package org.apache.drill.exec.impersonation;

import com.google.common.base.Joiner;
import com.google.common.collect.Maps;
import java.util.HashMap;
import java.util.Map;
import org.apache.drill.common.exceptions.UserException;
import org.apache.drill.common.exceptions.UserRemoteException;
import org.apache.drill.exec.store.dfs.WorkspaceConfig;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.security.UserGroupInformation;
import org.hamcrest.core.StringContains;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/drill/exec/impersonation/TestImpersonationMetadata.class */
public class TestImpersonationMetadata extends BaseTestImpersonation {
    private static final String user1 = "drillTestUser1";
    private static final String user2 = "drillTestUser2";
    private static final String group0 = "drillTestGrp0";
    private static final String group1 = "drillTestGrp1";

    @BeforeClass
    public static void setup() throws Exception {
        startMiniDfsCluster(TestImpersonationMetadata.class.getSimpleName());
        startDrillCluster(true);
        addMiniDfsBasedStorage(createTestWorkspaces());
    }

    private static Map<String, WorkspaceConfig> createTestWorkspaces() throws Exception {
        Path path = new Path("/tmp");
        fs.delete(path, true);
        FileSystem.mkdirs(fs, path, new FsPermission((short) 511));
        HashMap newHashMap = Maps.newHashMap();
        createAndAddWorkspace("drillTestGrp0_700", "/drillTestGrp0_700", (short) 448, processUser, group0, newHashMap);
        createAndAddWorkspace("drillTestGrp0_750", "/drillTestGrp0_750", (short) 488, processUser, group0, newHashMap);
        createAndAddWorkspace("drillTestGrp0_755", "/drillTestGrp0_755", (short) 493, processUser, group0, newHashMap);
        createAndAddWorkspace("drillTestGrp0_770", "/drillTestGrp0_770", (short) 504, processUser, group0, newHashMap);
        createAndAddWorkspace("drillTestGrp0_777", "/drillTestGrp0_777", (short) 511, processUser, group0, newHashMap);
        createAndAddWorkspace("drillTestGrp1_700", "/drillTestGrp1_700", (short) 448, user1, group1, newHashMap);
        createAndAddWorkspace("user2_workspace1", "/user2_workspace1", (short) 509, user2, group1, newHashMap);
        createAndAddWorkspace("user2_workspace2", "/user2_workspace2", (short) 493, user2, group1, newHashMap);
        return newHashMap;
    }

    @Test
    public void testDropTable() throws Exception {
        updateClient(user2);
        test(String.format("use `%s.user2_workspace1`", "miniDfsPlugin"));
        test("create table parquet_table_775 as select * from cp.`employee.json`");
        test(String.format("use `%s.user2_workspace2`", "miniDfsPlugin"));
        test("create table parquet_table_700 as select * from cp.`employee.json`");
        updateClient(user1);
        test(String.format("use `%s.user2_workspace1`", "miniDfsPlugin"));
        testBuilder().sqlQuery("drop table parquet_table_775").unOrdered().baselineColumns("ok", "summary").baselineValues(true, String.format("Table [%s] dropped", "parquet_table_775")).go();
        test(String.format("use `%s.user2_workspace2`", "miniDfsPlugin"));
        boolean z = false;
        try {
            test("drop table parquet_table_700");
        } catch (UserException e) {
            Assert.assertTrue(e.getMessage().contains("PERMISSION ERROR"));
            z = true;
        }
        Assert.assertTrue("Permission checking failed during drop table", z);
    }

    @Test
    public void testImpersonatingProcessUser() throws Exception {
        updateClient(processUser);
        String format = String.format("%s.drillTestGrp0_700.testView", "miniDfsPlugin");
        try {
            test("CREATE VIEW " + format + " AS SELECT * FROM cp.`region.json`");
            test("SELECT * FROM " + format + " LIMIT 2");
        } finally {
            test("DROP VIEW " + format);
        }
    }

