]{ROLE3});
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.roles", new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Cannot select from table information_schema.roles");
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testPublicRoleIsGrantedToEveryone() {
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).contains(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"})});
        ((QueryAssert) Assertions.assertThat(onPrestoBob().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).contains(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"bob", "USER", "public", "NO"})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testAdminRoleIsGrantedToHdfs() {
        ((QueryAssert) Assertions.assertThat(QueryExecutors.onTrino().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).contains(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{this.userName, "USER", "admin", QueryAssert.anyOf(new Object[]{"YES", "NO"})})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testGrantRoleToUser() {
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER alice IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "NO"})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testGrantRoleToRole() {
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER alice IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role2 TO ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "NO"}), QueryAssert.Row.row(new Object[]{ROLE1, "ROLE", ROLE2, "NO"})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testGrantRoleWithAdminOption() {
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER alice WITH ADMIN OPTION IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role2 TO ROLE role1 WITH ADMIN OPTION IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "YES"}), QueryAssert.Row.row(new Object[]{ROLE1, "ROLE", ROLE2, "YES"})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testGrantRoleMultipleTimes() {
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER alice IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role2 TO ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER alice IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role2 TO ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER alice WITH ADMIN OPTION IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role2 TO ROLE role1 WITH ADMIN OPTION IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER alice WITH ADMIN OPTION IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role2 TO ROLE role1 WITH ADMIN OPTION IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "YES"}), QueryAssert.Row.row(new Object[]{ROLE1, "ROLE", ROLE2, "YES"})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testRevokeRoleFromUser() {
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER alice IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "NO"})});
        QueryExecutors.onTrino().executeQuery("REVOKE role1 FROM USER alice IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testRevokeRoleFromRole() {
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER alice IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role2 TO ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "NO"}), QueryAssert.Row.row(new Object[]{ROLE1, "ROLE", ROLE2, "NO"})});
        QueryExecutors.onTrino().executeQuery("REVOKE role2 FROM ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "NO"})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testRevokeRoleFromOwner() {
        try {
            onPrestoAlice().executeQuery("CREATE TABLE hive.default.test_table (foo BIGINT)", new QueryExecutor.QueryParam[0]);
            ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SHOW GRANTS ON hive.default.test_table", new QueryExecutor.QueryParam[0]))).containsOnly(ImmutableList.of(QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", "default", "test_table", "SELECT", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", "default", "test_table", "DELETE", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", "default", "test_table", "UPDATE", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", "default", "test_table", "INSERT", "YES", null})));
            QueryExecutors.onTrino().executeQuery("REVOKE SELECT ON hive.default.test_table FROM USER alice", new QueryExecutor.QueryParam[0]);
            ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SHOW GRANTS ON hive.default.test_table", new QueryExecutor.QueryParam[0]))).containsOnly(ImmutableList.of(QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", "default", "test_table", "DELETE", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", "default", "test_table", "UPDATE", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", "default", "test_table", "INSERT", "YES", null})));
