package org.apache.accumulo.test.functional;

import java.time.Duration;
import java.util.Arrays;
import java.util.Map;
import java.util.concurrent.atomic.AtomicLong;
import org.apache.accumulo.core.client.Accumulo;
import org.apache.accumulo.core.client.AccumuloClient;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.admin.SecurityOperations;
import org.apache.accumulo.core.client.security.SecurityErrorCode;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.clientImpl.ClientContext;
import org.apache.accumulo.core.clientImpl.Credentials;
import org.apache.accumulo.core.clientImpl.thrift.TVersionedProperties;
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.core.data.InstanceId;
import org.apache.accumulo.core.manager.thrift.ManagerClientService;
import org.apache.accumulo.core.manager.thrift.ManagerGoalState;
import org.apache.accumulo.core.rpc.clients.ThriftClientTypes;
import org.apache.accumulo.core.security.SystemPermission;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.core.singletons.SingletonManager;
import org.apache.accumulo.core.trace.TraceUtil;
import org.apache.accumulo.core.util.TextUtil;
import org.apache.accumulo.harness.SharedMiniClusterBase;
import org.apache.hadoop.io.Text;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestMethodOrder;

@TestMethodOrder(MethodOrderer.MethodName.class)
/* loaded from: input_file:org/apache/accumulo/test/functional/ManagerApiIT.class */
public class ManagerApiIT extends SharedMiniClusterBase {
    private static Credentials rootUser;
    private static Credentials regularUser;
    private static Credentials privilegedUser;
    private static InstanceId instanceId;
    private ThriftClientTypes.Exec<Void, ManagerClientService.Client> op;

    @Override // org.apache.accumulo.harness.AccumuloITBase
    protected Duration defaultTimeout() {
        return Duration.ofMinutes(1L);
    }

    @BeforeAll
    public static void setup() throws Exception {
        SingletonManager.setMode(SingletonManager.Mode.SERVER);
        SharedMiniClusterBase.startMiniCluster();
        rootUser = new Credentials(getPrincipal(), getToken());
        regularUser = new Credentials("regularUser", new PasswordToken("regularUser"));
        privilegedUser = new Credentials("privilegedUser", new PasswordToken("privilegedUser"));
        AccumuloClient accumuloClient = (AccumuloClient) Accumulo.newClient().from(getClientProps()).build();
        try {
            instanceId = accumuloClient.instanceOperations().getInstanceId();
            SecurityOperations securityOperations = accumuloClient.securityOperations();
            for (Credentials credentials : Arrays.asList(regularUser, privilegedUser)) {
                securityOperations.createLocalUser(credentials.getPrincipal(), credentials.getToken());
            }
            securityOperations.grantSystemPermission(privilegedUser.getPrincipal(), SystemPermission.SYSTEM);
            if (accumuloClient != null) {
                accumuloClient.close();
            }
        } catch (Throwable th) {
            if (accumuloClient != null) {
                try {
                    accumuloClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @AfterAll
    public static void teardown() throws Exception {
        SharedMiniClusterBase.stopMiniCluster();
    }

    @Test
    public void testPermissions_setManagerGoalState() throws Exception {
        this.op = client -> {
            client.setManagerGoalState(TraceUtil.traceInfo(), regularUser.toThrift(instanceId), ManagerGoalState.NORMAL);
            return null;
        };
        expectPermissionDenied(this.op, regularUser);
        this.op = client2 -> {
            client2.setManagerGoalState(TraceUtil.traceInfo(), rootUser.toThrift(instanceId), ManagerGoalState.NORMAL);
            return null;
        };
        expectPermissionSuccess(this.op, rootUser);
        this.op = client3 -> {
            client3.setManagerGoalState(TraceUtil.traceInfo(), privilegedUser.toThrift(instanceId), ManagerGoalState.NORMAL);
            return null;
        };
        expectPermissionSuccess(this.op, privilegedUser);
    }

