package org.apache.falcon.security;

import java.util.Iterator;
import org.apache.falcon.FalconException;
import org.apache.falcon.cluster.util.EntityBuilderTestUtil;
import org.apache.falcon.entity.EntityNotRegisteredException;
import org.apache.falcon.entity.Storage;
import org.apache.falcon.entity.store.ConfigurationStore;
import org.apache.falcon.entity.v0.EntityType;
import org.apache.falcon.entity.v0.cluster.Cluster;
import org.apache.falcon.entity.v0.feed.CatalogTable;
import org.apache.falcon.entity.v0.feed.Feed;
import org.apache.falcon.entity.v0.feed.Location;
import org.apache.falcon.entity.v0.feed.LocationType;
import org.apache.falcon.entity.v0.feed.Locations;
import org.apache.falcon.entity.v0.process.Process;
import org.apache.falcon.util.FalconTestUtil;
import org.apache.falcon.util.StartupProperties;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AuthorizationException;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/falcon/security/DefaultAuthorizationProviderTest.class */
public class DefaultAuthorizationProviderTest {
    public static final String CLUSTER_ENTITY_NAME = "primary-cluster";
    public static final String PROCESS_ENTITY_NAME = "sample-process";
    private UserGroupInformation realUser;
    private ConfigurationStore configStore;
    private Cluster clusterEntity;
    private Feed feedEntity;
    private Process processEntity;

    @BeforeClass
    public void setUp() throws Exception {
        this.realUser = UserGroupInformation.createUserForTesting(FalconTestUtil.TEST_USER_1, new String[]{"falcon"});
        CurrentUser.authenticate(EntityBuilderTestUtil.USER);
        Assert.assertEquals(CurrentUser.getUser(), EntityBuilderTestUtil.USER);
        this.configStore = ConfigurationStore.get();
        addClusterEntity();
        addFeedEntity();
        addProcessEntity();
        Assert.assertNotNull(this.processEntity);
    }

    public void addClusterEntity() throws Exception {
        this.clusterEntity = EntityBuilderTestUtil.buildCluster("primary-cluster");
        this.configStore.publish(EntityType.CLUSTER, this.clusterEntity);
    }

    public void addFeedEntity() throws Exception {
        this.feedEntity = EntityBuilderTestUtil.buildFeed("sample-feed", this.clusterEntity, "classified-as=Secure", "analytics");
        addStorage(this.feedEntity, Storage.TYPE.FILESYSTEM, "/falcon/impression-feed/${YEAR}/${MONTH}/${DAY}");
        this.configStore.publish(EntityType.FEED, this.feedEntity);
    }

    private static void addStorage(Feed feed, Storage.TYPE type, String str) {
        if (type != Storage.TYPE.FILESYSTEM) {
            CatalogTable catalogTable = new CatalogTable();
            catalogTable.setUri(str);
            feed.setTable(catalogTable);
        } else {
            feed.setLocations(new Locations());
            Location location = new Location();
            location.setType(LocationType.DATA);
            location.setPath(str);
            feed.getLocations().getLocations().add(location);
        }
    }

    public void addProcessEntity() throws Exception {
        this.processEntity = EntityBuilderTestUtil.buildProcess("sample-process", this.clusterEntity, "classified-as=Critical");
        EntityBuilderTestUtil.addProcessWorkflow(this.processEntity);
        EntityBuilderTestUtil.addProcessACL(this.processEntity);
        this.configStore.publish(EntityType.PROCESS, this.processEntity);
    }

    @AfterClass
    public void tearDown() throws Exception {
        cleanupStore();
    }

    protected void cleanupStore() throws FalconException {
        this.configStore = ConfigurationStore.get();
        for (EntityType entityType : EntityType.values()) {
            Iterator it = this.configStore.getEntities(entityType).iterator();
            while (it.hasNext()) {
                this.configStore.remove(entityType, (String) it.next());
            }
        }
    }

