package org.apache.accumulo.test.functional;

import java.util.Arrays;
import java.util.concurrent.atomic.AtomicLong;
import java.util.function.Function;
import org.apache.accumulo.core.client.Accumulo;
import org.apache.accumulo.core.client.AccumuloClient;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.admin.SecurityOperations;
import org.apache.accumulo.core.client.security.SecurityErrorCode;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.clientImpl.ClientContext;
import org.apache.accumulo.core.clientImpl.ClientExec;
import org.apache.accumulo.core.clientImpl.Credentials;
import org.apache.accumulo.core.clientImpl.MasterClient;
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.core.master.thrift.MasterClientService;
import org.apache.accumulo.core.master.thrift.MasterGoalState;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.securityImpl.thrift.TCredentials;
import org.apache.accumulo.core.singletons.SingletonManager;
import org.apache.accumulo.core.trace.thrift.TInfo;
import org.apache.accumulo.core.util.TextUtil;
import org.apache.accumulo.harness.SharedMiniClusterBase;
import org.apache.hadoop.io.Text;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
/* loaded from: input_file:org/apache/accumulo/test/functional/ManagerApiIT.class */
public class ManagerApiIT extends SharedMiniClusterBase {
    private static Credentials rootUser;
    private static Credentials regularUser;
    private static Credentials privilegedUser;
    private Function<TCredentials, ClientExec<MasterClientService.Client>> op;

    @Override // org.apache.accumulo.harness.AccumuloITBase
    public int defaultTimeoutSeconds() {
        return 60;
    }

    @BeforeClass
    public static void setup() throws Exception {
        SingletonManager.setMode(SingletonManager.Mode.SERVER);
        SharedMiniClusterBase.startMiniCluster();
        rootUser = new Credentials(getPrincipal(), getToken());
        regularUser = new Credentials("regularUser", new PasswordToken("regularUser"));
        privilegedUser = new Credentials("privilegedUser", new PasswordToken("privilegedUser"));
        AccumuloClient accumuloClient = (AccumuloClient) Accumulo.newClient().from(getClientProps()).build();
        try {
            SecurityOperations securityOperations = accumuloClient.securityOperations();
            for (Credentials credentials : Arrays.asList(regularUser, privilegedUser)) {
                securityOperations.createLocalUser(credentials.getPrincipal(), credentials.getToken());
            }
            securityOperations.grantSystemPermission(privilegedUser.getPrincipal(), SystemPermission.SYSTEM);
            if (accumuloClient != null) {
                accumuloClient.close();
            }
        } catch (Throwable th) {
            if (accumuloClient != null) {
                try {
                    accumuloClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @AfterClass
    public static void teardown() throws Exception {
        SharedMiniClusterBase.stopMiniCluster();
    }

    @Test
    public void testPermissions_setMasterGoalState() throws Exception {
        this.op = tCredentials -> {
            return client -> {
                client.setMasterGoalState((TInfo) null, tCredentials, MasterGoalState.NORMAL);
            };
        };
        expectPermissionDenied(this.op, regularUser);
        expectPermissionSuccess(this.op, rootUser);
        expectPermissionSuccess(this.op, privilegedUser);
    }

