package org.apache.sentry.provider.db.service.persistent;

import com.google.common.collect.Iterables;
import com.google.common.collect.Sets;
import com.google.common.io.Files;
import java.io.File;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.alias.CredentialProvider;
import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.apache.sentry.provider.db.SentryAlreadyExistsException;
import org.apache.sentry.provider.db.SentryGrantDeniedException;
import org.apache.sentry.provider.db.SentryNoSuchObjectException;
import org.apache.sentry.provider.db.service.model.MSentryPrivilege;
import org.apache.sentry.provider.db.service.thrift.TSentryActiveRoleSet;
import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable;
import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
import org.apache.sentry.provider.file.PolicyFile;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;

/* loaded from: input_file:org/apache/sentry/provider/db/service/persistent/TestSentryStore.class */
public class TestSentryStore extends Assert {
    private static File dataDir;
    private static SentryStore sentryStore;
    private static PolicyFile policyFile;
    private static File policyFilePath;
    final long NUM_PRIVS = 60;
    private static String[] adminGroups = {"adminGroup1"};
    private static Configuration conf = null;
    private static char[] passwd = {'1', '2', '3'};

    @BeforeClass
    public static void setup() throws Exception {
        conf = new Configuration(false);
        conf.set("hadoop.security.credential.provider.path", "user:///");
        CredentialProvider credentialProvider = (CredentialProvider) CredentialProviderFactory.getProviders(conf).get(0);
        credentialProvider.createCredentialEntry("sentry.store.jdbc.password", passwd);
        credentialProvider.flush();
        dataDir = new File(Files.createTempDir(), "sentry_policy_db");
        conf.set("sentry.verify.schema.version", "false");
        conf.set("sentry.store.jdbc.url", "jdbc:derby:;databaseName=" + dataDir.getPath() + ";create=true");
        conf.set("sentry.store.jdbc.password", "dummy");
        conf.setStrings("sentry.service.admin.group", adminGroups);
        conf.set("sentry.store.group.mapping", "org.apache.sentry.provider.file.LocalGroupMappingService");
        policyFilePath = new File(dataDir, "local_policy_file.ini");
        conf.set("sentry.store.group.mapping.resource", policyFilePath.getPath());
        sentryStore = new SentryStore(conf);
    }

    @Before
    public void before() throws Exception {
        policyFile = new PolicyFile();
        addGroupsToUser("g1", adminGroups);
        writePolicyFile();
    }

    @After
    public void after() {
        sentryStore.clearAllTables();
    }

    @AfterClass
    public static void teardown() {
        if (sentryStore != null) {
            sentryStore.stop();
        }
        if (dataDir != null) {
            FileUtils.deleteQuietly(dataDir);
        }
    }

    @Test
    public void testCredentialProvider() throws Exception {
        assertArrayEquals(passwd, conf.getPassword("sentry.store.jdbc.password"));
    }

    @Test
    public void testCaseInsensitiveRole() throws Exception {
        HashSet newHashSet = Sets.newHashSet();
        TSentryGroup tSentryGroup = new TSentryGroup();
        tSentryGroup.setGroupName("test-groups-g1");
        newHashSet.add(tSentryGroup);
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("TABLE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("default");
        tSentryPrivilege.setTableName("table1");
        tSentryPrivilege.setAction("*");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        long sequenceId = sentryStore.createSentryRole("newRole").getSequenceId();
        assertEquals(sequenceId + 1, sentryStore.alterSentryRoleAddGroups("g1", "newRole", newHashSet).getSequenceId());
        assertEquals(sequenceId + 2, sentryStore.alterSentryRoleDeleteGroups("newRole", newHashSet).getSequenceId());
        assertEquals(sequenceId + 3, sentryStore.alterSentryRoleGrantPrivilege("g1", "newRole", tSentryPrivilege).getSequenceId());
        assertEquals(sequenceId + 4, sentryStore.alterSentryRoleRevokePrivilege("g1", "newRole", tSentryPrivilege).getSequenceId());
    }

    @Test
    public void testURI() throws Exception {
        sentryStore.createSentryRole("test-dup-role");
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("URI", "server1", "ALL");
        tSentryPrivilege.setURI("file:///var/folders/dt/9zm44z9s6bjfxbrm4v36lzdc0000gp/T/1401860678102-0/data/kv1.dat");
        sentryStore.alterSentryRoleGrantPrivilege("g1", "test-dup-role", tSentryPrivilege);
        TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
        tSentryAuthorizable.setUri("file:///var/folders/dt/9zm44z9s6bjfxbrm4v36lzdc0000gp/T/1401860678102-0/data/kv1.dat");
        tSentryAuthorizable.setServer("server1");
        assertTrue(sentryStore.getTSentryPrivileges(new HashSet(Arrays.asList("test-dup-role")), tSentryAuthorizable).size() == 1);
        HashSet hashSet = new HashSet();
        hashSet.add(new TSentryGroup("group1"));
        sentryStore.alterSentryRoleAddGroups("g1", "test-dup-role", hashSet);
        Set listSentryPrivilegesForProvider = sentryStore.listSentryPrivilegesForProvider(new HashSet(Arrays.asList("group1")), new TSentryActiveRoleSet(true, new HashSet(Arrays.asList("test-dup-role"))), tSentryAuthorizable);
        assertTrue(listSentryPrivilegesForProvider.size() == 1);
        assertTrue(listSentryPrivilegesForProvider.contains("server=server1->uri=" + "file:///var/folders/dt/9zm44z9s6bjfxbrm4v36lzdc0000gp/T/1401860678102-0/data/kv1.dat" + "->action=all"));
    }

    @Test
    public void testCreateDuplicateRole() throws Exception {
        sentryStore.createSentryRole("test-dup-role");
        try {
            sentryStore.createSentryRole("test-dup-role");
            fail("Expected SentryAlreadyExistsException");
        } catch (SentryAlreadyExistsException e) {
        }
    }

    @Test
    public void testCaseSensitiveScope() throws Exception {
        long sequenceId = sentryStore.createSentryRole("role1").getSequenceId();
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("Database", "server1", "all");
        tSentryPrivilege.setDbName("db1");
        assertEquals(sequenceId + 1, sentryStore.alterSentryRoleGrantPrivilege("g1", "role1", tSentryPrivilege).getSequenceId());
    }

    @Test
    public void testCreateDropRole() throws Exception {
        assertEquals(sentryStore.createSentryRole("test-drop-role").getSequenceId() + 1, sentryStore.dropSentryRole("test-drop-role").getSequenceId());
    }

    @Test(expected = SentryNoSuchObjectException.class)
    public void testAddDeleteGroupsNonExistantRole() throws Exception {
        sentryStore.alterSentryRoleAddGroups("g1", "non-existant-role", Sets.newHashSet());
    }

    @Test
    public void testAddDeleteGroups() throws Exception {
        long sequenceId = sentryStore.createSentryRole("test-groups").getSequenceId();
        HashSet newHashSet = Sets.newHashSet();
        TSentryGroup tSentryGroup = new TSentryGroup();
        tSentryGroup.setGroupName("test-groups-g1");
        newHashSet.add(tSentryGroup);
        TSentryGroup tSentryGroup2 = new TSentryGroup();
        tSentryGroup2.setGroupName("test-groups-g2");
        newHashSet.add(tSentryGroup2);
        assertEquals(sequenceId + 1, sentryStore.alterSentryRoleAddGroups("g1", "test-groups", newHashSet).getSequenceId());
        assertEquals(sequenceId + 2, sentryStore.alterSentryRoleDeleteGroups("test-groups", newHashSet).getSequenceId());
        assertEquals(Collections.emptySet(), sentryStore.getMSentryRoleByName("test-groups").getGroups());
    }

