package org.apache.drill.exec.impersonation;

import java.util.HashMap;
import java.util.Map;
import org.apache.drill.categories.SecurityTest;
import org.apache.drill.categories.SlowTest;
import org.apache.drill.categories.UnlikelyTest;
import org.apache.drill.common.exceptions.UserException;
import org.apache.drill.common.exceptions.UserRemoteException;
import org.apache.drill.exec.dotdrill.DotDrillType;
import org.apache.drill.exec.store.dfs.WorkspaceConfig;
import org.apache.drill.shaded.guava.com.google.common.base.Joiner;
import org.apache.drill.shaded.guava.com.google.common.collect.Maps;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.security.UserGroupInformation;
import org.hamcrest.core.StringContains;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.ExpectedException;

@Category({SlowTest.class, SecurityTest.class})
/* loaded from: input_file:org/apache/drill/exec/impersonation/TestImpersonationMetadata.class */
public class TestImpersonationMetadata extends BaseTestImpersonation {
    private static final String user1 = "drillTestUser1";
    private static final String user2 = "drillTestUser2";
    private static final String group0 = "drill_test_grp_0";
    private static final String group1 = "drill_test_grp_1";

    @Rule
    public ExpectedException thrown = ExpectedException.none();
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeClass
    public static void setup() throws Exception {
        startMiniDfsCluster(TestImpersonationMetadata.class.getSimpleName());
        startDrillCluster(true);
        addMiniDfsBasedStorage(createTestWorkspaces());
    }

    private static Map<String, WorkspaceConfig> createTestWorkspaces() throws Exception {
        Path path = new Path("/tmp");
        fs.delete(path, true);
        FileSystem.mkdirs(fs, path, new FsPermission((short) 511));
        HashMap newHashMap = Maps.newHashMap();
        createAndAddWorkspace("drill_test_grp_0_700", "/drill_test_grp_0_700", (short) 448, processUser, group0, newHashMap);
        createAndAddWorkspace("drill_test_grp_0_750", "/drill_test_grp_0_750", (short) 488, processUser, group0, newHashMap);
        createAndAddWorkspace("drill_test_grp_0_755", "/drill_test_grp_0_755", (short) 493, processUser, group0, newHashMap);
        createAndAddWorkspace("drill_test_grp_0_770", "/drill_test_grp_0_770", (short) 504, processUser, group0, newHashMap);
        createAndAddWorkspace("drill_test_grp_0_777", "/drill_test_grp_0_777", (short) 511, processUser, group0, newHashMap);
        createAndAddWorkspace("drill_test_grp_1_700", "/drill_test_grp_1_700", (short) 448, user1, group1, newHashMap);
        createAndAddWorkspace("user2_workspace1", "/user2_workspace1", (short) 509, user2, group1, newHashMap);
        createAndAddWorkspace("user2_workspace2", "/user2_workspace2", (short) 493, user2, group1, newHashMap);
        return newHashMap;
    }

    @Test
    public void testDropTable() throws Exception {
        updateClient(user2);
        test("use `%s.user2_workspace1`", "mini_dfs_plugin");
        test("create table parquet_table_775 as select * from cp.`employee.json`");
        test("use `%s.user2_workspace2`", "mini_dfs_plugin");
        test("create table parquet_table_700 as select * from cp.`employee.json`");
        updateClient(user1);
        test("use `%s.user2_workspace1`", "mini_dfs_plugin");
        testBuilder().sqlQuery("drop table parquet_table_775").unOrdered().baselineColumns("ok", "summary").baselineValues(true, String.format("Table [%s] dropped", "parquet_table_775")).go();
        test("use `%s.user2_workspace2`", "mini_dfs_plugin");
        boolean z = false;
        try {
            test("drop table parquet_table_700");
        } catch (UserException e) {
            Assert.assertTrue(e.getMessage().contains("PERMISSION ERROR"));
            z = true;
        }
        Assert.assertTrue("Permission checking failed during drop table", z);
    }

    @Test
    @Category({UnlikelyTest.class})
    public void testImpersonatingProcessUser() throws Exception {
        updateClient(processUser);
        String format = String.format("%s.drill_test_grp_0_700.testView", "mini_dfs_plugin");
        try {
            test("CREATE VIEW " + format + " AS SELECT * FROM cp.`region.json`");
            test("SELECT * FROM " + format + " LIMIT 2");
        } finally {
            test("DROP VIEW " + format);
        }
    }