    @Test
    public void testAuthorizeAdminResourceVersionAction() throws Exception {
        new DefaultAuthorizationProvider().authorizeResource("admin", "version", (String) null, (String) null, UserGroupInformation.createProxyUserForTesting("blah", this.realUser, new String[]{"blah-group"}));
    }

    @Test
    public void testAuthorizeSuperUser() throws Exception {
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting(EntityBuilderTestUtil.USER, this.realUser, new String[]{"group"});
        DefaultAuthorizationProvider defaultAuthorizationProvider = new DefaultAuthorizationProvider();
        defaultAuthorizationProvider.authorizeResource("entities", "schedule", "feed", this.feedEntity.getName(), createProxyUserForTesting);
        defaultAuthorizationProvider.authorizeResource("instance", "status", "feed", this.feedEntity.getName(), createProxyUserForTesting);
    }

    @Test
    public void testAuthorizeSuperUserGroup() throws Exception {
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting("blah", this.realUser, new String[]{"falcon"});
        DefaultAuthorizationProvider defaultAuthorizationProvider = new DefaultAuthorizationProvider();
        defaultAuthorizationProvider.authorizeResource("entities", "schedule", "feed", this.feedEntity.getName(), createProxyUserForTesting);
        defaultAuthorizationProvider.authorizeResource("instance", "status", "feed", this.feedEntity.getName(), createProxyUserForTesting);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(name = "adminResourceActions")
    private Object[][] createAdminResourceActions() {
        return new Object[]{new Object[]{"version"}, new Object[]{"stack"}, new Object[]{"config"}};
    }

    @Test(dataProvider = "adminResourceActions")
    public void testAuthorizeAdminResourceAdmin(String str) throws Exception {
        StartupProperties.get().setProperty("falcon.security.authorization.admin.users", "admin");
        StartupProperties.get().setProperty("falcon.security.authorization.admin.groups", "admin");
        new DefaultAuthorizationProvider().authorizeResource("admin", str, (String) null, (String) null, UserGroupInformation.createProxyUserForTesting("admin", this.realUser, new String[]{"admin"}));
    }

    @Test
    public void testAuthorizeAdminResourceAdminUserBadGroup() throws Exception {
        StartupProperties.get().setProperty("falcon.security.authorization.admin.users", "admin");
        StartupProperties.get().setProperty("falcon.security.authorization.admin.groups", "admin");
        new DefaultAuthorizationProvider().authorizeResource("admin", "version", (String) null, (String) null, UserGroupInformation.createProxyUserForTesting("admin", this.realUser, new String[]{"admin-group"}));
    }

    @Test
    public void testAuthorizeAdminResourceAdminGroupBadUser() throws Exception {
        StartupProperties.get().setProperty("falcon.security.authorization.admin.users", "admin");
        StartupProperties.get().setProperty("falcon.security.authorization.admin.groups", "admin-group");
        new DefaultAuthorizationProvider().authorizeResource("admin", "version", (String) null, (String) null, UserGroupInformation.createProxyUserForTesting("admin-user", this.realUser, new String[]{"admin-group"}));
    }

    @Test(expectedExceptions = {AuthorizationException.class})
    public void testAuthorizeAdminResourceInvalidUserAndGroup() throws Exception {
        StartupProperties.get().setProperty("falcon.security.authorization.admin.groups", "admin");
        new DefaultAuthorizationProvider().authorizeResource("admin", "stack", (String) null, (String) null, UserGroupInformation.createProxyUserForTesting("admin-user", this.realUser, new String[]{"admin-group"}));
        Assert.fail("User does not belong to both admin-users not groups");
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(name = "entityResourceActions")
    private Object[][] createEntityResourceActions() {
        return new Object[]{new Object[]{"entities", "list", "feed"}, new Object[]{"entities", "list", "process"}, new Object[]{"entities", "list", "cluster"}};
    }