    @Test
    public void testGrantRevokePrivilege() throws Exception {
        long sequenceId = sentryStore.createSentryRole("test-privilege").getSequenceId();
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("TABLE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tbl1");
        tSentryPrivilege.setAction("*");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        assertEquals(sequenceId + 1, sentryStore.alterSentryRoleGrantPrivilege("g1", "test-privilege", tSentryPrivilege).getSequenceId());
        assertEquals(sentryStore.getMSentryRoleByName("test-privilege").getPrivileges().toString(), 1L, r0.size());
        tSentryPrivilege.setAction("select");
        assertEquals(sequenceId + 2, sentryStore.alterSentryRoleRevokePrivilege("g1", "test-privilege", tSentryPrivilege).getSequenceId());
        Set privileges = sentryStore.getMSentryRoleByName("test-privilege").getPrivileges();
        assertEquals(privileges.toString(), 1L, privileges.size());
        MSentryPrivilege mSentryPrivilege = (MSentryPrivilege) Iterables.get(privileges, 0);
        assertEquals("server1", mSentryPrivilege.getServerName());
        assertEquals("db1", mSentryPrivilege.getDbName());
        assertEquals("tbl1", mSentryPrivilege.getTableName());
        assertEquals("insert", mSentryPrivilege.getAction());
        assertFalse(mSentryPrivilege.getGrantOption().booleanValue());
    }

    private void verifyOrphanCleanup() throws Exception {
        boolean z = false;
        for (int i = 30; !z && i > 0; i--) {
            Thread.sleep(1000L);
            long countMSentryPrivileges = sentryStore.countMSentryPrivileges();
            if (countMSentryPrivileges < 60) {
                assertEquals(0L, countMSentryPrivileges);
                z = true;
            }
        }
        assertTrue("Failed to cleanup orphaned privileges", z);
    }

    @Test
    @Ignore("Disabled with SENTRY-545 following SENTRY-140 problems")
    public void testPrivilegeCleanup() throws Exception {
        sentryStore.createSentryRole("test-priv-cleanup");
        for (int i = 0; i < 60; i++) {
            TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
            tSentryPrivilege.setPrivilegeScope("TABLE");
            tSentryPrivilege.setServerName("server");
            tSentryPrivilege.setAction("*");
            tSentryPrivilege.setCreateTime(System.currentTimeMillis());
            tSentryPrivilege.setTableName("table-" + i);
            tSentryPrivilege.setDbName("db");
            sentryStore.alterSentryRoleGrantPrivilege("g1", "test-priv-cleanup", tSentryPrivilege);
        }
        assertEquals(sentryStore.countMSentryPrivileges(), 60L);
        sentryStore.dropSentryRole("test-priv-cleanup");
        verifyOrphanCleanup();
    }

    @Test
    @Ignore("Disabled with SENTRY-545 following SENTRY-140 problems")
    public void testPrivilegeCleanup2() throws Exception {
        sentryStore.createSentryRole("test-priv-cleanup");
        for (int i = 0; i < 60; i++) {
            TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
            tSentryPrivilege.setPrivilegeScope("DATABASE");
            tSentryPrivilege.setServerName("server");
            tSentryPrivilege.setAction("*");
            tSentryPrivilege.setCreateTime(System.currentTimeMillis());
            tSentryPrivilege.setTableName("table-" + i);
            tSentryPrivilege.setDbName("db");
            tSentryPrivilege.setGrantOption(TSentryGrantOption.TRUE);
            sentryStore.alterSentryRoleGrantPrivilege("g1", "test-priv-cleanup", tSentryPrivilege);
            tSentryPrivilege.setAction("select");
            tSentryPrivilege.setGrantOption(TSentryGrantOption.UNSET);
            sentryStore.alterSentryRoleRevokePrivilege("g1", "test-priv-cleanup", tSentryPrivilege);
            Set privileges = sentryStore.getMSentryRoleByName("test-priv-cleanup").getPrivileges();
            assertEquals(privileges.toString(), i + 1, privileges.size());
            assertEquals("insert", ((MSentryPrivilege) Iterables.get(privileges, 0)).getAction());
        }
        sentryStore.dropSentryRole("test-priv-cleanup");
        verifyOrphanCleanup();
    }

    @Test
    public void testGrantRevokeMultiPrivileges() throws Exception {
        String[] strArr = {"c1", "c2", "c3", "c4"};
        long sequenceId = sentryStore.createSentryRole("test-privilege").getSequenceId();
        HashSet newHashSet = Sets.newHashSet();
        for (String str : strArr) {
            TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
            tSentryPrivilege.setPrivilegeScope("Column");
            tSentryPrivilege.setServerName("server1");
            tSentryPrivilege.setDbName("db1");
            tSentryPrivilege.setTableName("tbl1");
            tSentryPrivilege.setColumnName(str);
            tSentryPrivilege.setAction("select");
            tSentryPrivilege.setCreateTime(System.currentTimeMillis());
            newHashSet.add(tSentryPrivilege);
        }
        assertEquals(sequenceId + 1, sentryStore.alterSentryRoleGrantPrivileges("g1", "test-privilege", newHashSet).getSequenceId());
        assertEquals(sentryStore.getMSentryRoleByName("test-privilege").getPrivileges().toString(), 4L, r0.size());
        HashSet newHashSet2 = Sets.newHashSet();
        for (int i = 0; i < 2; i++) {
            TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege();
            tSentryPrivilege2.setPrivilegeScope("Column");
            tSentryPrivilege2.setServerName("server1");
            tSentryPrivilege2.setDbName("db1");
            tSentryPrivilege2.setTableName("tbl1");
            tSentryPrivilege2.setColumnName(strArr[i]);
            tSentryPrivilege2.setAction("select");
            tSentryPrivilege2.setCreateTime(System.currentTimeMillis());
            newHashSet2.add(tSentryPrivilege2);
        }
        assertEquals(sequenceId + 2, sentryStore.alterSentryRoleRevokePrivileges("g1", "test-privilege", newHashSet2).getSequenceId());
        assertEquals(sentryStore.getMSentryRoleByName("test-privilege").getPrivileges().toString(), 2L, r0.size());
        TSentryPrivilege tSentryPrivilege3 = new TSentryPrivilege();
        tSentryPrivilege3.setPrivilegeScope("Table");
        tSentryPrivilege3.setServerName("server1");
        tSentryPrivilege3.setDbName("db1");
        tSentryPrivilege3.setTableName("tbl1");
        tSentryPrivilege3.setAction("select");
        tSentryPrivilege3.setCreateTime(System.currentTimeMillis());
        assertEquals(sequenceId + 3, sentryStore.alterSentryRoleRevokePrivilege("g1", "test-privilege", tSentryPrivilege3).getSequenceId());
        assertEquals(sentryStore.getMSentryRoleByName("test-privilege").getPrivileges().toString(), 0L, r0.size());
    }