    @Test
    public void testPermissions_initiateFlush() throws Exception {
        String[] uniqueNames = getUniqueNames(3);
        String str = uniqueNames[0];
        Credentials credentials = new Credentials(uniqueNames[1], new PasswordToken(uniqueNames[1]));
        Credentials credentials2 = new Credentials(uniqueNames[2], new PasswordToken(uniqueNames[2]));
        AccumuloClient accumuloClient = (AccumuloClient) Accumulo.newClient().from(getClientProps()).build();
        try {
            SecurityOperations securityOperations = accumuloClient.securityOperations();
            securityOperations.createLocalUser(credentials.getPrincipal(), credentials.getToken());
            securityOperations.createLocalUser(credentials2.getPrincipal(), credentials2.getToken());
            accumuloClient.tableOperations().create(str);
            securityOperations.grantTablePermission(credentials.getPrincipal(), str, TablePermission.WRITE);
            securityOperations.grantTablePermission(credentials2.getPrincipal(), str, TablePermission.ALTER_TABLE);
            String str2 = (String) accumuloClient.tableOperations().tableIdMap().get(str);
            if (accumuloClient != null) {
                accumuloClient.close();
            }
            this.op = client -> {
                client.initiateFlush(TraceUtil.traceInfo(), regularUser.toThrift(instanceId), str2);
                return null;
            };
            expectPermissionDenied(this.op, regularUser);
            this.op = client2 -> {
                client2.initiateFlush(TraceUtil.traceInfo(), privilegedUser.toThrift(instanceId), str2);
                return null;
            };
            expectPermissionDenied(this.op, privilegedUser);
            this.op = client3 -> {
                client3.initiateFlush(TraceUtil.traceInfo(), credentials.toThrift(instanceId), str2);
                return null;
            };
            expectPermissionSuccess(this.op, credentials);
            this.op = client4 -> {
                client4.initiateFlush(TraceUtil.traceInfo(), credentials2.toThrift(instanceId), str2);
                return null;
            };
            expectPermissionSuccess(this.op, credentials2);
            this.op = client5 -> {
                client5.initiateFlush(TraceUtil.traceInfo(), rootUser.toThrift(instanceId), str2);
                return null;
            };
            expectPermissionSuccess(this.op, rootUser);
        } catch (Throwable th) {
            if (accumuloClient != null) {
                try {
                    accumuloClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPermissions_waitForFlush() throws Exception {
        String[] uniqueNames = getUniqueNames(3);
        String str = uniqueNames[0];
        Credentials credentials = new Credentials(uniqueNames[1], new PasswordToken(uniqueNames[1]));
        Credentials credentials2 = new Credentials(uniqueNames[2], new PasswordToken(uniqueNames[2]));
        AccumuloClient accumuloClient = (AccumuloClient) Accumulo.newClient().from(getClientProps()).build();
        try {
            SecurityOperations securityOperations = accumuloClient.securityOperations();
            securityOperations.createLocalUser(credentials.getPrincipal(), credentials.getToken());
            securityOperations.createLocalUser(credentials2.getPrincipal(), credentials2.getToken());
            accumuloClient.tableOperations().create(str);
            securityOperations.grantTablePermission(credentials.getPrincipal(), str, TablePermission.WRITE);
            securityOperations.grantTablePermission(credentials2.getPrincipal(), str, TablePermission.ALTER_TABLE);
            String str2 = (String) accumuloClient.tableOperations().tableIdMap().get(str);
            if (accumuloClient != null) {
                accumuloClient.close();
            }
            AtomicLong atomicLong = new AtomicLong();
            this.op = client -> {
                atomicLong.set(client.initiateFlush(TraceUtil.traceInfo(), rootUser.toThrift(instanceId), str2));
                return null;
            };
            expectPermissionSuccess(this.op, rootUser);
            this.op = client2 -> {
                client2.waitForFlush(TraceUtil.traceInfo(), regularUser.toThrift(instanceId), str2, TextUtil.getByteBuffer(new Text("myrow")), TextUtil.getByteBuffer(new Text("myrow~")), atomicLong.get(), 1L);
                return null;
            };
            expectPermissionDenied(this.op, regularUser);
            this.op = client3 -> {
                client3.waitForFlush(TraceUtil.traceInfo(), privilegedUser.toThrift(instanceId), str2, TextUtil.getByteBuffer(new Text("myrow")), TextUtil.getByteBuffer(new Text("myrow~")), atomicLong.get(), 1L);
                return null;
            };
            expectPermissionDenied(this.op, privilegedUser);
            this.op = client4 -> {
                client4.waitForFlush(TraceUtil.traceInfo(), credentials.toThrift(instanceId), str2, TextUtil.getByteBuffer(new Text("myrow")), TextUtil.getByteBuffer(new Text("myrow~")), atomicLong.get(), 1L);
                return null;
            };
            expectPermissionSuccess(this.op, credentials);
            this.op = client5 -> {
                client5.waitForFlush(TraceUtil.traceInfo(), credentials2.toThrift(instanceId), str2, TextUtil.getByteBuffer(new Text("myrow")), TextUtil.getByteBuffer(new Text("myrow~")), atomicLong.get(), 1L);
                return null;
            };