    @Test(dataProvider = "entityResourceActions")
    public void testAuthorizeEntitiesInstancesReadOnlyResource(String str, String str2, String str3) throws Exception {
        new DefaultAuthorizationProvider().authorizeResource(str, str2, str3, (String) null, UserGroupInformation.createProxyUserForTesting("admin-user", this.realUser, new String[]{"admin-group"}));
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(name = "entityLifecycleResourceActions")
    private Object[][] createEntityLifecycleResourceActions() {
        return new Object[]{new Object[]{"entities", "status", "cluster", "primary-cluster"}, new Object[]{"entities", "status", "process", "sample-process"}, new Object[]{"entities", "status", "feed", "sample-feed"}, new Object[]{"instance", "status", "process", "sample-process"}, new Object[]{"instance", "running", "process", "sample-process"}, new Object[]{"instance", "running", "feed", "sample-feed"}};
    }

    @Test(dataProvider = "entityLifecycleResourceActions")
    public void testAuthorizeEntitiesInstancesLifecycleResource(String str, String str2, String str3, String str4) throws Exception {
        new DefaultAuthorizationProvider().authorizeResource(str, str2, str3, str4, UserGroupInformation.createProxyUserForTesting(EntityBuilderTestUtil.USER, this.realUser, new String[]{EntityBuilderTestUtil.USER}));
    }

    @Test(dataProvider = "entityLifecycleResourceActions", expectedExceptions = {AuthorizationException.class})
    public void testAuthorizeEntitiesInstancesLifecycleResourceBadUGI(String str, String str2, String str3, String str4) throws Exception {
        new DefaultAuthorizationProvider().authorizeResource(str, str2, str3, str4, UserGroupInformation.createProxyUserForTesting("admin-user", this.realUser, new String[]{"admin-group"}));
    }

    @Test(expectedExceptions = {IllegalArgumentException.class})
    public void testAuthorizeBadResource() throws Exception {
        StartupProperties.get().setProperty("falcon.security.authorization.admin.users", "admin");
        StartupProperties.get().setProperty("falcon.security.authorization.admin.groups", "admin");
        new DefaultAuthorizationProvider().authorizeResource("invalid", "version", (String) null, (String) null, UserGroupInformation.createProxyUserForTesting("admin", this.realUser, new String[]{"admin"}));
        Assert.fail("Bad resource");
    }

    @Test(expectedExceptions = {IllegalArgumentException.class})
    public void testAuthorizeNullResource() throws Exception {
        StartupProperties.get().setProperty("falcon.security.authorization.admin.users", "admin");
        StartupProperties.get().setProperty("falcon.security.authorization.admin.groups", "admin");
        new DefaultAuthorizationProvider().authorizeResource((String) null, "version", (String) null, (String) null, UserGroupInformation.createProxyUserForTesting("admin", this.realUser, new String[]{"admin"}));
        Assert.fail("Bad resource");
    }

    @Test(expectedExceptions = {IllegalArgumentException.class})
    public void testAuthorizeBadAction() throws Exception {
        StartupProperties.get().setProperty("falcon.security.authorization.admin.users", "admin");
        StartupProperties.get().setProperty("falcon.security.authorization.admin.groups", "admin");
        new DefaultAuthorizationProvider().authorizeResource("entities", (String) null, "feedz", (String) null, UserGroupInformation.createProxyUserForTesting("admin", this.realUser, new String[]{"admin"}));
        Assert.fail("Bad action");
    }

    @Test(expectedExceptions = {IllegalArgumentException.class})
    public void testAuthorizeNullEntityType() throws Exception {
        StartupProperties.get().setProperty("falcon.security.authorization.admin.users", "admin");
        StartupProperties.get().setProperty("falcon.security.authorization.admin.groups", "admin");
        new DefaultAuthorizationProvider().authorizeResource("entities", "list", (String) null, "primary-cluster", UserGroupInformation.createProxyUserForTesting("admin", this.realUser, new String[]{"admin"}));
        Assert.fail("Bad entity type");
    }