    @Test
    public void testPermissions_initiateFlush() throws Exception {
        String[] uniqueNames = getUniqueNames(3);
        String str = uniqueNames[0];
        Credentials credentials = new Credentials(uniqueNames[1], new PasswordToken(uniqueNames[1]));
        Credentials credentials2 = new Credentials(uniqueNames[2], new PasswordToken(uniqueNames[2]));
        AccumuloClient accumuloClient = (AccumuloClient) Accumulo.newClient().from(getClientProps()).build();
        try {
            SecurityOperations securityOperations = accumuloClient.securityOperations();
            securityOperations.createLocalUser(credentials.getPrincipal(), credentials.getToken());
            securityOperations.createLocalUser(credentials2.getPrincipal(), credentials2.getToken());
            accumuloClient.tableOperations().create(str);
            securityOperations.grantTablePermission(credentials.getPrincipal(), str, TablePermission.WRITE);
            securityOperations.grantTablePermission(credentials2.getPrincipal(), str, TablePermission.ALTER_TABLE);
            String str2 = (String) accumuloClient.tableOperations().tableIdMap().get(str);
            if (accumuloClient != null) {
                accumuloClient.close();
            }
            this.op = tCredentials -> {
                return client -> {
                    client.initiateFlush((TInfo) null, tCredentials, str2);
                };
            };
            expectPermissionDenied(this.op, regularUser);
            expectPermissionDenied(this.op, privilegedUser);
            expectPermissionSuccess(this.op, credentials);
            expectPermissionSuccess(this.op, credentials2);
            expectPermissionSuccess(this.op, rootUser);
        } catch (Throwable th) {
            if (accumuloClient != null) {
                try {
                    accumuloClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPermissions_waitForFlush() throws Exception {
        String[] uniqueNames = getUniqueNames(3);
        String str = uniqueNames[0];
        Credentials credentials = new Credentials(uniqueNames[1], new PasswordToken(uniqueNames[1]));
        Credentials credentials2 = new Credentials(uniqueNames[2], new PasswordToken(uniqueNames[2]));
        AccumuloClient accumuloClient = (AccumuloClient) Accumulo.newClient().from(getClientProps()).build();
        try {
            SecurityOperations securityOperations = accumuloClient.securityOperations();
            securityOperations.createLocalUser(credentials.getPrincipal(), credentials.getToken());
            securityOperations.createLocalUser(credentials2.getPrincipal(), credentials2.getToken());
            accumuloClient.tableOperations().create(str);
            securityOperations.grantTablePermission(credentials.getPrincipal(), str, TablePermission.WRITE);
            securityOperations.grantTablePermission(credentials2.getPrincipal(), str, TablePermission.ALTER_TABLE);
            String str2 = (String) accumuloClient.tableOperations().tableIdMap().get(str);
            if (accumuloClient != null) {
                accumuloClient.close();
            }
            AtomicLong atomicLong = new AtomicLong();
            this.op = tCredentials -> {
                return client -> {
                    atomicLong.set(client.initiateFlush((TInfo) null, tCredentials, str2));
                };
            };
            expectPermissionSuccess(this.op, rootUser);
            this.op = tCredentials2 -> {
                return client -> {
                    client.waitForFlush((TInfo) null, tCredentials2, str2, TextUtil.getByteBuffer(new Text("myrow")), TextUtil.getByteBuffer(new Text("myrow~")), atomicLong.get(), 1L);
                };
            };
            expectPermissionDenied(this.op, regularUser);
            expectPermissionDenied(this.op, privilegedUser);
            expectPermissionSuccess(this.op, credentials);
            expectPermissionSuccess(this.op, credentials2);
            expectPermissionSuccess(this.op, rootUser);
        } catch (Throwable th) {
            if (accumuloClient != null) {
                try {
                    accumuloClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPermissions_setSystemProperty() throws Exception {
        String key = Property.TSERV_TOTAL_MUTATION_QUEUE_MAX.getKey();
        this.op = tCredentials -> {
            return client -> {
                client.setSystemProperty((TInfo) null, tCredentials, key, "10000");
            };
        };
        expectPermissionDenied(this.op, regularUser);
        expectPermissionSuccess(this.op, rootUser);
        expectPermissionSuccess(this.op, privilegedUser);
        AccumuloClient accumuloClient = (AccumuloClient) Accumulo.newClient().from(getClientProps()).build();
        try {
            accumuloClient.instanceOperations().removeProperty(key);
            if (accumuloClient != null) {
                accumuloClient.close();
            }
        } catch (Throwable th) {
            if (accumuloClient != null) {
                try {
                    accumuloClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPermissions_removeSystemProperty() throws Exception {
        String key = Property.GC_CYCLE_DELAY.getKey();
        String key2 = Property.GC_CYCLE_START.getKey();
        AccumuloClient accumuloClient = (AccumuloClient) Accumulo.newClient().from(getClientProps()).build();
        try {
            accumuloClient.instanceOperations().setProperty(key, "10000");
            accumuloClient.instanceOperations().setProperty(key2, "10000");
            if (accumuloClient != null) {
                accumuloClient.close();
            }
            this.op = tCredentials -> {
                return client -> {
                    client.removeSystemProperty((TInfo) null, tCredentials, key);
                };
            };
            expectPermissionDenied(this.op, regularUser);
            expectPermissionSuccess(this.op, rootUser);
            this.op = tCredentials2 -> {
                return client -> {
                    client.removeSystemProperty((TInfo) null, tCredentials2, key2);
                };
            };
            expectPermissionSuccess(this.op, privilegedUser);
        } catch (Throwable th) {
            if (accumuloClient != null) {
                try {
                    accumuloClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPermissions_shutdownTabletServer() throws Exception {
        String str = getUniqueNames(1)[0] + ":0";
        this.op = tCredentials -> {
            return client -> {
                client.shutdownTabletServer((TInfo) null, tCredentials, str, false);
            };
        };
        expectPermissionDenied(this.op, regularUser);
        expectPermissionSuccess(this.op, rootUser);
        expectPermissionSuccess(this.op, privilegedUser);
    }

    @Test
    public void z99_testPermissions_shutdown() throws Exception {
        this.op = tCredentials -> {
            return client -> {
                client.shutdown((TInfo) null, tCredentials, false);
            };
        };
        expectPermissionDenied(this.op, regularUser);
        expectPermissionSuccess(this.op, rootUser);
        expectPermissionSuccess(this.op, privilegedUser);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void expectPermissionSuccess(Function<TCredentials, ClientExec<MasterClientService.Client>> function, Credentials credentials) throws Exception {
        ClientContext clientContext = (AccumuloClient) Accumulo.newClient().from(getClientProps()).as(credentials.getPrincipal(), credentials.getToken()).build();
        try {
            ClientContext clientContext2 = clientContext;
            MasterClient.executeVoid(clientContext2, function.apply(clientContext2.rpcCreds()));
            if (clientContext != null) {
                clientContext.close();
            }
        } catch (Throwable th) {
            if (clientContext != null) {
                try {
                    clientContext.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static void expectPermissionDenied(Function<TCredentials, ClientExec<MasterClientService.Client>> function, Credentials credentials) throws Exception {
        Assert.assertSame(SecurityErrorCode.PERMISSION_DENIED, Assert.assertThrows(AccumuloSecurityException.class, () -> {
            expectPermissionSuccess(function, credentials);
        }).getSecurityErrorCode());
    }
}