            onPrestoAlice().executeQuery("DROP TABLE IF EXISTS hive.default.test_table", new QueryExecutor.QueryParam[0]);
        } catch (Throwable th) {
            onPrestoAlice().executeQuery("DROP TABLE IF EXISTS hive.default.test_table", new QueryExecutor.QueryParam[0]);
            throw th;
        }
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testDropGrantedRole() {
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER alice IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "NO"})});
        QueryExecutors.onTrino().executeQuery("DROP ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testRevokeTransitiveRoleFromUser() {
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER alice IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role2 TO ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "NO"}), QueryAssert.Row.row(new Object[]{ROLE1, "ROLE", ROLE2, "NO"})});
        QueryExecutors.onTrino().executeQuery("REVOKE role1 FROM USER alice IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testRevokeTransitiveRoleFromRole() {
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role3 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER alice IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role2 TO ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role3 TO ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "NO"}), QueryAssert.Row.row(new Object[]{ROLE1, "ROLE", ROLE2, "NO"}), QueryAssert.Row.row(new Object[]{ROLE2, "ROLE", ROLE3, "NO"})});
        QueryExecutors.onTrino().executeQuery("REVOKE role2 FROM ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "NO"})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testDropTransitiveRole() {
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role3 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER alice IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role2 TO ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role3 TO ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "NO"}), QueryAssert.Row.row(new Object[]{ROLE1, "ROLE", ROLE2, "NO"}), QueryAssert.Row.row(new Object[]{ROLE2, "ROLE", ROLE3, "NO"})});
        QueryExecutors.onTrino().executeQuery("DROP ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "NO"})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testRevokeAdminOption() {
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER alice WITH ADMIN OPTION IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role2 TO ROLE role1 WITH ADMIN OPTION IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "YES"}), QueryAssert.Row.row(new Object[]{ROLE1, "ROLE", ROLE2, "YES"})});
        QueryExecutors.onTrino().executeQuery("REVOKE ADMIN OPTION FOR role1 FROM USER alice IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("REVOKE ADMIN OPTION FOR role2 FROM ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "NO"}), QueryAssert.Row.row(new Object[]{ROLE1, "ROLE", ROLE2, "NO"})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testRevokeMultipleTimes() {
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER alice WITH ADMIN OPTION IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role2 TO ROLE role1 WITH ADMIN OPTION IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "YES"}), QueryAssert.Row.row(new Object[]{ROLE1, "ROLE", ROLE2, "YES"})});
        QueryExecutors.onTrino().executeQuery("REVOKE ADMIN OPTION FOR role1 FROM USER alice IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("REVOKE ADMIN OPTION FOR role1 FROM USER alice IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("REVOKE ADMIN OPTION FOR role2 FROM ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("REVOKE ADMIN OPTION FOR role2 FROM ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "NO"}), QueryAssert.Row.row(new Object[]{ROLE1, "ROLE", ROLE2, "NO"})});
        QueryExecutors.onTrino().executeQuery("REVOKE role1 FROM USER alice IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("REVOKE role1 FROM USER alice IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("REVOKE role2 FROM ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("REVOKE role2 FROM ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.applicable_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"alice", "USER", "public", "NO"})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testGrantRevokeRoleAccessControl() {
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoAlice().executeQuery("GRANT role1 TO USER bob IN hive", new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Cannot grant roles [role1] to [USER bob]");
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoAlice().executeQuery("GRANT role1 TO USER bob WITH ADMIN OPTION IN hive", new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Cannot grant roles [role1] to [USER bob]");