            expectPermissionSuccess(this.op, credentials2);
            this.op = client6 -> {
                client6.waitForFlush(TraceUtil.traceInfo(), rootUser.toThrift(instanceId), str2, TextUtil.getByteBuffer(new Text("myrow")), TextUtil.getByteBuffer(new Text("myrow~")), atomicLong.get(), 1L);
                return null;
            };
            expectPermissionSuccess(this.op, rootUser);
        } catch (Throwable th) {
            if (accumuloClient != null) {
                try {
                    accumuloClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPermissions_modifySystemProperties() throws Exception {
        String key = Property.TSERV_TOTAL_MUTATION_QUEUE_MAX.getKey();
        this.op = client -> {
            client.modifySystemProperties(TraceUtil.traceInfo(), regularUser.toThrift(instanceId), new TVersionedProperties(0L, Map.of(key, "10000")));
            return null;
        };
        expectPermissionDenied(this.op, regularUser);
        this.op = client2 -> {
            client2.modifySystemProperties(TraceUtil.traceInfo(), rootUser.toThrift(instanceId), new TVersionedProperties(0L, Map.of(key, "10000")));
            return null;
        };
        expectPermissionSuccess(this.op, rootUser);
        this.op = client3 -> {
            client3.modifySystemProperties(TraceUtil.traceInfo(), privilegedUser.toThrift(instanceId), new TVersionedProperties(1L, Map.of(key, "10000")));
            return null;
        };
        expectPermissionSuccess(this.op, privilegedUser);
        AccumuloClient accumuloClient = (AccumuloClient) Accumulo.newClient().from(getClientProps()).build();
        try {
            accumuloClient.instanceOperations().removeProperty(key);
            if (accumuloClient != null) {
                accumuloClient.close();
            }
        } catch (Throwable th) {
            if (accumuloClient != null) {
                try {
                    accumuloClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPermissions_removeSystemProperty() throws Exception {
        String key = Property.GC_CYCLE_DELAY.getKey();
        String key2 = Property.GC_CYCLE_START.getKey();
        AccumuloClient accumuloClient = (AccumuloClient) Accumulo.newClient().from(getClientProps()).build();
        try {
            accumuloClient.instanceOperations().setProperty(key, "10000");
            accumuloClient.instanceOperations().setProperty(key2, "10000");
            if (accumuloClient != null) {
                accumuloClient.close();
            }
            this.op = client -> {
                client.removeSystemProperty(TraceUtil.traceInfo(), regularUser.toThrift(instanceId), key);
                return null;
            };
            expectPermissionDenied(this.op, regularUser);
            this.op = client2 -> {
                client2.removeSystemProperty(TraceUtil.traceInfo(), rootUser.toThrift(instanceId), key);
                return null;
            };
            expectPermissionSuccess(this.op, rootUser);
            this.op = client3 -> {
                client3.removeSystemProperty(TraceUtil.traceInfo(), privilegedUser.toThrift(instanceId), key2);
                return null;
            };
            expectPermissionSuccess(this.op, privilegedUser);
        } catch (Throwable th) {
            if (accumuloClient != null) {
                try {
                    accumuloClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPermissions_setSystemProperty() throws Exception {
        String key = Property.TSERV_TOTAL_MUTATION_QUEUE_MAX.getKey();
        this.op = client -> {
            client.setSystemProperty(TraceUtil.traceInfo(), regularUser.toThrift(instanceId), key, "10000");
            return null;
        };
        expectPermissionDenied(this.op, regularUser);
        this.op = client2 -> {
            client2.setSystemProperty(TraceUtil.traceInfo(), rootUser.toThrift(instanceId), key, "10000");
            return null;
        };
        expectPermissionSuccess(this.op, rootUser);
        this.op = client3 -> {
            client3.setSystemProperty(TraceUtil.traceInfo(), privilegedUser.toThrift(instanceId), key, "10000");
            return null;
        };
        expectPermissionSuccess(this.op, privilegedUser);
        AccumuloClient accumuloClient = (AccumuloClient) Accumulo.newClient().from(getClientProps()).build();
        try {
            accumuloClient.instanceOperations().removeProperty(key);
            if (accumuloClient != null) {
                accumuloClient.close();
            }
        } catch (Throwable th) {
            if (accumuloClient != null) {
                try {
                    accumuloClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPermissions_shutdownTabletServer() throws Exception {
        String str = getUniqueNames(1)[0] + ":0";
        this.op = client -> {
            client.shutdownTabletServer(TraceUtil.traceInfo(), regularUser.toThrift(instanceId), str, false);
            return null;
        };
        expectPermissionDenied(this.op, regularUser);
        this.op = client2 -> {
            client2.shutdownTabletServer(TraceUtil.traceInfo(), rootUser.toThrift(instanceId), str, false);
            return null;
        };
        expectPermissionSuccess(this.op, rootUser);
        this.op = client3 -> {
            client3.shutdownTabletServer(TraceUtil.traceInfo(), privilegedUser.toThrift(instanceId), str, false);
            return null;
        };
        expectPermissionSuccess(this.op, privilegedUser);
    }