    @Test(expectedExceptions = {IllegalArgumentException.class})
    public void testAuthorizeBadEntityType() throws Exception {
        StartupProperties.get().setProperty("falcon.security.authorization.admin.users", "admin");
        StartupProperties.get().setProperty("falcon.security.authorization.admin.groups", "admin");
        new DefaultAuthorizationProvider().authorizeResource("entities", "list", "clusterz", "primary-cluster", UserGroupInformation.createProxyUserForTesting("admin", this.realUser, new String[]{"admin"}));
        Assert.fail("Bad entity type");
    }

    @Test
    public void testAuthorizeValidatePOSTOperations() throws Exception {
        StartupProperties.get().setProperty("falcon.security.authorization.admin.users", "admin");
        StartupProperties.get().setProperty("falcon.security.authorization.admin.groups", "admin");
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting("admin", this.realUser, new String[]{"admin"});
        EntityBuilderTestUtil.addProcessACL(this.processEntity, "admin", "admin");
        new DefaultAuthorizationProvider().authorizeEntity(this.processEntity.getName(), "process", this.processEntity.getACL(), "submit", createProxyUserForTesting);
    }

    @Test(expectedExceptions = {EntityNotRegisteredException.class})
    public void testAuthorizeResourceOperationsBadEntity() throws Exception {
        StartupProperties.get().setProperty("falcon.security.authorization.admin.users", "admin");
        StartupProperties.get().setProperty("falcon.security.authorization.admin.groups", "admin");
        new DefaultAuthorizationProvider().authorizeResource("entities", "status", "process", this.feedEntity.getName(), UserGroupInformation.createProxyUserForTesting("admin", this.realUser, new String[]{"admin"}));
        Assert.fail("Bad entity");
    }

    @Test
    public void testAuthorizeValidatePOSTOperationsGroupBadUser() throws Exception {
        StartupProperties.get().setProperty("falcon.security.authorization.enabled", "true");
        StartupProperties.get().setProperty("falcon.security.authorization.admin.users", "admin");
        StartupProperties.get().setProperty("falcon.security.authorization.admin.groups", "admin");
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting("admin", this.realUser, new String[]{"admin"});
        EntityBuilderTestUtil.addProcessACL(this.processEntity, "admin-user", "admin");
        new DefaultAuthorizationProvider().authorizeEntity(this.processEntity.getName(), "process", this.processEntity.getACL(), "submit", createProxyUserForTesting);
    }

    @Test(expectedExceptions = {AuthorizationException.class})
    public void testAuthorizeValidatePOSTOperationsBadUserAndGroup() throws Exception {
        StartupProperties.get().setProperty("falcon.security.authorization.enabled", "true");
        StartupProperties.get().setProperty("falcon.security.authorization.admin.users", "admin");
        StartupProperties.get().setProperty("falcon.security.authorization.admin.groups", "admin");
        UserGroupInformation createProxyUserForTesting = UserGroupInformation.createProxyUserForTesting("admin", this.realUser, new String[]{"admin"});
        EntityBuilderTestUtil.addProcessACL(this.processEntity, "admin-user", "admin-group");
        new DefaultAuthorizationProvider().authorizeEntity(this.processEntity.getName(), "process", this.processEntity.getACL(), "submit", createProxyUserForTesting);
    }

    @Test
    public void testAuthorizeLineageResource() throws Exception {
        StartupProperties.get().setProperty("falcon.security.authorization.admin.users", "admin");
        StartupProperties.get().setProperty("falcon.security.authorization.admin.groups", "admin");
        new DefaultAuthorizationProvider().authorizeResource("metadata", "lineage", (String) null, (String) null, UserGroupInformation.createProxyUserForTesting("admin", this.realUser, new String[]{"admin"}));
    }
}