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoAlice().executeQuery("REVOKE role1 FROM USER bob IN hive", new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Cannot revoke roles [role1] from [USER bob]");
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoAlice().executeQuery("REVOKE ADMIN OPTION FOR role1 FROM USER bob IN hive", new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Cannot revoke roles [role1] from [USER bob]");
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER alice WITH ADMIN OPTION IN hive", new QueryExecutor.QueryParam[0]);
        onPrestoAlice().executeQuery("GRANT role1 TO USER bob IN hive", new QueryExecutor.QueryParam[0]);
        onPrestoAlice().executeQuery("GRANT role1 TO USER bob WITH ADMIN OPTION IN hive", new QueryExecutor.QueryParam[0]);
        onPrestoAlice().executeQuery("REVOKE ADMIN OPTION FOR role1 FROM USER bob IN hive", new QueryExecutor.QueryParam[0]);
        onPrestoAlice().executeQuery("REVOKE role1 FROM USER bob IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("REVOKE ADMIN OPTION FOR role1 FROM USER alice IN hive", new QueryExecutor.QueryParam[0]);
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoAlice().executeQuery("GRANT role1 TO USER bob IN hive", new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Cannot grant roles [role1] to [USER bob]");
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoAlice().executeQuery("GRANT role1 TO USER bob WITH ADMIN OPTION IN hive", new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Cannot grant roles [role1] to [USER bob]");
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoAlice().executeQuery("REVOKE role1 FROM USER bob IN hive", new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Cannot revoke roles [role1] from [USER bob]");
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoAlice().executeQuery("REVOKE ADMIN OPTION FOR role1 FROM USER bob IN hive", new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Cannot revoke roles [role1] from [USER bob]");
        QueryExecutors.onTrino().executeQuery("GRANT role2 TO USER alice IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO ROLE role2 WITH ADMIN OPTION IN hive", new QueryExecutor.QueryParam[0]);
        onPrestoAlice().executeQuery("GRANT role1 TO USER bob IN hive", new QueryExecutor.QueryParam[0]);
        onPrestoAlice().executeQuery("GRANT role1 TO USER bob WITH ADMIN OPTION IN hive", new QueryExecutor.QueryParam[0]);
        onPrestoAlice().executeQuery("REVOKE ADMIN OPTION FOR role1 FROM USER bob IN hive", new QueryExecutor.QueryParam[0]);
        onPrestoAlice().executeQuery("REVOKE role1 FROM USER bob IN hive", new QueryExecutor.QueryParam[0]);
        onPrestoAlice().executeQuery("REVOKE ADMIN OPTION FOR role1 FROM ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoAlice().executeQuery("GRANT role1 TO USER bob IN hive", new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Cannot grant roles [role1] to [USER bob]");
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoAlice().executeQuery("GRANT role1 TO USER bob WITH ADMIN OPTION IN hive", new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Cannot grant roles [role1] to [USER bob]");
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoAlice().executeQuery("REVOKE role1 FROM USER bob IN hive", new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Cannot revoke roles [role1] from [USER bob]");
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoAlice().executeQuery("REVOKE ADMIN OPTION FOR role1 FROM USER bob IN hive", new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Cannot revoke roles [role1] from [USER bob]");
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testSetRole() {
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role3 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER alice IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role2 TO ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role3 TO ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        onPrestoAlice().executeQuery("SET ROLE ALL IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.enabled_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"public"}), QueryAssert.Row.row(new Object[]{ROLE1}), QueryAssert.Row.row(new Object[]{ROLE2}), QueryAssert.Row.row(new Object[]{ROLE3})});
        onPrestoAlice().executeQuery("SET ROLE NONE IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.enabled_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"public"})});
        onPrestoAlice().executeQuery("SET ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.enabled_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"public"}), QueryAssert.Row.row(new Object[]{ROLE1}), QueryAssert.Row.row(new Object[]{ROLE2}), QueryAssert.Row.row(new Object[]{ROLE3})});