    @Test
    public void testGrantRevokePrivilegeWithColumn() throws Exception {
        long sequenceId = sentryStore.createSentryRole("test-col-privilege").getSequenceId();
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("COLUMN");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tbl1");
        tSentryPrivilege.setColumnName("c1");
        tSentryPrivilege.setAction("*");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        assertEquals(sequenceId + 1, sentryStore.alterSentryRoleGrantPrivilege("g1", "test-col-privilege", tSentryPrivilege).getSequenceId());
        tSentryPrivilege.setColumnName("c2");
        assertEquals(sequenceId + 2, sentryStore.alterSentryRoleGrantPrivilege("g1", "test-col-privilege", tSentryPrivilege).getSequenceId());
        assertEquals(sentryStore.getMSentryRoleByName("test-col-privilege").getPrivileges().toString(), 2L, r0.size());
        tSentryPrivilege.setAction("select");
        assertEquals(sequenceId + 3, sentryStore.alterSentryRoleRevokePrivilege("g1", "test-col-privilege", tSentryPrivilege).getSequenceId());
        Set<MSentryPrivilege> privileges = sentryStore.getMSentryRoleByName("test-col-privilege").getPrivileges();
        assertEquals(privileges.toString(), 2L, privileges.size());
        for (MSentryPrivilege mSentryPrivilege : privileges) {
            assertEquals("server1", mSentryPrivilege.getServerName());
            assertEquals("db1", mSentryPrivilege.getDbName());
            assertEquals("tbl1", mSentryPrivilege.getTableName());
            assertFalse(mSentryPrivilege.getGrantOption().booleanValue());
            if (mSentryPrivilege.getColumnName().equals("c1")) {
                assertEquals("*", mSentryPrivilege.getAction());
            } else if (mSentryPrivilege.getColumnName().equals("c2")) {
                assertEquals("insert", mSentryPrivilege.getAction());
            } else {
                fail("Unexpected column name: " + mSentryPrivilege.getColumnName());
            }
        }
        TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege();
        tSentryPrivilege2.setPrivilegeScope("TABLE");
        tSentryPrivilege2.setServerName("server1");
        tSentryPrivilege2.setDbName("db1");
        tSentryPrivilege2.setTableName("tbl1");
        tSentryPrivilege2.setAction("insert");
        tSentryPrivilege2.setCreateTime(System.currentTimeMillis());
        assertEquals(sequenceId + 4, sentryStore.alterSentryRoleRevokePrivilege("g1", "test-col-privilege", tSentryPrivilege2).getSequenceId());
        Set privileges2 = sentryStore.getMSentryRoleByName("test-col-privilege").getPrivileges();
        assertEquals(privileges2.toString(), 1L, privileges2.size());
        assertEquals("c1", ((MSentryPrivilege) Iterables.get(privileges2, 0)).getColumnName());
        assertEquals("select", ((MSentryPrivilege) Iterables.get(privileges2, 0)).getAction());
        tSentryPrivilege2.setAction("*");
        tSentryPrivilege2.setCreateTime(System.currentTimeMillis());
        assertEquals(sequenceId + 5, sentryStore.alterSentryRoleRevokePrivilege("g1", "test-col-privilege", tSentryPrivilege2).getSequenceId());
        assertEquals(sentryStore.getMSentryRoleByName("test-col-privilege").getPrivileges().toString(), 0L, r0.size());
    }

    @Test
    public void testGrantRevokeTablePrivilegeDowngradeByDb() throws Exception {
        long sequenceId = sentryStore.createSentryRole("test-table-db-downgrade-privilege").getSequenceId();
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("TABLE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tbl1");
        tSentryPrivilege.setAction("*");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        TSentryPrivilege deepCopy = tSentryPrivilege.deepCopy();
        deepCopy.setTableName("tbl2");
        assertEquals(sequenceId + 1, sentryStore.alterSentryRoleGrantPrivilege("g1", "test-table-db-downgrade-privilege", tSentryPrivilege).getSequenceId());
        assertEquals(sequenceId + 2, sentryStore.alterSentryRoleGrantPrivilege("g1", "test-table-db-downgrade-privilege", deepCopy).getSequenceId());
        assertEquals(sentryStore.getMSentryRoleByName("test-table-db-downgrade-privilege").getPrivileges().toString(), 2L, r0.size());
        deepCopy.setAction("select");
        assertEquals(sequenceId + 3, sentryStore.alterSentryRoleRevokePrivilege("g1", "test-table-db-downgrade-privilege", deepCopy).getSequenceId());
        assertEquals(sentryStore.getMSentryRoleByName("test-table-db-downgrade-privilege").getPrivileges().toString(), 2L, r0.size());
        Set<MSentryPrivilege> privileges = sentryStore.getMSentryRoleByName("test-table-db-downgrade-privilege").getPrivileges();
        assertEquals(privileges.toString(), 2L, privileges.size());
        for (MSentryPrivilege mSentryPrivilege : privileges) {
            assertEquals("server1", mSentryPrivilege.getServerName());
            assertEquals("db1", mSentryPrivilege.getDbName());
            assertFalse(mSentryPrivilege.getGrantOption().booleanValue());
            if (mSentryPrivilege.getTableName().equals("tbl1")) {
                assertEquals("*", mSentryPrivilege.getAction());
            } else if (mSentryPrivilege.getTableName().equals("tbl2")) {
                assertEquals("insert", mSentryPrivilege.getAction());
            } else {
                fail("Unexpected table name: " + mSentryPrivilege.getTableName());
            }
        }
        deepCopy.setAction("insert");
        deepCopy.setPrivilegeScope("DATABASE");
        deepCopy.unsetTableName();
        assertEquals(sequenceId + 4, sentryStore.alterSentryRoleRevokePrivilege("g1", "test-table-db-downgrade-privilege", deepCopy).getSequenceId());
        Set privileges2 = sentryStore.getMSentryRoleByName("test-table-db-downgrade-privilege").getPrivileges();
        assertEquals(privileges2.toString(), 1L, privileges2.size());
        MSentryPrivilege mSentryPrivilege2 = (MSentryPrivilege) Iterables.get(privileges2, 0);
        assertEquals("server1", mSentryPrivilege2.getServerName());
        assertEquals("db1", mSentryPrivilege2.getDbName());
        assertEquals("tbl1", mSentryPrivilege2.getTableName());
        assertEquals("select", mSentryPrivilege2.getAction());
        assertFalse(mSentryPrivilege2.getGrantOption().booleanValue());
    }

    @Test
    public void testGrantRevokeColumnPrivilegeDowngradeByDb() throws Exception {
        long sequenceId = sentryStore.createSentryRole("test-column-db-downgrade-privilege").getSequenceId();
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("COLUMN");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tbl1");
        tSentryPrivilege.setColumnName("c1");
        tSentryPrivilege.setAction("*");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        TSentryPrivilege deepCopy = tSentryPrivilege.deepCopy();
        deepCopy.setColumnName("c2");
        assertEquals(sequenceId + 1, sentryStore.alterSentryRoleGrantPrivilege("g1", "test-column-db-downgrade-privilege", tSentryPrivilege).getSequenceId());
        assertEquals(sequenceId + 2, sentryStore.alterSentryRoleGrantPrivilege("g1", "test-column-db-downgrade-privilege", deepCopy).getSequenceId());
        assertEquals(sentryStore.getMSentryRoleByName("test-column-db-downgrade-privilege").getPrivileges().toString(), 2L, r0.size());
        deepCopy.setAction("select");
        assertEquals(sequenceId + 3, sentryStore.alterSentryRoleRevokePrivilege("g1", "test-column-db-downgrade-privilege", deepCopy).getSequenceId());
        assertEquals(sentryStore.getMSentryRoleByName("test-column-db-downgrade-privilege").getPrivileges().toString(), 2L, r0.size());
        Set<MSentryPrivilege> privileges = sentryStore.getMSentryRoleByName("test-column-db-downgrade-privilege").getPrivileges();
        assertEquals(privileges.toString(), 2L, privileges.size());
        for (MSentryPrivilege mSentryPrivilege : privileges) {
            assertEquals("server1", mSentryPrivilege.getServerName());
            assertEquals("db1", mSentryPrivilege.getDbName());
            assertEquals("tbl1", mSentryPrivilege.getTableName());
            assertFalse(mSentryPrivilege.getGrantOption().booleanValue());
            if (mSentryPrivilege.getColumnName().equals("c1")) {
                assertEquals("*", mSentryPrivilege.getAction());
            } else if (mSentryPrivilege.getColumnName().equals("c2")) {
                assertEquals("insert", mSentryPrivilege.getAction());
            } else {
                fail("Unexpected column name: " + mSentryPrivilege.getColumnName());
            }
        }
        deepCopy.setAction("insert");
        deepCopy.setPrivilegeScope("DATABASE");
        deepCopy.unsetTableName();
        deepCopy.unsetColumnName();
        assertEquals(sequenceId + 4, sentryStore.alterSentryRoleRevokePrivilege("g1", "test-column-db-downgrade-privilege", deepCopy).getSequenceId());
        Set privileges2 = sentryStore.getMSentryRoleByName("test-column-db-downgrade-privilege").getPrivileges();
        assertEquals(privileges2.toString(), 1L, privileges2.size());
        MSentryPrivilege mSentryPrivilege2 = (MSentryPrivilege) Iterables.get(privileges2, 0);
        assertEquals("server1", mSentryPrivilege2.getServerName());
        assertEquals("db1", mSentryPrivilege2.getDbName());
        assertEquals("tbl1", mSentryPrivilege2.getTableName());
        assertEquals("c1", mSentryPrivilege2.getColumnName());
        assertEquals("select", mSentryPrivilege2.getAction());
        assertFalse(mSentryPrivilege2.getGrantOption().booleanValue());
    }