    @Test
    public void shutdownTabletServer() throws Exception {
        this.op = client -> {
            client.shutdownTabletServer(TraceUtil.traceInfo(), rootUser.toThrift(instanceId), "fakeTabletServer:9997", true);
            return null;
        };
        ClientContext clientContext = (AccumuloClient) Accumulo.newClient().from(getClientProps()).as(rootUser.getPrincipal(), rootUser.getToken()).build();
        try {
            ThriftClientTypes.MANAGER.execute(clientContext, this.op);
            if (clientContext != null) {
                clientContext.close();
            }
        } catch (Throwable th) {
            if (clientContext != null) {
                try {
                    clientContext.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void z99_testPermissions_shutdown() throws Exception {
        AccumuloClient.ConnectionOptions as = Accumulo.newClient().from(getClientProps()).as(rootUser.getPrincipal(), rootUser.getToken());
        AccumuloClient.ConnectionOptions as2 = Accumulo.newClient().from(getClientProps()).as(privilegedUser.getPrincipal(), privilegedUser.getToken());
        ClientContext clientContext = (AccumuloClient) as.build();
        try {
            ClientContext clientContext2 = (AccumuloClient) as2.build();
            try {
                this.op = client -> {
                    client.shutdown(TraceUtil.traceInfo(), regularUser.toThrift(instanceId), false);
                    return null;
                };
                expectPermissionDenied(this.op, regularUser);
                this.op = client2 -> {
                    client2.shutdown(TraceUtil.traceInfo(), rootUser.toThrift(instanceId), false);
                    return null;
                };
                expectPermissionSuccess(this.op, clientContext);
                this.op = client3 -> {
                    client3.shutdown(TraceUtil.traceInfo(), privilegedUser.toThrift(instanceId), false);
                    return null;
                };
                expectPermissionSuccess(this.op, clientContext2);
                if (clientContext2 != null) {
                    clientContext2.close();
                }
                if (clientContext != null) {
                    clientContext.close();
                }
            } catch (Throwable th) {
                if (clientContext2 != null) {
                    try {
                        clientContext2.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (clientContext != null) {
                try {
                    clientContext.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void expectPermissionSuccess(ThriftClientTypes.Exec<Void, ManagerClientService.Client> exec, Credentials credentials) throws Exception {
        ClientContext clientContext = (AccumuloClient) Accumulo.newClient().from(getClientProps()).as(credentials.getPrincipal(), credentials.getToken()).build();
        try {
            ThriftClientTypes.MANAGER.execute(clientContext, exec);
            if (clientContext != null) {
                clientContext.close();
            }
        } catch (Throwable th) {
            if (clientContext != null) {
                try {
                    clientContext.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static void expectPermissionSuccess(ThriftClientTypes.Exec<Void, ManagerClientService.Client> exec, ClientContext clientContext) throws Exception {
        ThriftClientTypes.MANAGER.execute(clientContext, exec);
    }

    private static void expectPermissionDenied(ThriftClientTypes.Exec<Void, ManagerClientService.Client> exec, Credentials credentials) {
        Assertions.assertSame(SecurityErrorCode.PERMISSION_DENIED, Assertions.assertThrows(AccumuloSecurityException.class, () -> {
            expectPermissionSuccess((ThriftClientTypes.Exec<Void, ManagerClientService.Client>) exec, credentials);
        }).getSecurityErrorCode());
    }
}