    @Test
    public void testShowFilesInWSWithUserAndGroupPermissionsForQueryUser() throws Exception {
        updateClient(user1);
        test(String.format("SHOW FILES IN %s.drillTestGrp1_700", "miniDfsPlugin"));
        test(String.format("SHOW FILES IN %s.drillTestGrp0_750", "miniDfsPlugin"));
    }

    @Test
    public void testShowFilesInWSWithOtherPermissionsForQueryUser() throws Exception {
        updateClient(user2);
        test(String.format("SHOW FILES IN %s.drillTestGrp0_755", "miniDfsPlugin"));
    }

    @Test
    public void testShowFilesInWSWithNoPermissionsForQueryUser() throws Exception {
        UserRemoteException userRemoteException = null;
        updateClient(user2);
        try {
            test(String.format("SHOW FILES IN %s.drillTestGrp1_700", "miniDfsPlugin"));
        } catch (UserRemoteException e) {
            userRemoteException = e;
        }
        Assert.assertNotNull("UserRemoteException is expected", userRemoteException);
        Assert.assertThat(userRemoteException.getMessage(), StringContains.containsString("Permission denied: user=drillTestUser2, access=READ_EXECUTE, inode=\"/drillTestGrp1_700\":drillTestUser1:drillTestGrp1:drwx------"));
    }

    @Test
    public void testShowSchemasAsUser1() throws Exception {
        updateClient(user1);
        testBuilder().sqlQuery("SHOW SCHEMAS LIKE '%drillTest%'").unOrdered().baselineColumns("SCHEMA_NAME").baselineValues(String.format("%s.drillTestGrp0_750", "miniDfsPlugin")).baselineValues(String.format("%s.drillTestGrp0_755", "miniDfsPlugin")).baselineValues(String.format("%s.drillTestGrp0_770", "miniDfsPlugin")).baselineValues(String.format("%s.drillTestGrp0_777", "miniDfsPlugin")).baselineValues(String.format("%s.drillTestGrp1_700", "miniDfsPlugin")).go();
    }

    @Test
    public void testShowSchemasAsUser2() throws Exception {
        updateClient(user2);
        testBuilder().sqlQuery("SHOW SCHEMAS LIKE '%drillTest%'").unOrdered().baselineColumns("SCHEMA_NAME").baselineValues(String.format("%s.drillTestGrp0_755", "miniDfsPlugin")).baselineValues(String.format("%s.drillTestGrp0_777", "miniDfsPlugin")).go();
    }

    @Test
    public void testCreateViewInDirWithUserPermissionsForQueryUser() throws Exception {
        testCreateViewTestHelper(user1, "miniDfsPlugin.drillTestGrp1_700", "view1");
    }

    @Test
    public void testCreateViewInDirWithGroupPermissionsForQueryUser() throws Exception {
        testCreateViewTestHelper(user1, "miniDfsPlugin.drillTestGrp0_770", "view1");
    }

    @Test
    public void testCreateViewInDirWithOtherPermissionsForQueryUser() throws Exception {
        testCreateViewTestHelper(user2, "miniDfsPlugin.drillTestGrp0_777", "view1");
    }

    private static void testCreateViewTestHelper(String str, String str2, String str3) throws Exception {
        try {
            updateClient(str);
            test("USE " + str2);
            test("CREATE VIEW " + str3 + " AS SELECT c_custkey, c_nationkey FROM cp.`tpch/customer.parquet` ORDER BY c_custkey;");
            testBuilder().sqlQuery("SHOW TABLES").unOrdered().baselineColumns("TABLE_SCHEMA", "TABLE_NAME").baselineValues(str2, str3).go();
            test("SHOW FILES");
            testBuilder().sqlQuery("SELECT * FROM " + str3 + " LIMIT 1").ordered().baselineColumns("c_custkey", "c_nationkey").baselineValues(1, 15).go();
        } finally {
            test("DROP VIEW " + str2 + "." + str3);
        }
    }

