package org.apache.drill.exec.impersonation.hive;

import java.util.HashMap;
import java.util.Map;
import org.apache.drill.categories.HiveStorageTest;
import org.apache.drill.categories.SlowTest;
import org.apache.drill.exec.hive.HiveTestUtilities;
import org.apache.drill.shaded.guava.com.google.common.collect.ImmutableList;
import org.apache.drill.shaded.guava.com.google.common.collect.Maps;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.ql.Driver;
import org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
import org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator;
import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdConfOnlyAuthorizerFactory;
import org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory;
import org.apache.hadoop.hive.ql.session.SessionState;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category({SlowTest.class, HiveStorageTest.class})
/* loaded from: input_file:org/apache/drill/exec/impersonation/hive/TestSqlStdBasedAuthorization.class */
public class TestSqlStdBasedAuthorization extends BaseTestHiveImpersonation {
    private static final String db_general = "db_general";
    private static final String g_student_user0 = "student_user0";
    private static final String g_voter_role0 = "voter_role0";
    private static final String g_student_user2 = "student_user2";
    private static final String test_role0 = "role0";
    private static final String v_student_u0g0_750 = "v_student_u0g0_750";
    private static final String query_v_student_u0g0_750 = String.format("SELECT rownum FROM %s.%s.%s ORDER BY rownum LIMIT 1", "mini_dfs_plugin", "tmp", v_student_u0g0_750);
    private static final String v_student_u1g1_750 = "v_student_u1g1_750";
    private static final String query_v_student_u1g1_750 = String.format("SELECT rownum FROM %s.%s.%s ORDER BY rownum LIMIT 1", "mini_dfs_plugin", "tmp", v_student_u1g1_750);

    @BeforeClass
    public static void setup() throws Exception {
        startMiniDfsCluster(TestSqlStdBasedAuthorization.class.getSimpleName());
        prepHiveConfAndData();
        setSqlStdBasedAuthorizationInHiveConf();
        startHiveMetaStore();
        startDrillCluster(true);
        addHiveStoragePlugin(getHivePluginConfig());
        addMiniDfsBasedStorage(new HashMap());
        generateTestData();
    }

    private static void setSqlStdBasedAuthorizationInHiveConf() {
        hiveConf.set(HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED.varname, "true");
        hiveConf.set(HiveConf.ConfVars.HIVE_AUTHENTICATOR_MANAGER.varname, SessionStateConfigUserAuthenticator.class.getName());
        hiveConf.set(HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER.varname, SQLStdConfOnlyAuthorizerFactory.class.getName());
        hiveConf.set(HiveConf.ConfVars.HIVE_SERVER2_ENABLE_DOAS.varname, "false");
        hiveConf.set(HiveConf.ConfVars.METASTORE_EXECUTE_SET_UGI.varname, "false");
        hiveConf.set(HiveConf.ConfVars.USERS_IN_ADMIN_ROLE.varname, processUser);
    }

    private static Map<String, String> getHivePluginConfig() {
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(HiveConf.ConfVars.METASTOREURIS.varname, hiveConf.get(HiveConf.ConfVars.METASTOREURIS.varname));
        newHashMap.put("fs.defaultFS", dfsConf.get("fs.defaultFS"));
        newHashMap.put(HiveConf.ConfVars.HIVE_SERVER2_ENABLE_DOAS.varname, hiveConf.get(HiveConf.ConfVars.HIVE_SERVER2_ENABLE_DOAS.varname));
        newHashMap.put(HiveConf.ConfVars.METASTORE_EXECUTE_SET_UGI.varname, hiveConf.get(HiveConf.ConfVars.METASTORE_EXECUTE_SET_UGI.varname));
        newHashMap.put(HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED.varname, hiveConf.get(HiveConf.ConfVars.HIVE_AUTHORIZATION_ENABLED.varname));
        newHashMap.put(HiveConf.ConfVars.HIVE_AUTHENTICATOR_MANAGER.varname, SessionStateUserAuthenticator.class.getName());
        newHashMap.put(HiveConf.ConfVars.HIVE_AUTHORIZATION_MANAGER.varname, SQLStdHiveAuthorizerFactory.class.getName());
        newHashMap.put(HiveConf.ConfVars.METASTORE_SCHEMA_VERIFICATION.varname, hiveConf.get(HiveConf.ConfVars.METASTORE_SCHEMA_VERIFICATION.varname));
        newHashMap.put(HiveConf.ConfVars.METASTORE_AUTO_CREATE_ALL.varname, hiveConf.get(HiveConf.ConfVars.METASTORE_AUTO_CREATE_ALL.varname));
        newHashMap.put(HiveConf.ConfVars.HIVE_CBO_ENABLED.varname, hiveConf.get(HiveConf.ConfVars.HIVE_CBO_ENABLED.varname));
        return newHashMap;
    }