    @Test
    public void testGrantRevokePrivilegeWithGrantOption() throws Exception {
        TSentryGrantOption tSentryGrantOption = TSentryGrantOption.TRUE;
        long sequenceId = sentryStore.createSentryRole("test-grantOption-table").getSequenceId();
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("TABLE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tbl1");
        tSentryPrivilege.setAction("*");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        tSentryPrivilege.setGrantOption(tSentryGrantOption);
        assertEquals(sequenceId + 1, sentryStore.alterSentryRoleGrantPrivilege("g1", "test-grantOption-table", tSentryPrivilege).getSequenceId());
        Set privileges = sentryStore.getMSentryRoleByName("test-grantOption-table").getPrivileges();
        assertEquals(privileges.toString(), 1L, privileges.size());
        assertEquals(Boolean.valueOf(tSentryPrivilege.getGrantOption().toString()), ((MSentryPrivilege) Iterables.get(privileges, 0)).getGrantOption());
        assertEquals(sequenceId + 2, sentryStore.alterSentryRoleRevokePrivilege("g1", "test-grantOption-table", tSentryPrivilege).getSequenceId());
        assertEquals(0L, sentryStore.getMSentryRoleByName("test-grantOption-table").getPrivileges().size());
        sentryStore.createSentryRole("test-grantOption-db");
        TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege();
        tSentryPrivilege2.setPrivilegeScope("DATABASE");
        tSentryPrivilege2.setServerName("server1");
        tSentryPrivilege2.setDbName("db1");
        tSentryPrivilege2.setAction("*");
        tSentryPrivilege2.setGrantOption(TSentryGrantOption.TRUE);
        tSentryPrivilege2.setCreateTime(System.currentTimeMillis());
        tSentryPrivilege2.setGrantOption(tSentryGrantOption);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "test-grantOption-db", tSentryPrivilege2);
        assertEquals(sentryStore.getMSentryRoleByName("test-grantOption-db").getPrivileges().toString(), 1L, r0.size());
        tSentryPrivilege2.setAction("select");
        tSentryPrivilege2.setGrantOption(TSentryGrantOption.UNSET);
        sentryStore.alterSentryRoleRevokePrivilege("g1", "test-grantOption-db", tSentryPrivilege2);
        Set privileges2 = sentryStore.getMSentryRoleByName("test-grantOption-db").getPrivileges();
        assertEquals(privileges2.toString(), 1L, privileges2.size());
        MSentryPrivilege mSentryPrivilege = (MSentryPrivilege) Iterables.get(privileges2, 0);
        assertEquals("server1", mSentryPrivilege.getServerName());
        assertEquals("db1", mSentryPrivilege.getDbName());
        assertEquals("insert", mSentryPrivilege.getAction());
    }

    @Test
    public void testGrantCheckWithGrantOption() throws Exception {
        String[] strArr = {"user0", "user1", "user2", "user3", "user4"};
        String[] strArr2 = {"role0", "role1", "role2", "role3", "role4"};
        String[] strArr3 = {"group0", "group1", "group2", "group3", "group4"};
        for (int i = 0; i < strArr.length; i++) {
            addGroupsToUser(strArr[i], strArr3[i]);
            sentryStore.createSentryRole(strArr2[i]);
            HashSet newHashSet = Sets.newHashSet();
            newHashSet.add(new TSentryGroup(strArr3[i]));
            sentryStore.alterSentryRoleAddGroups("g1", strArr2[i], newHashSet);
        }
        writePolicyFile();
        String str = strArr2[0];
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("DATABASE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setAction("*");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        tSentryPrivilege.setGrantOption(TSentryGrantOption.TRUE);
        sentryStore.alterSentryRoleGrantPrivilege("g1", str, tSentryPrivilege);
        assertEquals(sentryStore.getMSentryRoleByName(str).getPrivileges().toString(), 1L, r0.size());
        String str2 = strArr2[1];
        String str3 = strArr[0];
        TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege();
        tSentryPrivilege2.setPrivilegeScope("DATABASE");
        tSentryPrivilege2.setServerName("server1");
        tSentryPrivilege2.setDbName("db1");
        tSentryPrivilege2.setAction("select");
        tSentryPrivilege2.setCreateTime(System.currentTimeMillis());
        tSentryPrivilege2.setGrantOption(TSentryGrantOption.TRUE);
        sentryStore.alterSentryRoleGrantPrivilege(str3, str2, tSentryPrivilege2);
        String str4 = strArr2[2];
        String str5 = strArr[0];
        TSentryPrivilege tSentryPrivilege3 = new TSentryPrivilege();
        tSentryPrivilege3.setPrivilegeScope("TABLE");
        tSentryPrivilege3.setServerName("server1");
        tSentryPrivilege3.setDbName("db1");
        tSentryPrivilege3.setTableName("tbl1");
        tSentryPrivilege3.setAction("*");
        tSentryPrivilege3.setCreateTime(System.currentTimeMillis());
        tSentryPrivilege3.setGrantOption(TSentryGrantOption.FALSE);
        sentryStore.alterSentryRoleGrantPrivilege(str5, str4, tSentryPrivilege3);
        String str6 = strArr2[3];
        String str7 = strArr[1];
        TSentryPrivilege tSentryPrivilege4 = new TSentryPrivilege();
        tSentryPrivilege4.setPrivilegeScope("DATABASE");
        tSentryPrivilege4.setServerName("server1");
        tSentryPrivilege4.setDbName("db1");
        tSentryPrivilege4.setAction("insert");
        tSentryPrivilege4.setCreateTime(System.currentTimeMillis());
        tSentryPrivilege4.setGrantOption(TSentryGrantOption.FALSE);
        boolean z = false;
        try {
            sentryStore.alterSentryRoleGrantPrivilege(str7, str6, tSentryPrivilege4);
        } catch (SentryGrantDeniedException e) {
            z = true;
            System.err.println(e.getMessage());
        }
        assertTrue(z);
        String str8 = strArr2[4];
        String str9 = strArr[2];
        TSentryPrivilege tSentryPrivilege5 = new TSentryPrivilege();
        tSentryPrivilege5.setPrivilegeScope("TABLE");
        tSentryPrivilege5.setServerName("server1");
        tSentryPrivilege5.setDbName("db1");
        tSentryPrivilege5.setTableName("tbl1");
        tSentryPrivilege5.setAction("insert");
        tSentryPrivilege5.setCreateTime(System.currentTimeMillis());
        tSentryPrivilege5.setGrantOption(TSentryGrantOption.FALSE);
        boolean z2 = false;
        try {
            sentryStore.alterSentryRoleGrantPrivilege(str9, str8, tSentryPrivilege5);
        } catch (SentryGrantDeniedException e2) {
            z2 = true;
            System.err.println(e2.getMessage());
        }
        assertTrue(z2);
    }