    @Test
    public void testShowFilesInWSWithUserAndGroupPermissionsForQueryUser() throws Exception {
        updateClient(user1);
        Assert.assertTrue(testSql(String.format("SHOW FILES IN %s.drill_test_grp_1_700", "mini_dfs_plugin")) > 0);
        Assert.assertTrue(testSql(String.format("SHOW FILES IN %s.drill_test_grp_0_750", "mini_dfs_plugin")) > 0);
    }

    @Test
    public void testShowFilesInWSWithOtherPermissionsForQueryUser() throws Exception {
        updateClient(user2);
        Assert.assertTrue(testSql(String.format("SHOW FILES IN %s.drill_test_grp_0_755", "mini_dfs_plugin")) > 0);
    }

    @Test
    public void testShowFilesInWSWithNoPermissionsForQueryUser() throws Exception {
        updateClient(user2);
        Assert.assertEquals(0L, testSql(String.format("SHOW FILES IN %s.drill_test_grp_1_700", "mini_dfs_plugin")));
    }

    @Test
    public void testShowSchemasAsUser1() throws Exception {
        updateClient(user1);
        testBuilder().sqlQuery("SHOW SCHEMAS LIKE '%drill_test%'").unOrdered().baselineColumns("SCHEMA_NAME").baselineValues(String.format("%s.drill_test_grp_0_750", "mini_dfs_plugin")).baselineValues(String.format("%s.drill_test_grp_0_755", "mini_dfs_plugin")).baselineValues(String.format("%s.drill_test_grp_0_770", "mini_dfs_plugin")).baselineValues(String.format("%s.drill_test_grp_0_777", "mini_dfs_plugin")).baselineValues(String.format("%s.drill_test_grp_1_700", "mini_dfs_plugin")).go();
    }

    @Test
    public void testShowSchemasAsUser2() throws Exception {
        updateClient(user2);
        testBuilder().sqlQuery("SHOW SCHEMAS LIKE '%drill_test%'").unOrdered().baselineColumns("SCHEMA_NAME").baselineValues(String.format("%s.drill_test_grp_0_755", "mini_dfs_plugin")).baselineValues(String.format("%s.drill_test_grp_0_777", "mini_dfs_plugin")).go();
    }

    @Test
    public void testCreateViewInDirWithUserPermissionsForQueryUser() throws Exception {
        testCreateViewTestHelper(user1, "mini_dfs_plugin.drill_test_grp_1_700", "view1");
    }

    @Test
    public void testCreateViewInDirWithGroupPermissionsForQueryUser() throws Exception {
        testCreateViewTestHelper(user1, "mini_dfs_plugin.drill_test_grp_0_770", "view1");
    }

    @Test
    public void testCreateViewInDirWithOtherPermissionsForQueryUser() throws Exception {
        testCreateViewTestHelper(user2, "mini_dfs_plugin.drill_test_grp_0_777", "view1");
    }

    private static void testCreateViewTestHelper(String str, String str2, String str3) throws Exception {
        try {
            updateClient(str);
            test("USE " + str2);
            test("CREATE VIEW " + str3 + " AS SELECT c_custkey, c_nationkey FROM cp.`tpch/customer.parquet` ORDER BY c_custkey;");
            testBuilder().sqlQuery("SHOW TABLES").unOrdered().baselineColumns("TABLE_SCHEMA", "TABLE_NAME").baselineValues(str2, str3).go();
            test("SHOW FILES");
            testBuilder().sqlQuery("SELECT * FROM " + str3 + " LIMIT 1").ordered().baselineColumns("c_custkey", "c_nationkey").baselineValues(1, 15).go();
        } finally {
            test("DROP VIEW " + str2 + "." + str3);
        }
    }

    @Test
    public void testCreateViewInWSWithNoPermissionsForQueryUser() throws Exception {
        updateClient(user2);
        test("USE mini_dfs_plugin.drill_test_grp_0_755");
        this.thrown.expect(UserRemoteException.class);
        this.thrown.expectMessage(StringContains.containsString("PERMISSION ERROR: Permission denied: user=drillTestUser2, access=WRITE, inode=\"/drill_test_grp_0_755"));
        test("CREATE VIEW %s AS SELECT c_custkey, c_nationkey FROM cp.`tpch/customer.parquet` ORDER BY c_custkey", "view1");
        testBuilder().sqlQuery("SHOW TABLES").expectsEmptyResultSet().go();
        test("SHOW FILES");
    }