        onPrestoAlice().executeQuery("SET ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.enabled_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"public"}), QueryAssert.Row.row(new Object[]{ROLE2}), QueryAssert.Row.row(new Object[]{ROLE3})});
        onPrestoAlice().executeQuery("SET ROLE role3 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.enabled_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"public"}), QueryAssert.Row.row(new Object[]{ROLE3})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testSetAdminRole() {
        QueryExecutors.onTrino().executeQuery("SET ROLE NONE IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(QueryExecutors.onTrino().executeQuery("SELECT * FROM hive.information_schema.enabled_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"public"})});
        QueryExecutors.onTrino().executeQuery("SET ROLE admin IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(QueryExecutors.onTrino().executeQuery("SELECT * FROM hive.information_schema.enabled_roles", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"public"}), QueryAssert.Row.row(new Object[]{"admin"})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testShowRoles() {
        ((QueryAssert) Assertions.assertThat(QueryExecutors.onTrino().executeQuery("SHOW ROLES FROM hive", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"public"}), QueryAssert.Row.row(new Object[]{"admin"})});
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(QueryExecutors.onTrino().executeQuery("SHOW ROLES FROM hive", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"public"}), QueryAssert.Row.row(new Object[]{"admin"}), QueryAssert.Row.row(new Object[]{ROLE1})});
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoAlice().executeQuery("SHOW ROLES FROM hive", new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Cannot show roles");
        QueryExecutors.onTrino().executeQuery("GRANT admin TO alice IN hive", new QueryExecutor.QueryParam[0]);
        onPrestoAlice().executeQuery("SET ROLE admin IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SHOW ROLES FROM hive", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"public"}), QueryAssert.Row.row(new Object[]{"admin"}), QueryAssert.Row.row(new Object[]{ROLE1})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testShowCurrentRoles() {
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SHOW CURRENT ROLES FROM hive", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"public"})});
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO alice IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role2 TO alice IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SHOW CURRENT ROLES FROM hive", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"public"}), QueryAssert.Row.row(new Object[]{ROLE1}), QueryAssert.Row.row(new Object[]{ROLE2})});
        onPrestoAlice().executeQuery("SET ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SHOW CURRENT ROLES FROM hive", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"public"}), QueryAssert.Row.row(new Object[]{ROLE2})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testShowRoleGrants() {
        ((QueryAssert) Assertions.assertThat(QueryExecutors.onTrino().executeQuery("SHOW ROLE GRANTS FROM hive", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"public"}), QueryAssert.Row.row(new Object[]{"admin"})});
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SHOW ROLE GRANTS FROM hive", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"public"})});
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO alice IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role2 TO role1 IN hive", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(QueryExecutors.onTrino().executeQuery("SHOW ROLE GRANTS FROM hive", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"public"}), QueryAssert.Row.row(new Object[]{"admin"})});
        ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SHOW ROLE GRANTS FROM hive", new QueryExecutor.QueryParam[0]))).containsOnly(new QueryAssert.Row[]{QueryAssert.Row.row(new Object[]{"public"}), QueryAssert.Row.row(new Object[]{ROLE1})});
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testSetRoleCreateDropSchema() {
        assertAdminExecute("CREATE SCHEMA hive.test_admin_schema");
        QueryExecutors.onTrino().executeQuery("DROP SCHEMA hive.test_admin_schema", new QueryExecutor.QueryParam[0]);
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testAdminCanDropAnyTable() {
        onPrestoAlice().executeQuery("CREATE TABLE hive.default.test_table (foo BIGINT)", new QueryExecutor.QueryParam[0]);
        assertAdminExecute("DROP TABLE hive.default.test_table");
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testAdminCanRenameAnyTable() {
        onPrestoAlice().executeQuery("CREATE TABLE hive.default.test_table (foo BIGINT)", new QueryExecutor.QueryParam[0]);
        assertAdminExecute("ALTER TABLE hive.default.test_table RENAME TO hive.default.test_table_1");