    @Test
    public void testRevokeCheckWithGrantOption() throws Exception {
        String[] strArr = {"user0", "user1", "user2"};
        String[] strArr2 = {"role0", "role1", "role2"};
        String[] strArr3 = {"group0", "group1", "group2"};
        for (int i = 0; i < strArr.length; i++) {
            addGroupsToUser(strArr[i], strArr3[i]);
            sentryStore.createSentryRole(strArr2[i]);
            HashSet newHashSet = Sets.newHashSet();
            newHashSet.add(new TSentryGroup(strArr3[i]));
            sentryStore.alterSentryRoleAddGroups("g1", strArr2[i], newHashSet);
        }
        writePolicyFile();
        String str = strArr2[0];
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("DATABASE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setAction("select");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        tSentryPrivilege.setGrantOption(TSentryGrantOption.TRUE);
        sentryStore.alterSentryRoleGrantPrivilege("g1", str, tSentryPrivilege);
        assertEquals(sentryStore.getMSentryRoleByName(str).getPrivileges().toString(), 1L, r0.size());
        String str2 = strArr2[1];
        TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege();
        tSentryPrivilege2.setPrivilegeScope("TABLE");
        tSentryPrivilege2.setServerName("server1");
        tSentryPrivilege2.setDbName("db1");
        tSentryPrivilege2.setTableName("tbl1");
        tSentryPrivilege2.setAction("*");
        tSentryPrivilege2.setCreateTime(System.currentTimeMillis());
        tSentryPrivilege2.setGrantOption(TSentryGrantOption.FALSE);
        sentryStore.alterSentryRoleGrantPrivilege("g1", str2, tSentryPrivilege2);
        String str3 = strArr2[2];
        TSentryPrivilege tSentryPrivilege3 = new TSentryPrivilege();
        tSentryPrivilege3.setPrivilegeScope("TABLE");
        tSentryPrivilege3.setServerName("server1");
        tSentryPrivilege3.setDbName("db1");
        tSentryPrivilege3.setTableName("tbl1");
        tSentryPrivilege3.setAction("select");
        tSentryPrivilege3.setCreateTime(System.currentTimeMillis());
        tSentryPrivilege3.setGrantOption(TSentryGrantOption.FALSE);
        sentryStore.alterSentryRoleGrantPrivilege("g1", str3, tSentryPrivilege3);
        boolean z = false;
        try {
            sentryStore.alterSentryRoleRevokePrivilege(strArr[1], strArr2[2], tSentryPrivilege3);
        } catch (SentryGrantDeniedException e) {
            z = true;
            System.err.println(e.getMessage());
        }
        assertTrue(z);
        try {
            sentryStore.alterSentryRoleRevokePrivilege(strArr[0], strArr2[1], tSentryPrivilege2);
        } catch (SentryGrantDeniedException e2) {
            z = true;
            System.err.println(e2.getMessage());
        }
        assertTrue(z);
        sentryStore.alterSentryRoleRevokePrivilege(strArr[0], strArr2[2], tSentryPrivilege3);
        assertEquals(0L, sentryStore.getMSentryRoleByName(r0).getPrivileges().size());
    }

    @Test
    public void testRevokeAllGrantOption() throws Exception {
        String[] strArr = {"user0"};
        String[] strArr2 = {"role0"};
        String[] strArr3 = {"group0"};
        for (int i = 0; i < strArr.length; i++) {
            addGroupsToUser(strArr[i], strArr3[i]);
            sentryStore.createSentryRole(strArr2[i]);
            HashSet newHashSet = Sets.newHashSet();
            newHashSet.add(new TSentryGroup(strArr3[i]));
            sentryStore.alterSentryRoleAddGroups("g1", strArr2[i], newHashSet);
        }
        writePolicyFile();
        String str = strArr2[0];
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("TABLE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tbl1");
        tSentryPrivilege.setAction("select");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        tSentryPrivilege.setGrantOption(TSentryGrantOption.TRUE);
        sentryStore.alterSentryRoleGrantPrivilege("g1", str, tSentryPrivilege);
        String str2 = strArr2[0];
        tSentryPrivilege.setGrantOption(TSentryGrantOption.FALSE);
        sentryStore.alterSentryRoleGrantPrivilege("g1", str2, tSentryPrivilege);
        String str3 = strArr2[0];
        tSentryPrivilege.setGrantOption(TSentryGrantOption.UNSET);
        sentryStore.alterSentryRoleRevokePrivilege("g1", str3, tSentryPrivilege);
        assertEquals(sentryStore.getMSentryRoleByName(str3).getPrivileges().toString(), 0L, r0.size());
    }

    @Test
    public void testGrantCheckWithColumn() throws Exception {
        String[] strArr = {"user0", "user1"};
        String[] strArr2 = {"role0", "role1"};
        String[] strArr3 = {"group0", "group1"};
        for (int i = 0; i < strArr.length; i++) {
            addGroupsToUser(strArr[i], strArr3[i]);
            sentryStore.createSentryRole(strArr2[i]);
            HashSet newHashSet = Sets.newHashSet();
            newHashSet.add(new TSentryGroup(strArr3[i]));
            sentryStore.alterSentryRoleAddGroups("g1", strArr2[i], newHashSet);
        }
        writePolicyFile();
        String str = strArr2[0];
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("TABLE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tbl1");
        tSentryPrivilege.setAction("select");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        tSentryPrivilege.setGrantOption(TSentryGrantOption.TRUE);
        sentryStore.alterSentryRoleGrantPrivilege("g1", str, tSentryPrivilege);
        assertEquals(sentryStore.getMSentryRoleByName(str).getPrivileges().toString(), 1L, r0.size());
        String str2 = strArr2[1];
        String str3 = strArr[0];
        TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege();
        tSentryPrivilege2.setPrivilegeScope("COLUMN");
        tSentryPrivilege2.setServerName("server1");
        tSentryPrivilege2.setDbName("db1");
        tSentryPrivilege2.setTableName("tbl1");
        tSentryPrivilege2.setColumnName("c1");
        tSentryPrivilege2.setAction("select");
        tSentryPrivilege2.setCreateTime(System.currentTimeMillis());
        tSentryPrivilege2.setGrantOption(TSentryGrantOption.TRUE);
        sentryStore.alterSentryRoleGrantPrivilege(str3, str2, tSentryPrivilege2);
        boolean z = false;
        try {
            sentryStore.alterSentryRoleRevokePrivilege(strArr[1], strArr2[0], tSentryPrivilege);
        } catch (SentryGrantDeniedException e) {
            z = true;
            System.err.println(e.getMessage());
        }
        assertTrue(z);
        sentryStore.alterSentryRoleRevokePrivilege(strArr[0], strArr2[1], tSentryPrivilege2);
        assertEquals(0L, sentryStore.getMSentryRoleByName(r0).getPrivileges().size());
    }

    @Test
    public void testGrantDuplicatePrivilege() throws Exception {
        long sequenceId = sentryStore.createSentryRole("test-privilege").getSequenceId();
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("TABLE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tbl1");
        tSentryPrivilege.setAction("*");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        assertEquals(sequenceId + 1, sentryStore.alterSentryRoleGrantPrivilege("g1", "test-privilege", tSentryPrivilege).getSequenceId());
        assertEquals(sequenceId + 2, sentryStore.alterSentryRoleGrantPrivilege("g1", "test-privilege", tSentryPrivilege).getSequenceId());
        tSentryPrivilege.setServerName("Server1");
        tSentryPrivilege.setDbName("DB1");
        tSentryPrivilege.setTableName("TBL1");
        assertEquals(sequenceId + 3, sentryStore.alterSentryRoleGrantPrivilege("g1", "test-privilege", tSentryPrivilege).getSequenceId());
        assertEquals(sentryStore.getMSentryRoleByName("test-privilege").getPrivileges().toString(), 1L, r0.size());
    }

