package io.trino.execution;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import io.trino.Session;
import io.trino.common.Randoms;
import io.trino.connector.MockConnectorFactory;
import io.trino.connector.MockConnectorPlugin;
import io.trino.connector.MutableGrants;
import io.trino.spi.security.Identity;
import io.trino.spi.security.PrincipalType;
import io.trino.spi.security.Privilege;
import io.trino.spi.security.TrinoPrincipal;
import io.trino.sql.query.QueryAssertions;
import io.trino.testing.DistributedQueryRunner;
import io.trino.testing.TestingSession;
import java.util.EnumSet;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInstance;
import org.junit.jupiter.api.parallel.Execution;
import org.junit.jupiter.api.parallel.ExecutionMode;

@Execution(ExecutionMode.CONCURRENT)
@TestInstance(TestInstance.Lifecycle.PER_CLASS)
/* loaded from: input_file:io/trino/execution/TestRevokeOnSchema.class */
public class TestRevokeOnSchema {
    private static final Session admin = sessionOf("admin");
    private static final Session userWithAllPrivileges = sessionOf(Randoms.randomUsername());
    private static final Session userWithSelect = sessionOf(Randoms.randomUsername());
    private DistributedQueryRunner queryRunner;
    private QueryAssertions assertions;

    @BeforeAll
    public void initClass() throws Exception {
        this.queryRunner = DistributedQueryRunner.builder(userWithAllPrivileges).build();
        MutableGrants mutableGrants = new MutableGrants();
        mutableGrants.grant(new TrinoPrincipal(PrincipalType.USER, admin.getUser()), "default", EnumSet.allOf(Privilege.class), true);
        mutableGrants.grant(new TrinoPrincipal(PrincipalType.USER, userWithAllPrivileges.getUser()), "default", EnumSet.allOf(Privilege.class), true);
        mutableGrants.grant(new TrinoPrincipal(PrincipalType.USER, userWithSelect.getUser()), "default", ImmutableSet.of(Privilege.SELECT), true);
        this.queryRunner.installPlugin(new MockConnectorPlugin(MockConnectorFactory.builder().withListSchemaNames(connectorSession -> {
            return ImmutableList.of("information_schema", "default");
        }).withSchemaGrants(mutableGrants).build()));
        this.queryRunner.createCatalog("local", "mock");
        this.assertions = new QueryAssertions(this.queryRunner);
    }

    @AfterAll
    public void teardown() {
        this.assertions.close();
        this.assertions = null;
        this.queryRunner = null;
    }

    @Test
    public void testRevokeOnSchema() {
        testRevokeOnSchema("SELECT", userWithSelect);
        testRevokeOnSchema("ALL PRIVILEGES", userWithAllPrivileges);
    }

    private void testRevokeOnSchema(String str, Session session) {
        ((QueryAssertions.QueryAssert) Assertions.assertThat(this.assertions.query(session, "SHOW SCHEMAS FROM local"))).matches("VALUES (VARCHAR 'information_schema'), (VARCHAR 'default')");
        this.queryRunner.execute(admin, String.format("REVOKE %s ON SCHEMA default FROM %s", str, session.getUser()));
        ((QueryAssertions.QueryAssert) Assertions.assertThat(this.assertions.query(session, "SHOW SCHEMAS FROM local"))).matches("VALUES (VARCHAR 'information_schema')");
    }

    @Test
    public void testRevokeOnNonExistingCatalog() {
        Assertions.assertThatThrownBy(() -> {
            this.queryRunner.execute(admin, String.format("REVOKE SELECT ON SCHEMA missing_catalog.missing_schema FROM %s", userWithSelect.getUser()));
        }).hasMessageContaining("Schema 'missing_catalog.missing_schema' does not exist");
        Assertions.assertThatThrownBy(() -> {
            this.queryRunner.execute(admin, String.format("REVOKE ALL PRIVILEGES ON SCHEMA missing_catalog.missing_schema FROM %s", userWithAllPrivileges.getUser()));
        }).hasMessageContaining("Schema 'missing_catalog.missing_schema' does not exist");
    }

    @Test
    public void testRevokeOnNonExistingSchema() {
        Assertions.assertThatThrownBy(() -> {
            this.queryRunner.execute(admin, String.format("REVOKE SELECT ON SCHEMA missing_schema FROM %s", userWithSelect.getUser()));
        }).hasMessageContaining("Schema 'local.missing_schema' does not exist");
        Assertions.assertThatThrownBy(() -> {
            this.queryRunner.execute(admin, String.format("REVOKE ALL PRIVILEGES ON SCHEMA missing_schema FROM %s", userWithAllPrivileges.getUser()));
        }).hasMessageContaining("Schema 'local.missing_schema' does not exist");
    }

    @Test
    public void testAccessDenied() {
        Assertions.assertThatThrownBy(() -> {
            this.queryRunner.execute(sessionOf(Randoms.randomUsername()), String.format("REVOKE CREATE ON SCHEMA default FROM %s", Randoms.randomUsername()));
        }).hasMessageContaining("Access Denied: Cannot revoke privilege CREATE on schema default");
        Assertions.assertThatThrownBy(() -> {
            this.queryRunner.execute(sessionOf(Randoms.randomUsername()), String.format("REVOKE SELECT ON SCHEMA default FROM %s", Randoms.randomUsername()));
        }).hasMessageContaining("Access Denied: Cannot revoke privilege SELECT on schema default");
        Assertions.assertThatThrownBy(() -> {
            this.queryRunner.execute(sessionOf(Randoms.randomUsername()), String.format("REVOKE ALL PRIVILEGES ON SCHEMA default FROM %s", Randoms.randomUsername()));
        }).hasMessageContaining("Access Denied: Cannot revoke privilege CREATE on schema default");
    }

    private static Session sessionOf(String str) {
        return TestingSession.testSessionBuilder().setIdentity(Identity.ofUser(str)).setCatalog("local").setSchema("default").build();
    }
}
