package io.trino.execution;

import com.google.common.collect.ImmutableList;
import io.trino.Session;
import io.trino.common.Randoms;
import io.trino.connector.Grants;
import io.trino.connector.MockConnectorFactory;
import io.trino.connector.MockConnectorPlugin;
import io.trino.connector.MutableGrants;
import io.trino.spi.security.Identity;
import io.trino.spi.security.PrincipalType;
import io.trino.spi.security.Privilege;
import io.trino.spi.security.TrinoPrincipal;
import io.trino.sql.query.QueryAssertions;
import io.trino.testing.DataProviders;
import io.trino.testing.DistributedQueryRunner;
import io.trino.testing.TestingSession;
import java.util.EnumSet;
import org.assertj.core.api.AbstractThrowableAssert;
import org.assertj.core.api.Assertions;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

/* loaded from: input_file:io/trino/execution/TestGrantOnSchema.class */
public class TestGrantOnSchema {
    private final Session admin = sessionOf("admin");
    private final Grants<String> schemaGrants = new MutableGrants();
    private DistributedQueryRunner queryRunner;
    private QueryAssertions assertions;

    @BeforeClass
    public void initClass() throws Exception {
        this.queryRunner = DistributedQueryRunner.builder(this.admin).build();
        this.queryRunner.installPlugin(new MockConnectorPlugin(MockConnectorFactory.builder().withListSchemaNames(connectorSession -> {
            return ImmutableList.of("information_schema", "default");
        }).withListTables((connectorSession2, str) -> {
            return "default".equalsIgnoreCase(str) ? ImmutableList.of("table_one") : ImmutableList.of();
        }).withSchemaGrants(this.schemaGrants).build()));
        this.queryRunner.createCatalog("local", "mock");
        this.assertions = new QueryAssertions(this.queryRunner);
        this.schemaGrants.grant(new TrinoPrincipal(PrincipalType.USER, this.admin.getUser()), "default", EnumSet.allOf(Privilege.class), true);
    }

    @AfterClass(alwaysRun = true)
    public void teardown() {
        this.assertions.close();
        this.assertions = null;
        this.queryRunner = null;
    }

    @Test(dataProviderClass = DataProviders.class, dataProvider = "trueFalse")
    public void testExistingGrants(boolean z) {
        Session sessionOf = sessionOf(Randoms.randomUsername());
        this.schemaGrants.grant(new TrinoPrincipal(PrincipalType.USER, sessionOf.getUser()), "default", EnumSet.allOf(Privilege.class), z);
        ((QueryAssertions.QueryAssert) Assertions.assertThat(this.assertions.query(this.admin, "SHOW SCHEMAS FROM local"))).matches("VALUES (VARCHAR 'information_schema'), (VARCHAR 'default')");
        ((QueryAssertions.QueryAssert) Assertions.assertThat(this.assertions.query(sessionOf, "SHOW SCHEMAS FROM local"))).matches("VALUES (VARCHAR 'information_schema'), (VARCHAR 'default')");
        ((QueryAssertions.QueryAssert) Assertions.assertThat(this.assertions.query(this.admin, "SHOW TABLES FROM default"))).matches("VALUES (VARCHAR 'table_one')");
        ((QueryAssertions.QueryAssert) Assertions.assertThat(this.assertions.query(sessionOf, "SHOW TABLES FROM default"))).matches("VALUES (VARCHAR 'table_one')");
    }

    @Test(dataProvider = "privileges")
    public void testValidGrant(String str) {
        String randomUsername = Randoms.randomUsername();
        Session sessionOf = sessionOf(randomUsername);
        this.queryRunner.execute(this.admin, String.format("GRANT %s ON SCHEMA default TO %s", str, randomUsername));
        ((QueryAssertions.QueryAssert) Assertions.assertThat(this.assertions.query(sessionOf, "SHOW SCHEMAS FROM local"))).matches("VALUES (VARCHAR 'information_schema'), (VARCHAR 'default')");
        ((QueryAssertions.QueryAssert) Assertions.assertThat(this.assertions.query(this.admin, "SHOW TABLES FROM default"))).matches("VALUES (VARCHAR 'table_one')");
        ((QueryAssertions.QueryAssert) Assertions.assertThat(this.assertions.query(sessionOf, "SHOW TABLES FROM default"))).matches("VALUES (VARCHAR 'table_one')");
    }

    @Test(dataProvider = "privileges")
    public void testValidGrantWithGrantOption(String str) {
        String randomUsername = Randoms.randomUsername();
        Session sessionOf = sessionOf(randomUsername);
        this.queryRunner.execute(this.admin, String.format("GRANT %s ON SCHEMA default TO %s WITH GRANT OPTION", str, randomUsername));
        ((QueryAssertions.QueryAssert) Assertions.assertThat(this.assertions.query(sessionOf, "SHOW SCHEMAS FROM local"))).matches("VALUES (VARCHAR 'information_schema'), (VARCHAR 'default')");
        this.assertions.query(sessionOf, String.format("GRANT %s ON SCHEMA default TO %s", str, Randoms.randomUsername()));
        this.assertions.query(sessionOf, String.format("GRANT %s ON SCHEMA default TO %s WITH GRANT OPTION", str, Randoms.randomUsername()));
    }

    @Test(dataProvider = "privileges")
    public void testGrantOnNonExistingCatalog(String str) {
        Assertions.assertThatThrownBy(() -> {
            this.queryRunner.execute(this.admin, String.format("GRANT %s ON SCHEMA missing_catalog.missing_schema TO %s", str, Randoms.randomUsername()));
        }).hasMessageContaining("Schema 'missing_catalog.missing_schema' does not exist");
    }

    @Test(dataProvider = "privileges")
    public void testGrantOnNonExistingSchema(String str) {
        Assertions.assertThatThrownBy(() -> {
            this.queryRunner.execute(this.admin, String.format("GRANT %s ON SCHEMA missing_schema TO %s", str, Randoms.randomUsername()));
        }).hasMessageContaining("Schema 'local.missing_schema' does not exist");
    }

    @Test(dataProvider = "privileges")
    public void testAccessDenied(String str) {
        AbstractThrowableAssert assertThatThrownBy = Assertions.assertThatThrownBy(() -> {
            this.queryRunner.execute(sessionOf(Randoms.randomUsername()), String.format("GRANT %s ON SCHEMA default TO %s", str, Randoms.randomUsername()));
        });
        Object[] objArr = new Object[1];
        objArr[0] = str.equals("ALL PRIVILEGES") ? "CREATE" : str;
        assertThatThrownBy.hasMessageContaining("Access Denied: Cannot grant privilege %s on schema default", objArr);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(name = "privileges")
    public static Object[][] privileges() {
        return new Object[]{new Object[]{"SELECT"}, new Object[]{"CREATE"}, new Object[]{"ALL PRIVILEGES"}};
    }

    private static Session sessionOf(String str) {
        return TestingSession.testSessionBuilder().setIdentity(Identity.ofUser(str)).setCatalog("local").setSchema("default").build();
    }
}