    @Test
    public void testListSentryPrivilegesForProvider() throws Exception {
        long sequenceId = sentryStore.createSentryRole("list-privs-r1").getSequenceId();
        assertEquals(sequenceId + 1, sentryStore.createSentryRole("list-privs-r2").getSequenceId());
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("TABLE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tbl1");
        tSentryPrivilege.setAction("SELECT");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        assertEquals(sequenceId + 2, sentryStore.alterSentryRoleGrantPrivilege("g1", "list-privs-r1", tSentryPrivilege).getSequenceId());
        assertEquals(sequenceId + 3, sentryStore.alterSentryRoleGrantPrivilege("g1", "list-privs-r2", tSentryPrivilege).getSequenceId());
        TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege();
        tSentryPrivilege2.setPrivilegeScope("SERVER");
        tSentryPrivilege2.setServerName("server1");
        tSentryPrivilege2.setCreateTime(System.currentTimeMillis());
        assertEquals(sequenceId + 4, sentryStore.alterSentryRoleGrantPrivilege("g1", "list-privs-r2", tSentryPrivilege2).getSequenceId());
        HashSet newHashSet = Sets.newHashSet();
        TSentryGroup tSentryGroup = new TSentryGroup();
        tSentryGroup.setGroupName("list-privs-g1");
        newHashSet.add(tSentryGroup);
        assertEquals(sequenceId + 5, sentryStore.alterSentryRoleAddGroups("g1", "list-privs-r1", newHashSet).getSequenceId());
        newHashSet.clear();
        TSentryGroup tSentryGroup2 = new TSentryGroup();
        tSentryGroup2.setGroupName("list-privs-g2");
        newHashSet.add(tSentryGroup2);
        assertEquals(sequenceId + 6, sentryStore.alterSentryRoleAddGroups("g1", "list-privs-r1", newHashSet).getSequenceId());
        assertEquals(sequenceId + 7, sentryStore.alterSentryRoleAddGroups("g1", "list-privs-r2", newHashSet).getSequenceId());
        assertEquals(Sets.newHashSet(new String[]{"server=server1->db=db1->table=tbl1->action=select"}), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(new String[]{"list-privs-g1"}), new TSentryActiveRoleSet(true, new HashSet()))));
        assertEquals(Sets.newHashSet(new String[]{"server=server1->db=db1->table=tbl1->action=select"}), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(new String[]{"list-privs-g1"}), new TSentryActiveRoleSet(false, Sets.newHashSet(new String[]{"list-privs-r1"})))));
        assertEquals(Sets.newHashSet(), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(new String[]{"list-privs-g1"}), new TSentryActiveRoleSet(false, Sets.newHashSet(new String[]{"not a role"})))));
        assertEquals(Sets.newHashSet(), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(new String[]{"list-privs-g1"}), new TSentryActiveRoleSet(false, new HashSet()))));
        assertEquals(Sets.newHashSet(new String[]{"server=server1->db=db1->table=tbl1->action=select", "server=server1"}), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(new String[]{"list-privs-g2"}), new TSentryActiveRoleSet(true, new HashSet()))));
        assertEquals(Sets.newHashSet(new String[]{"server=server1->db=db1->table=tbl1->action=select"}), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(new String[]{"list-privs-g2"}), new TSentryActiveRoleSet(false, Sets.newHashSet(new String[]{"list-privs-r1"})))));
        assertEquals(Sets.newHashSet(new String[]{"server=server1->db=db1->table=tbl1->action=select", "server=server1"}), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(new String[]{"list-privs-g2"}), new TSentryActiveRoleSet(false, Sets.newHashSet(new String[]{"list-privs-r2"})))));
        assertEquals(Sets.newHashSet(), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(new String[]{"list-privs-g2"}), new TSentryActiveRoleSet(false, Sets.newHashSet(new String[]{"not a role"})))));
        assertEquals(Sets.newHashSet(), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(new String[]{"list-privs-g2"}), new TSentryActiveRoleSet(false, new HashSet()))));
        assertEquals(Sets.newHashSet(new String[]{"server=server1->db=db1->table=tbl1->action=select", "server=server1"}), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(new String[]{"list-privs-g1", "list-privs-g2"}), new TSentryActiveRoleSet(true, new HashSet()))));
        assertEquals(Sets.newHashSet(new String[]{"server=server1->db=db1->table=tbl1->action=select"}), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(new String[]{"list-privs-g1", "list-privs-g2"}), new TSentryActiveRoleSet(false, Sets.newHashSet(new String[]{"list-privs-r1"})))));
        assertEquals(Sets.newHashSet(new String[]{"server=server1->db=db1->table=tbl1->action=select", "server=server1"}), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(new String[]{"list-privs-g1", "list-privs-g2"}), new TSentryActiveRoleSet(false, Sets.newHashSet(new String[]{"list-privs-r2"})))));
        assertEquals(Sets.newHashSet(), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(new String[]{"list-privs-g1", "list-privs-g2"}), new TSentryActiveRoleSet(false, Sets.newHashSet(new String[]{"not a role"})))));
        assertEquals(Sets.newHashSet(), SentryStore.toTrimedLower(sentryStore.listAllSentryPrivilegesForProvider(Sets.newHashSet(new String[]{"list-privs-g1", "list-privs-g2"}), new TSentryActiveRoleSet(false, new HashSet()))));
    }

    @Test
    public void testListRole() throws Exception {
        sentryStore.createSentryRole("role1");
        sentryStore.createSentryRole("role2");
        sentryStore.createSentryRole("role3");
        sentryStore.alterSentryRoleAddGroups("g1", "role1", Sets.newHashSet(new TSentryGroup[]{new TSentryGroup("group1")}));
        sentryStore.alterSentryRoleAddGroups("g1", "role2", Sets.newHashSet(new TSentryGroup[]{new TSentryGroup("group2")}));
        sentryStore.alterSentryRoleAddGroups("g1", "role3", Sets.newHashSet(new TSentryGroup[]{new TSentryGroup("group1"), new TSentryGroup("group2")}));
        assertEquals(2L, sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(new String[]{"group1"}), false).size());
        assertEquals(2L, sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(new String[]{"group2"}), false).size());
        assertEquals(3L, sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(new String[]{"group1", "group2"}), false).size());
        assertEquals(0L, sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(new String[]{"foo"}), true).size());
    }