        onPrestoAlice().executeQuery("DROP TABLE hive.default.test_table_1", new QueryExecutor.QueryParam[0]);
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testAdminCanAddColumnToAnyTable() {
        onPrestoAlice().executeQuery("CREATE TABLE hive.default.test_table (foo BIGINT)", new QueryExecutor.QueryParam[0]);
        assertAdminExecute("ALTER TABLE hive.default.test_table ADD COLUMN bar DATE");
        onPrestoAlice().executeQuery("DROP TABLE hive.default.test_table", new QueryExecutor.QueryParam[0]);
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testAdminCanRenameColumnInAnyTable() {
        onPrestoAlice().executeQuery("CREATE TABLE hive.default.test_table (foo BIGINT)", new QueryExecutor.QueryParam[0]);
        assertAdminExecute("ALTER TABLE hive.default.test_table RENAME COLUMN foo TO bar");
        onPrestoAlice().executeQuery("DROP TABLE hive.default.test_table", new QueryExecutor.QueryParam[0]);
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testAdminCanShowAllGrants() {
        try {
            onPrestoBob().executeQuery("CREATE TABLE hive.default.test_table_bob (foo BIGINT)", new QueryExecutor.QueryParam[0]);
            onPrestoAlice().executeQuery("CREATE TABLE hive.default.test_table_alice (foo BIGINT)", new QueryExecutor.QueryParam[0]);
            QueryExecutors.onTrino().executeQuery("GRANT admin TO alice IN hive", new QueryExecutor.QueryParam[0]);
            onPrestoAlice().executeQuery("SET ROLE ADMIN IN hive", new QueryExecutor.QueryParam[0]);
            ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SHOW GRANTS ON hive.default.test_table_alice", new QueryExecutor.QueryParam[0]))).containsOnly(ImmutableList.of(QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", "default", "test_table_alice", "SELECT", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", "default", "test_table_alice", "DELETE", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", "default", "test_table_alice", "UPDATE", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", "default", "test_table_alice", "INSERT", "YES", null})));
            ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SHOW GRANTS ON hive.default.test_table_bob", new QueryExecutor.QueryParam[0]))).containsOnly(ImmutableList.of(QueryAssert.Row.row(new Object[]{"bob", "USER", "bob", "USER", "hive", "default", "test_table_bob", "SELECT", "YES", null}), QueryAssert.Row.row(new Object[]{"bob", "USER", "bob", "USER", "hive", "default", "test_table_bob", "DELETE", "YES", null}), QueryAssert.Row.row(new Object[]{"bob", "USER", "bob", "USER", "hive", "default", "test_table_bob", "UPDATE", "YES", null}), QueryAssert.Row.row(new Object[]{"bob", "USER", "bob", "USER", "hive", "default", "test_table_bob", "INSERT", "YES", null})));
            onPrestoAlice().executeQuery("GRANT SELECT ON hive.default.test_table_alice  TO bob WITH GRANT OPTION", new QueryExecutor.QueryParam[0]);
            onPrestoAlice().executeQuery("GRANT INSERT ON hive.default.test_table_alice  TO bob", new QueryExecutor.QueryParam[0]);
            ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SHOW GRANTS ON hive.default.test_table_alice", new QueryExecutor.QueryParam[0]))).containsOnly(ImmutableList.of(QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", "default", "test_table_alice", "SELECT", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", "default", "test_table_alice", "DELETE", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", "default", "test_table_alice", "UPDATE", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", "default", "test_table_alice", "INSERT", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "bob", "USER", "hive", "default", "test_table_alice", "SELECT", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "bob", "USER", "hive", "default", "test_table_alice", "INSERT", "NO", null})));
            onPrestoAlice().executeQuery("DROP TABLE IF EXISTS hive.default.test_table_alice", new QueryExecutor.QueryParam[0]);
            onPrestoBob().executeQuery("DROP TABLE IF EXISTS hive.default.test_table_bob", new QueryExecutor.QueryParam[0]);
            QueryExecutors.onTrino().executeQuery("REVOKE admin FROM alice IN hive", new QueryExecutor.QueryParam[0]);
        } catch (Throwable th) {
            onPrestoAlice().executeQuery("DROP TABLE IF EXISTS hive.default.test_table_alice", new QueryExecutor.QueryParam[0]);
            onPrestoBob().executeQuery("DROP TABLE IF EXISTS hive.default.test_table_bob", new QueryExecutor.QueryParam[0]);
            QueryExecutors.onTrino().executeQuery("REVOKE admin FROM alice IN hive", new QueryExecutor.QueryParam[0]);
            throw th;
        }
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testAdminCanShowGrantsOnlyFromCurrentSchema() {
        try {