    private static void generateTestData() throws Exception {
        SessionState.start(new SessionState(hiveConf));
        Driver driver = new Driver(hiveConf);
        HiveTestUtilities.executeQuery(driver, "CREATE DATABASE db_general");
        createTbl(driver, db_general, g_student_user0, "CREATE TABLE %s.%s(rownum int, name string, age int, gpa float, studentnum bigint) ROW FORMAT DELIMITED FIELDS TERMINATED BY ',' STORED AS TEXTFILE", studentData);
        createTbl(driver, db_general, g_voter_role0, "CREATE TABLE %s.%s(voter_id int,name varchar(30), age tinyint, registration string, contributions double,voterzone smallint,create_time timestamp) ROW FORMAT DELIMITED FIELDS TERMINATED BY ',' STORED AS TEXTFILE", voterData);
        createTbl(driver, db_general, g_student_user2, "CREATE TABLE %s.%s(rownum int, name string, age int, gpa float, studentnum bigint) ROW FORMAT DELIMITED FIELDS TERMINATED BY ',' STORED AS TEXTFILE", studentData);
        HiveTestUtilities.executeQuery(driver, "SET ROLE admin");
        HiveTestUtilities.executeQuery(driver, "CREATE ROLE role0");
        HiveTestUtilities.executeQuery(driver, "GRANT ROLE role0 TO USER " + org1Users[1]);
        HiveTestUtilities.executeQuery(driver, "GRANT ROLE role0 TO USER " + org1Users[2]);
        HiveTestUtilities.executeQuery(driver, String.format("GRANT SELECT ON %s.%s TO USER %s", db_general, g_student_user0, org1Users[0]));
        HiveTestUtilities.executeQuery(driver, String.format("GRANT SELECT ON %s.%s TO ROLE %s", db_general, g_voter_role0, test_role0));
        HiveTestUtilities.executeQuery(driver, String.format("GRANT SELECT ON %s.%s TO USER %s", db_general, g_student_user2, org1Users[2]));
        createView(org1Users[0], org1Groups[0], v_student_u0g0_750, String.format("SELECT rownum, name, age, studentnum FROM %s.%s.%s", "hive", db_general, g_student_user0));
        createView(org1Users[1], org1Groups[1], v_student_u1g1_750, String.format("SELECT rownum, name, age FROM %s.%s.%s", "mini_dfs_plugin", "tmp", v_student_u0g0_750));
    }

    private static void createTbl(Driver driver, String str, String str2, String str3, String str4) throws Exception {
        HiveTestUtilities.executeQuery(driver, String.format(str3, str, str2));
        HiveTestUtilities.executeQuery(driver, String.format("LOAD DATA LOCAL INPATH '%s' INTO TABLE %s.%s", str4, str, str2));
    }

    @Test
    public void showSchemas() throws Exception {
        testBuilder().sqlQuery("SHOW SCHEMAS LIKE 'hive.%'").unOrdered().baselineColumns(new String[]{"SCHEMA_NAME"}).baselineValues(new Object[]{"hive.db_general"}).baselineValues(new Object[]{"hive.default"}).go();
    }

    @Test
    public void showTables_user0() throws Exception {
        updateClient(org1Users[0]);
        showTablesHelper(db_general, ImmutableList.of(g_student_user0, g_student_user2, g_voter_role0));
    }

    @Test
    public void showTables_user1() throws Exception {
        updateClient(org1Users[1]);
        showTablesHelper(db_general, ImmutableList.of(g_student_user0, g_student_user2, g_voter_role0));
    }