    @Test
    public void testCreateViewInWSWithNoPermissionsForQueryUser() throws Exception {
        updateClient(user2);
        test("USE miniDfsPlugin.drillTestGrp0_755");
        errorMsgTestHelper("CREATE VIEW view1 AS SELECT c_custkey, c_nationkey FROM cp.`tpch/customer.parquet` ORDER BY c_custkey;", "PERMISSION ERROR: Permission denied: user=drillTestUser2, access=WRITE, inode=\"/drillTestGrp0_755/");
        testBuilder().sqlQuery("SHOW TABLES").expectsEmptyResultSet().go();
        test("SHOW FILES");
    }

    @Test
    public void testCreateTableInDirWithUserPermissionsForQueryUser() throws Exception {
        testCreateTableTestHelper(user1, "drillTestGrp1_700", "table1");
    }

    @Test
    public void testCreateTableInDirWithGroupPermissionsForQueryUser() throws Exception {
        testCreateTableTestHelper(user1, "drillTestGrp0_770", "table1");
    }

    @Test
    public void testCreateTableInDirWithOtherPermissionsForQueryUser() throws Exception {
        testCreateTableTestHelper(user2, "drillTestGrp0_777", "table1");
    }

    private static void testCreateTableTestHelper(String str, String str2, String str3) throws Exception {
        try {
            updateClient(str);
            test("USE " + Joiner.on(".").join("miniDfsPlugin", str2, new Object[0]));
            test("CREATE TABLE " + str3 + " AS SELECT c_custkey, c_nationkey FROM cp.`tpch/customer.parquet` ORDER BY c_custkey;");
            test("SHOW FILES");
            testBuilder().sqlQuery("SELECT * FROM " + str3 + " LIMIT 1").ordered().baselineColumns("c_custkey", "c_nationkey").baselineValues(1, 15).go();
            Path path = new Path("/" + str2 + "/" + str3);
            if (fs.exists(path)) {
                fs.delete(path, true);
            }
        } catch (Throwable th) {
            Path path2 = new Path("/" + str2 + "/" + str3);
            if (fs.exists(path2)) {
                fs.delete(path2, true);
            }
            throw th;
        }
    }

    @Test
    public void testCreateTableInWSWithNoPermissionsForQueryUser() throws Exception {
        UserRemoteException userRemoteException = null;
        try {
            updateClient(user2);
            test("USE " + Joiner.on(".").join("miniDfsPlugin", "drillTestGrp0_755", new Object[0]));
            test("CREATE TABLE table1 AS SELECT c_custkey, c_nationkey FROM cp.`tpch/customer.parquet` ORDER BY c_custkey;");
        } catch (UserRemoteException e) {
            userRemoteException = e;
        }
        Assert.assertNotNull("UserRemoteException is expected", userRemoteException);
        Assert.assertThat(userRemoteException.getMessage(), StringContains.containsString("SYSTEM ERROR: RemoteException: Permission denied: user=drillTestUser2, access=WRITE, inode=\"/drillTestGrp0_755/"));
    }

    @Test
    public void testRefreshMetadata() throws Exception {
        updateClient(user1);
        test("USE " + Joiner.on(".").join("miniDfsPlugin", "drillTestGrp1_700", new Object[0]));
        test("CREATE TABLE nation1 partition by (n_regionkey) AS SELECT * FROM cp.`tpch/nation.parquet`;");
        test("refresh table metadata nation1;");
        test("SELECT * FROM nation1;");
        Path path = new Path("/drillTestGrp1_700/nation1");
        Assert.assertTrue(fs.exists(path) && fs.isDirectory(path));
        fs.mkdirs(new Path(path, "tmp5"));
        test("SELECT * from nation1;");
    }

    @AfterClass
    public static void removeMiniDfsBasedStorage() throws Exception {
        getDrillbitContext().getStorage().deletePlugin("miniDfsPlugin");
        stopMiniDfsCluster();
    }

    static {
        UserGroupInformation.createUserForTesting(user1, new String[]{group1, group0});
        UserGroupInformation.createUserForTesting(user2, new String[]{group1});
    }
}