            onPrestoBob().executeQuery("CREATE TABLE hive.default.test_table_bob (foo BIGINT)", new QueryExecutor.QueryParam[0]);
            QueryExecutors.onTrino().executeQuery("CREATE SCHEMA hive.test", new QueryExecutor.QueryParam[0]);
            QueryExecutors.onTrino().executeQuery("GRANT admin TO alice IN hive", new QueryExecutor.QueryParam[0]);
            onPrestoAlice().executeQuery("SET ROLE ADMIN IN hive", new QueryExecutor.QueryParam[0]);
            onPrestoAlice().executeQuery("CREATE TABLE hive.test.test_table_bob (foo BIGINT) with (external_location='/tmp')", new QueryExecutor.QueryParam[0]);
            ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SHOW GRANTS ON hive.default.test_table_bob", new QueryExecutor.QueryParam[0]))).containsOnly(ImmutableList.of(QueryAssert.Row.row(new Object[]{"bob", "USER", "bob", "USER", "hive", "default", "test_table_bob", "SELECT", "YES", null}), QueryAssert.Row.row(new Object[]{"bob", "USER", "bob", "USER", "hive", "default", "test_table_bob", "DELETE", "YES", null}), QueryAssert.Row.row(new Object[]{"bob", "USER", "bob", "USER", "hive", "default", "test_table_bob", "UPDATE", "YES", null}), QueryAssert.Row.row(new Object[]{"bob", "USER", "bob", "USER", "hive", "default", "test_table_bob", "INSERT", "YES", null})));
            ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SHOW GRANTS ON hive.test.test_table_bob", new QueryExecutor.QueryParam[0]))).containsOnly(ImmutableList.of(QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", TestConstants.KEY_SPACE, "test_table_bob", "SELECT", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", TestConstants.KEY_SPACE, "test_table_bob", "DELETE", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", TestConstants.KEY_SPACE, "test_table_bob", "UPDATE", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", TestConstants.KEY_SPACE, "test_table_bob", "INSERT", "YES", null})));
            ((QueryAssert) Assertions.assertThat(onPrestoAlice().executeQuery("SELECT * FROM hive.information_schema.table_privileges where table_name = 'test_table_bob'", new QueryExecutor.QueryParam[0]))).containsOnly(ImmutableList.of(QueryAssert.Row.row(new Object[]{"bob", "USER", "bob", "USER", "hive", "default", "test_table_bob", "SELECT", "YES", null}), QueryAssert.Row.row(new Object[]{"bob", "USER", "bob", "USER", "hive", "default", "test_table_bob", "DELETE", "YES", null}), QueryAssert.Row.row(new Object[]{"bob", "USER", "bob", "USER", "hive", "default", "test_table_bob", "UPDATE", "YES", null}), QueryAssert.Row.row(new Object[]{"bob", "USER", "bob", "USER", "hive", "default", "test_table_bob", "INSERT", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", TestConstants.KEY_SPACE, "test_table_bob", "SELECT", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", TestConstants.KEY_SPACE, "test_table_bob", "DELETE", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", TestConstants.KEY_SPACE, "test_table_bob", "UPDATE", "YES", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", "alice", "USER", "hive", TestConstants.KEY_SPACE, "test_table_bob", "INSERT", "YES", null})));
            onPrestoBob().executeQuery("DROP TABLE IF EXISTS hive.default.test_table_bob", new QueryExecutor.QueryParam[0]);
            onPrestoAlice().executeQuery("DROP TABLE IF EXISTS hive.test.test_table_bob", new QueryExecutor.QueryParam[0]);
            QueryExecutors.onTrino().executeQuery("DROP SCHEMA IF EXISTS hive.test", new QueryExecutor.QueryParam[0]);
            QueryExecutors.onTrino().executeQuery("REVOKE admin FROM alice IN hive", new QueryExecutor.QueryParam[0]);
        } catch (Throwable th) {
            onPrestoBob().executeQuery("DROP TABLE IF EXISTS hive.default.test_table_bob", new QueryExecutor.QueryParam[0]);
            onPrestoAlice().executeQuery("DROP TABLE IF EXISTS hive.test.test_table_bob", new QueryExecutor.QueryParam[0]);
            QueryExecutors.onTrino().executeQuery("DROP SCHEMA IF EXISTS hive.test", new QueryExecutor.QueryParam[0]);
            QueryExecutors.onTrino().executeQuery("REVOKE admin FROM alice IN hive", new QueryExecutor.QueryParam[0]);
            throw th;
        }
    }

    @Test(groups = {TestGroups.ROLES, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testSetRoleTablePermissions() {
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("CREATE ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role1 TO USER bob IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery("GRANT role2 TO USER bob IN hive", new QueryExecutor.QueryParam[0]);
        onPrestoAlice().executeQuery("CREATE TABLE hive.default.test_table (foo BIGINT)", new QueryExecutor.QueryParam[0]);
        onPrestoAlice().executeQuery("GRANT SELECT ON hive.default.test_table TO ROLE role1", new QueryExecutor.QueryParam[0]);