    @Test
    public void select_user0_1() throws Exception {
        updateClient(org1Users[0]);
        test("USE hive.db_general");
        test(String.format("SELECT * FROM %s ORDER BY name LIMIT 2", g_student_user0));
    }

    @Test
    public void select_user0_2() throws Exception {
        updateClient(org1Users[0]);
        test("USE hive.db_general");
        errorMsgTestHelper(String.format("SELECT * FROM %s ORDER BY name LIMIT 2", g_voter_role0), "Principal [name=user0_1, type=USER] does not have following privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, name=db_general.voter_role0]]\n");
    }

    @Test
    public void select_user1_1() throws Exception {
        updateClient(org1Users[1]);
        test("USE hive.db_general");
        errorMsgTestHelper(String.format("SELECT * FROM %s ORDER BY name LIMIT 2", g_student_user0), "Principal [name=user1_1, type=USER] does not have following privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, name=db_general.student_user0]]\n");
    }

    @Test
    public void select_user1_2() throws Exception {
        updateClient(org1Users[1]);
        test("USE hive.db_general");
        test(String.format("SELECT * FROM %s ORDER BY name LIMIT 2", g_voter_role0));
    }

    @Test
    public void select_user1_3() throws Exception {
        updateClient(org1Users[1]);
        test("USE hive.db_general");
        errorMsgTestHelper(String.format("SELECT * FROM %s v JOIN %s s on v.name = s.name limit 2;", g_voter_role0, g_student_user2), "Principal [name=user1_1, type=USER] does not have following privileges for operation QUERY [[SELECT] on Object [type=TABLE_OR_VIEW, name=db_general.student_user2]]");
    }

    @Test
    public void select_user2_1() throws Exception {
        updateClient(org1Users[2]);
        test("USE hive.db_general");
        test(String.format("SELECT * FROM %s ORDER BY name LIMIT 2", g_voter_role0));
    }

    @Test
    public void select_user2_2() throws Exception {
        updateClient(org1Users[2]);
        test("USE hive.db_general");
        test(String.format("SELECT * FROM %s ORDER BY name LIMIT 2", g_student_user2));
    }

    @Test
    public void select_user2_3() throws Exception {
        updateClient(org1Users[2]);
        test("USE hive.db_general");
        test(String.format("SELECT * FROM %s v JOIN %s s on v.name = s.name limit 2;", g_voter_role0, g_student_user2));
    }

    private static void queryViewHelper(String str, String str2) throws Exception {
        updateClient(str);
        testBuilder().sqlQuery(str2).unOrdered().baselineColumns(new String[]{"rownum"}).baselineValues(new Object[]{1}).go();
    }

    @Test
    public void selectUser0_v_student_u0g0_750() throws Exception {
        queryViewHelper(org1Users[0], query_v_student_u0g0_750);
    }

    @Test
    public void selectUser1_v_student_u0g0_750() throws Exception {
        queryViewHelper(org1Users[1], query_v_student_u0g0_750);
    }

    @Test
    public void selectUser2_v_student_u0g0_750() throws Exception {
        updateClient(org1Users[2]);
        errorMsgTestHelper(query_v_student_u0g0_750, String.format("Not authorized to read view [v_student_u0g0_750] in schema [%s.tmp]", "mini_dfs_plugin"));
    }

    @Test
    public void selectUser0_v_student_u1g1_750() throws Exception {
        updateClient(org1Users[0]);
        errorMsgTestHelper(query_v_student_u1g1_750, String.format("Not authorized to read view [v_student_u1g1_750] in schema [%s.tmp]", "mini_dfs_plugin"));
    }

    @Test
    public void selectUser1_v_student_u1g1_750() throws Exception {
        queryViewHelper(org1Users[1], query_v_student_u1g1_750);
    }

    @Test
    public void selectUser2_v_student_u1g1_750() throws Exception {
        queryViewHelper(org1Users[2], query_v_student_u1g1_750);
    }

    @AfterClass
    public static void shutdown() throws Exception {
        stopMiniDfsCluster();
        stopHiveMetaStore();
    }
}