    @Test
    public void testDropDbObject() throws Exception {
        sentryStore.createSentryRole("list-privs-r1");
        sentryStore.createSentryRole("list-privs-r2");
        sentryStore.createSentryRole("list-privs-r3");
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("TABLE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tbl1");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege2.setAction("SELECT");
        TSentryPrivilege tSentryPrivilege3 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege3.setAction("INSERT");
        TSentryPrivilege tSentryPrivilege4 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege4.setAction("*");
        TSentryPrivilege tSentryPrivilege5 = new TSentryPrivilege();
        tSentryPrivilege5.setPrivilegeScope("SERVER");
        tSentryPrivilege5.setServerName("server1");
        tSentryPrivilege5.setCreateTime(System.currentTimeMillis());
        TSentryPrivilege tSentryPrivilege6 = new TSentryPrivilege();
        tSentryPrivilege6.setPrivilegeScope("TABLE");
        tSentryPrivilege6.setServerName("server1");
        tSentryPrivilege6.setDbName("db1");
        tSentryPrivilege6.setTableName("tbl2");
        tSentryPrivilege6.setCreateTime(System.currentTimeMillis());
        TSentryPrivilege tSentryPrivilege7 = new TSentryPrivilege(tSentryPrivilege6);
        tSentryPrivilege7.setAction("SELECT");
        TSentryPrivilege tSentryPrivilege8 = new TSentryPrivilege(tSentryPrivilege6);
        tSentryPrivilege8.setAction("INSERT");
        sentryStore.alterSentryRoleGrantPrivilege("g1", "list-privs-r1", tSentryPrivilege2);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "list-privs-r2", tSentryPrivilege3);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "list-privs-r2", tSentryPrivilege5);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "list-privs-r2", tSentryPrivilege7);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "list-privs-r3", tSentryPrivilege4);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "list-privs-r3", tSentryPrivilege8);
        sentryStore.dropPrivilege(toTSentryAuthorizable(tSentryPrivilege));
        assertEquals(0L, sentryStore.getAllTSentryPrivilegesByRoleName("list-privs-r1").size());
        assertEquals(2L, sentryStore.getAllTSentryPrivilegesByRoleName("list-privs-r2").size());
        assertEquals(1L, sentryStore.getAllTSentryPrivilegesByRoleName("list-privs-r3").size());
        sentryStore.dropPrivilege(toTSentryAuthorizable(tSentryPrivilege6));
        assertEquals(0L, sentryStore.getAllTSentryPrivilegesByRoleName("list-privs-r1").size());
        assertEquals(1L, sentryStore.getAllTSentryPrivilegesByRoleName("list-privs-r2").size());
        assertEquals(0L, sentryStore.getAllTSentryPrivilegesByRoleName("list-privs-r3").size());
    }

    @Test
    public void testDropTableWithMultiAction() throws Exception {
        sentryStore.createSentryRole("role1");
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("TABLE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tbl1");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege2.setAction("insert");
        TSentryPrivilege tSentryPrivilege3 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege3.setAction("select");
        TSentryPrivilege tSentryPrivilege4 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege4.setAction("alter");
        TSentryPrivilege tSentryPrivilege5 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege5.setAction("drop");
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role1", tSentryPrivilege2);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role1", tSentryPrivilege3);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role1", tSentryPrivilege4);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role1", tSentryPrivilege5);
        assertEquals(4L, sentryStore.getAllTSentryPrivilegesByRoleName("role1").size());
        sentryStore.dropPrivilege(toTSentryAuthorizable(tSentryPrivilege));
        assertEquals(0L, sentryStore.getAllTSentryPrivilegesByRoleName("role1").size());
    }

    @Test
    public void testDropTableWithColumn() throws Exception {
        sentryStore.createSentryRole("role1");
        sentryStore.createSentryRole("role2");
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("TABLE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tbl1");
        tSentryPrivilege.setAction("select");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege2.setPrivilegeScope("COLUMN");
        tSentryPrivilege2.setColumnName("c1");
        tSentryPrivilege2.setCreateTime(System.currentTimeMillis());
        TSentryPrivilege tSentryPrivilege3 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege3.setPrivilegeScope("COLUMN");
        tSentryPrivilege3.setColumnName("c2");
        tSentryPrivilege3.setCreateTime(System.currentTimeMillis());
        TSentryPrivilege tSentryPrivilege4 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege4.setPrivilegeScope("COLUMN");
        tSentryPrivilege4.setColumnName("c3");
        tSentryPrivilege4.setCreateTime(System.currentTimeMillis());
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role1", tSentryPrivilege2);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role1", tSentryPrivilege3);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role2", tSentryPrivilege4);
        assertEquals(2L, sentryStore.getAllTSentryPrivilegesByRoleName("role1").size());
        assertEquals(1L, sentryStore.getAllTSentryPrivilegesByRoleName("role2").size());
        sentryStore.dropPrivilege(toTSentryAuthorizable(tSentryPrivilege));
        assertEquals(0L, sentryStore.getAllTSentryPrivilegesByRoleName("role1").size());
        assertEquals(0L, sentryStore.getAllTSentryPrivilegesByRoleName("role2").size());
    }

    @Test
    public void testDropOverlappedPrivileges() throws Exception {
        sentryStore.createSentryRole("list-privs-r1");
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("TABLE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tbl1");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege2.setAction("INSERT");
        TSentryPrivilege tSentryPrivilege3 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege3.setAction("*");
        sentryStore.alterSentryRoleGrantPrivilege("g1", "list-privs-r1", tSentryPrivilege2);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "list-privs-r1", tSentryPrivilege3);
        sentryStore.dropPrivilege(toTSentryAuthorizable(tSentryPrivilege));
        assertEquals(0L, sentryStore.getAllTSentryPrivilegesByRoleName("list-privs-r1").size());
    }

    private TSentryAuthorizable toTSentryAuthorizable(TSentryPrivilege tSentryPrivilege) {
        TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
        tSentryAuthorizable.setServer(tSentryPrivilege.getServerName());
        tSentryAuthorizable.setDb(tSentryPrivilege.getDbName());
        tSentryAuthorizable.setTable(tSentryPrivilege.getTableName());
        tSentryAuthorizable.setUri(tSentryPrivilege.getURI());
        return tSentryAuthorizable;
    }

    @Test
    public void testRenameTable() throws Exception {
        sentryStore.createSentryRole("role1");
        sentryStore.createSentryRole("role2");
        sentryStore.createSentryRole("role3");
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("TABLE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tbl1");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege2.setAction("insert");
        TSentryPrivilege tSentryPrivilege3 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege3.setAction("select");
        TSentryPrivilege tSentryPrivilege4 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege4.setAction("*");
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role1", tSentryPrivilege2);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role2", tSentryPrivilege3);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role3", tSentryPrivilege4);
        TSentryAuthorizable tSentryAuthorizable = toTSentryAuthorizable(tSentryPrivilege);
        TSentryAuthorizable tSentryAuthorizable2 = toTSentryAuthorizable(tSentryPrivilege);
        tSentryAuthorizable2.setTable("tbl2");
        sentryStore.renamePrivilege(tSentryAuthorizable, tSentryAuthorizable2);
        Iterator it = Sets.newHashSet(new String[]{"role1", "role2", "role3"}).iterator();
        while (it.hasNext()) {
            Set allTSentryPrivilegesByRoleName = sentryStore.getAllTSentryPrivilegesByRoleName((String) it.next());
            assertEquals(1L, allTSentryPrivilegesByRoleName.size());
            Iterator it2 = allTSentryPrivilegesByRoleName.iterator();
            while (it2.hasNext()) {
                assertTrue("tbl2".equalsIgnoreCase(((TSentryPrivilege) it2.next()).getTableName()));
            }
        }
    }

    @Test
    public void testRenameTableWithMultiAction() throws Exception {
        sentryStore.createSentryRole("role1");
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("TABLE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tbl1");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege2.setAction("insert");
        TSentryPrivilege tSentryPrivilege3 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege3.setAction("select");
        TSentryPrivilege tSentryPrivilege4 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege4.setAction("alter");
        TSentryPrivilege tSentryPrivilege5 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege5.setAction("drop");
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role1", tSentryPrivilege2);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role1", tSentryPrivilege3);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role1", tSentryPrivilege4);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role1", tSentryPrivilege5);
        TSentryAuthorizable tSentryAuthorizable = toTSentryAuthorizable(tSentryPrivilege);
        TSentryAuthorizable tSentryAuthorizable2 = toTSentryAuthorizable(tSentryPrivilege);
        tSentryAuthorizable2.setTable("tbl2");
        sentryStore.renamePrivilege(tSentryAuthorizable, tSentryAuthorizable2);
        Set allTSentryPrivilegesByRoleName = sentryStore.getAllTSentryPrivilegesByRoleName("role1");
        assertEquals(4L, allTSentryPrivilegesByRoleName.size());
        Iterator it = allTSentryPrivilegesByRoleName.iterator();
        while (it.hasNext()) {
            assertTrue("tbl2".equalsIgnoreCase(((TSentryPrivilege) it.next()).getTableName()));
        }
    }