        onPrestoAlice().executeQuery("GRANT INSERT ON hive.default.test_table TO ROLE role2", new QueryExecutor.QueryParam[0]);
        String str = "SELECT * FROM hive.default.test_table";
        String str2 = "INSERT INTO hive.default.test_table (foo) VALUES (1)";
        assertAdminExecute("SELECT * FROM hive.default.test_table");
        assertAdminExecute("INSERT INTO hive.default.test_table (foo) VALUES (1)");
        onPrestoBob().executeQuery("SELECT * FROM hive.default.test_table", new QueryExecutor.QueryParam[0]);
        onPrestoBob().executeQuery("INSERT INTO hive.default.test_table (foo) VALUES (1)", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoBob().executeQuery("SHOW GRANTS ON hive.default.test_table", new QueryExecutor.QueryParam[0]))).containsOnly(ImmutableList.of(QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "ROLE", "hive", "default", "test_table", "SELECT", "NO", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE2, "ROLE", "hive", "default", "test_table", "INSERT", "NO", null})));
        onPrestoBob().executeQuery("SET ROLE ALL IN hive", new QueryExecutor.QueryParam[0]);
        onPrestoBob().executeQuery("SELECT * FROM hive.default.test_table", new QueryExecutor.QueryParam[0]);
        onPrestoBob().executeQuery("INSERT INTO hive.default.test_table (foo) VALUES (1)", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoBob().executeQuery("SHOW GRANTS ON hive.default.test_table", new QueryExecutor.QueryParam[0]))).containsOnly(ImmutableList.of(QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "ROLE", "hive", "default", "test_table", "SELECT", "NO", null}), QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE2, "ROLE", "hive", "default", "test_table", "INSERT", "NO", null})));
        onPrestoBob().executeQuery("SET ROLE NONE IN hive", new QueryExecutor.QueryParam[0]);
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoBob().executeQuery(str, new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Access Denied");
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoBob().executeQuery(str2, new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Access Denied");
        ((QueryAssert) Assertions.assertThat(onPrestoBob().executeQuery("SHOW GRANTS ON hive.default.test_table", new QueryExecutor.QueryParam[0]))).containsOnly(ImmutableList.of());
        onPrestoBob().executeQuery("SET ROLE role1 IN hive", new QueryExecutor.QueryParam[0]);
        onPrestoBob().executeQuery("SELECT * FROM hive.default.test_table", new QueryExecutor.QueryParam[0]);
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoBob().executeQuery(str2, new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Access Denied");
        ((QueryAssert) Assertions.assertThat(onPrestoBob().executeQuery("SHOW GRANTS ON hive.default.test_table", new QueryExecutor.QueryParam[0]))).containsOnly(ImmutableList.of(QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE1, "ROLE", "hive", "default", "test_table", "SELECT", "NO", null})));
        onPrestoBob().executeQuery("SET ROLE role2 IN hive", new QueryExecutor.QueryParam[0]);
        QueryAssert.assertQueryFailure(() -> {
            return onPrestoBob().executeQuery(str, new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Access Denied");
        onPrestoBob().executeQuery("INSERT INTO hive.default.test_table (foo) VALUES (1)", new QueryExecutor.QueryParam[0]);
        ((QueryAssert) Assertions.assertThat(onPrestoBob().executeQuery("SHOW GRANTS ON hive.default.test_table", new QueryExecutor.QueryParam[0]))).containsOnly(ImmutableList.of(QueryAssert.Row.row(new Object[]{"alice", "USER", ROLE2, "ROLE", "hive", "default", "test_table", "INSERT", "NO", null})));
        onPrestoAlice().executeQuery("DROP TABLE hive.default.test_table", new QueryExecutor.QueryParam[0]);
    }

    private static void assertAdminExecute(String str) {
        QueryExecutors.onTrino().executeQuery("SET ROLE NONE IN hive", new QueryExecutor.QueryParam[0]);
        QueryAssert.assertQueryFailure(() -> {
            return QueryExecutors.onTrino().executeQuery(str, new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Access Denied");
        QueryExecutors.onTrino().executeQuery("SET ROLE ALL IN hive", new QueryExecutor.QueryParam[0]);
        QueryAssert.assertQueryFailure(() -> {
            return QueryExecutors.onTrino().executeQuery(str, new QueryExecutor.QueryParam[0]);
        }).hasMessageContaining("Access Denied");
        QueryExecutors.onTrino().executeQuery("SET ROLE admin IN hive", new QueryExecutor.QueryParam[0]);
        QueryExecutors.onTrino().executeQuery(str, new QueryExecutor.QueryParam[0]);
    }

    private static QueryExecutor onPrestoAlice() {
        return QueryExecutors.connectToTrino("alice@presto");
    }

    private static QueryExecutor onPrestoBob() {
        return QueryExecutors.connectToTrino("bob@presto");
    }
}