    @Test
    public void testCreateTableInDirWithUserPermissionsForQueryUser() throws Exception {
        testCreateTableTestHelper(user1, "drill_test_grp_1_700", "table1");
    }

    @Test
    public void testCreateTableInDirWithGroupPermissionsForQueryUser() throws Exception {
        testCreateTableTestHelper(user1, "drill_test_grp_0_770", "table1");
    }

    @Test
    public void testCreateTableInDirWithOtherPermissionsForQueryUser() throws Exception {
        testCreateTableTestHelper(user2, "drill_test_grp_0_777", "table1");
    }

    private static void testCreateTableTestHelper(String str, String str2, String str3) throws Exception {
        try {
            updateClient(str);
            test("USE " + Joiner.on(".").join("mini_dfs_plugin", str2, new Object[0]));
            test("CREATE TABLE " + str3 + " AS SELECT c_custkey, c_nationkey FROM cp.`tpch/customer.parquet` ORDER BY c_custkey;");
            test("SHOW FILES");
            testBuilder().sqlQuery("SELECT * FROM " + str3 + " LIMIT 1").ordered().baselineColumns("c_custkey", "c_nationkey").baselineValues(1, 15).go();
            Path path = new Path("/" + str2 + "/" + str3);
            if (fs.exists(path)) {
                fs.delete(path, true);
            }
        } catch (Throwable th) {
            Path path2 = new Path("/" + str2 + "/" + str3);
            if (fs.exists(path2)) {
                fs.delete(path2, true);
            }
            throw th;
        }
    }

    @Test
    public void testCreateTableInWSWithNoPermissionsForQueryUser() throws Exception {
        updateClient(user2);
        test("use %s.`%s`", "mini_dfs_plugin", "drill_test_grp_0_755");
        this.thrown.expect(UserRemoteException.class);
        this.thrown.expectMessage(StringContains.containsString("Permission denied: user=drillTestUser2, access=WRITE, inode=\"/drill_test_grp_0_755"));
        test("CREATE TABLE %s AS SELECT c_custkey, c_nationkey FROM cp.`tpch/customer.parquet` ORDER BY c_custkey", "table1");
    }

    @Test
    public void testRefreshMetadata() throws Exception {
        updateClient(user1);
        test("USE " + Joiner.on(".").join("mini_dfs_plugin", "drill_test_grp_1_700", new Object[0]));
        test("CREATE TABLE nation1 partition by (n_regionkey) AS SELECT * FROM cp.`tpch/nation.parquet`;");
        test("refresh table metadata nation1;");
        test("SELECT * FROM nation1;");
        Path path = new Path("/drill_test_grp_1_700/nation1");
        Assert.assertTrue(fs.exists(path) && fs.isDirectory(path));
        fs.mkdirs(new Path(path, "tmp5"));
        test("SELECT * from nation1;");
    }

    @Test
    public void testAnalyzeTable() throws Exception {
        updateClient(user1);
        test("USE " + Joiner.on(".").join("mini_dfs_plugin", "drill_test_grp_1_700", new Object[0]));
        test("ALTER SESSION SET `store.format` = 'parquet'");
        test("CREATE TABLE nation1_stats AS SELECT * FROM cp.`tpch/nation.parquet`;");
        test("ANALYZE TABLE nation1_stats COMPUTE STATISTICS;");
        test("SELECT * FROM nation1_stats;");
        Path path = new Path("/drill_test_grp_1_700/nation1_stats/" + DotDrillType.STATS.getEnding());
        Assert.assertTrue(fs.exists(path) && fs.isDirectory(path));
        FileStatus fileStatus = fs.getFileStatus(path);
        if (!$assertionsDisabled && !processUser.equalsIgnoreCase(fileStatus.getOwner())) {
            throw new AssertionError();
        }
        fs.mkdirs(new Path(path, "tmp5"));
        test("SELECT * from nation1_stats;");
        test("DROP TABLE nation1_stats");
    }

    @AfterClass
    public static void removeMiniDfsBasedStorage() {
        getDrillbitContext().getStorage().deletePlugin("mini_dfs_plugin");
        stopMiniDfsCluster();
    }

    static {
        $assertionsDisabled = !TestImpersonationMetadata.class.desiredAssertionStatus();
        UserGroupInformation.createUserForTesting(user1, new String[]{group1, group0});
        UserGroupInformation.createUserForTesting(user2, new String[]{group1});
    }
}