    @Test
    public void testSentryRoleSize() throws Exception {
        long j = 0;
        while (true) {
            long j2 = j;
            if (j2 >= 5) {
                return;
            }
            assertEquals(Long.valueOf(j2), sentryStore.getRoleCountGauge().getValue());
            sentryStore.createSentryRole("role" + j2);
            j = j2 + 1;
        }
    }

    @Test
    public void testSentryPrivilegeSize() throws Exception {
        sentryStore.createSentryRole("role1");
        sentryStore.createSentryRole("role2");
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("TABLE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tb1");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        assertEquals(0L, sentryStore.getPrivilegeCountGauge().getValue());
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role1", tSentryPrivilege);
        assertEquals(1L, sentryStore.getPrivilegeCountGauge().getValue());
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role2", tSentryPrivilege);
        assertEquals(1L, sentryStore.getPrivilegeCountGauge().getValue());
        tSentryPrivilege.setTableName("tb2");
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role2", tSentryPrivilege);
        assertEquals(2L, sentryStore.getPrivilegeCountGauge().getValue());
    }

    @Test
    public void testSentryGroupsSize() throws Exception {
        sentryStore.createSentryRole("role1");
        sentryStore.createSentryRole("role2");
        HashSet newHashSet = Sets.newHashSet();
        TSentryGroup tSentryGroup = new TSentryGroup();
        tSentryGroup.setGroupName("group1");
        newHashSet.add(tSentryGroup);
        sentryStore.alterSentryRoleAddGroups("g1", "role1", newHashSet);
        assertEquals(1L, sentryStore.getGroupCountGauge().getValue());
        sentryStore.alterSentryRoleAddGroups("g1", "role2", newHashSet);
        assertEquals(1L, sentryStore.getGroupCountGauge().getValue());
        newHashSet.add(new TSentryGroup("group2"));
        sentryStore.alterSentryRoleAddGroups("g1", "role2", newHashSet);
        assertEquals(2L, sentryStore.getGroupCountGauge().getValue());
    }

    @Test
    public void testRenameTableWithColumn() throws Exception {
        sentryStore.createSentryRole("role1");
        sentryStore.createSentryRole("role2");
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
        tSentryPrivilege.setPrivilegeScope("TABLE");
        tSentryPrivilege.setServerName("server1");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tbl1");
        tSentryPrivilege.setAction("select");
        tSentryPrivilege.setCreateTime(System.currentTimeMillis());
        TSentryPrivilege tSentryPrivilege2 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege2.setPrivilegeScope("COLUMN");
        tSentryPrivilege2.setColumnName("c1");
        tSentryPrivilege2.setCreateTime(System.currentTimeMillis());
        TSentryPrivilege tSentryPrivilege3 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege3.setPrivilegeScope("COLUMN");
        tSentryPrivilege3.setColumnName("c2");
        tSentryPrivilege3.setCreateTime(System.currentTimeMillis());
        TSentryPrivilege tSentryPrivilege4 = new TSentryPrivilege(tSentryPrivilege);
        tSentryPrivilege4.setPrivilegeScope("COLUMN");
        tSentryPrivilege4.setColumnName("c3");
        tSentryPrivilege4.setCreateTime(System.currentTimeMillis());
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role1", tSentryPrivilege2);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role1", tSentryPrivilege3);
        sentryStore.alterSentryRoleGrantPrivilege("g1", "role2", tSentryPrivilege4);
        assertEquals(2L, sentryStore.getAllTSentryPrivilegesByRoleName("role1").size());
        assertEquals(1L, sentryStore.getAllTSentryPrivilegesByRoleName("role2").size());
        TSentryAuthorizable tSentryAuthorizable = toTSentryAuthorizable(tSentryPrivilege);
        TSentryAuthorizable tSentryAuthorizable2 = toTSentryAuthorizable(tSentryPrivilege);
        tSentryAuthorizable2.setTable("tbl2");
        sentryStore.renamePrivilege(tSentryAuthorizable, tSentryAuthorizable2);
        Set allTSentryPrivilegesByRoleName = sentryStore.getAllTSentryPrivilegesByRoleName("role1");
        assertEquals(2L, allTSentryPrivilegesByRoleName.size());
        Iterator it = allTSentryPrivilegesByRoleName.iterator();
        while (it.hasNext()) {
            assertTrue("tbl2".equalsIgnoreCase(((TSentryPrivilege) it.next()).getTableName()));
        }
        assertEquals(1L, sentryStore.getAllTSentryPrivilegesByRoleName("role2").size());
    }

    @Test
    public void testSentryTablePrivilegeSome() throws Exception {
        sentryStore.createSentryRole("test-table-privilege-some");
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("TABLE", "server1", "ALL");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tb1");
        sentryStore.alterSentryRoleGrantPrivilege("g1", "test-table-privilege-some", tSentryPrivilege);
        TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
        tSentryAuthorizable.setDb("db1");
        tSentryAuthorizable.setTable("+");
        tSentryAuthorizable.setServer("server1");
        assertTrue(sentryStore.getTSentryPrivileges(new HashSet(Arrays.asList("test-table-privilege-some")), tSentryAuthorizable).size() == 1);
        HashSet hashSet = new HashSet();
        hashSet.add(new TSentryGroup("group1"));
        sentryStore.alterSentryRoleAddGroups("g1", "test-table-privilege-some", hashSet);
        Set listSentryPrivilegesForProvider = sentryStore.listSentryPrivilegesForProvider(new HashSet(Arrays.asList("group1")), new TSentryActiveRoleSet(true, new HashSet(Arrays.asList("test-table-privilege-some"))), tSentryAuthorizable);
        assertTrue(listSentryPrivilegesForProvider.size() == 1);
        assertTrue(listSentryPrivilegesForProvider.contains("server=server1->db=" + "db1" + "->table=" + "tb1" + "->action=all"));
    }

    @Test
    public void testSentryColumnPrivilegeSome() throws Exception {
        sentryStore.createSentryRole("test-column-privilege-some");
        TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("TABLE", "server1", "ALL");
        tSentryPrivilege.setDbName("db1");
        tSentryPrivilege.setTableName("tb1");
        tSentryPrivilege.setColumnName("col1");
        sentryStore.alterSentryRoleGrantPrivilege("g1", "test-column-privilege-some", tSentryPrivilege);
        TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
        tSentryAuthorizable.setDb("db1");
        tSentryAuthorizable.setTable("tb1");
        tSentryAuthorizable.setColumn("+");
        tSentryAuthorizable.setServer("server1");
        assertTrue(sentryStore.getTSentryPrivileges(new HashSet(Arrays.asList("test-column-privilege-some")), tSentryAuthorizable).size() == 1);
        HashSet hashSet = new HashSet();
        hashSet.add(new TSentryGroup("group1"));
        sentryStore.alterSentryRoleAddGroups("g1", "test-column-privilege-some", hashSet);
        Set listSentryPrivilegesForProvider = sentryStore.listSentryPrivilegesForProvider(new HashSet(Arrays.asList("group1")), new TSentryActiveRoleSet(true, new HashSet(Arrays.asList("test-column-privilege-some"))), tSentryAuthorizable);
        assertTrue(listSentryPrivilegesForProvider.size() == 1);
        assertTrue(listSentryPrivilegesForProvider.contains("server=server1->db=" + "db1" + "->table=" + "tb1" + "->column=" + "col1" + "->action=all"));
    }

    protected static void addGroupsToUser(String str, String... strArr) {
        policyFile.addGroupsToUser(str, strArr);
    }

    protected static void writePolicyFile() throws Exception {
        policyFile.write(policyFilePath);
    }
}
