package org.apache.tez.common.security;

import java.io.IOException;
import java.util.Map;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.yarn.api.records.ApplicationAccessType;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/tez/common/security/TestACLManager.class */
public class TestACLManager {
    private static final String[] noGroups = new String[0];

    @Test
    public void testCurrentUserACLChecks() {
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("currentUser", noGroups);
        UserGroupInformation createUserForTesting2 = UserGroupInformation.createUserForTesting("dagUser", noGroups);
        UserGroupInformation createUserForTesting3 = UserGroupInformation.createUserForTesting("user1", noGroups);
        ACLManager aCLManager = new ACLManager(createUserForTesting.getShortUserName());
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting3, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting3, ACLType.AM_MODIFY_ACL));
        Assert.assertTrue(aCLManager.checkAccess(createUserForTesting, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager.checkAccess(createUserForTesting, ACLType.AM_MODIFY_ACL));
        ACLManager aCLManager2 = new ACLManager(createUserForTesting.getShortUserName(), new Configuration(false));
        Assert.assertFalse(aCLManager2.checkAccess(createUserForTesting3, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager2.checkAccess(createUserForTesting3, ACLType.AM_MODIFY_ACL));
        Assert.assertTrue(aCLManager2.checkAccess(createUserForTesting, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager2.checkAccess(createUserForTesting, ACLType.AM_MODIFY_ACL));
        ACLManager aCLManager3 = new ACLManager(aCLManager2, createUserForTesting2.getShortUserName(), new Configuration(false));
        Assert.assertFalse(aCLManager3.checkAccess(createUserForTesting2, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager3.checkAccess(createUserForTesting2, ACLType.AM_MODIFY_ACL));
        Assert.assertTrue(aCLManager3.checkAccess(createUserForTesting2, ACLType.DAG_VIEW_ACL));
        Assert.assertTrue(aCLManager3.checkAccess(createUserForTesting2, ACLType.DAG_MODIFY_ACL));
        Assert.assertFalse(aCLManager3.checkAccess(createUserForTesting3, ACLType.DAG_VIEW_ACL));
        Assert.assertFalse(aCLManager3.checkAccess(createUserForTesting3, ACLType.DAG_MODIFY_ACL));
    }

    @Test
    public void testOtherUserACLChecks() throws IOException {
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("currentUser", noGroups);
        UserGroupInformation createUserForTesting2 = UserGroupInformation.createUserForTesting("user1", new String[]{"grp1", "grp2"});
        UserGroupInformation createUserForTesting3 = UserGroupInformation.createUserForTesting("user2", new String[]{"grp3", "grp4"});
        UserGroupInformation createUserForTesting4 = UserGroupInformation.createUserForTesting("user3", noGroups);
        UserGroupInformation createUserForTesting5 = UserGroupInformation.createUserForTesting("user4", noGroups);
        UserGroupInformation createUserForTesting6 = UserGroupInformation.createUserForTesting("user5", new String[]{"grp5", "grp6"});
        UserGroupInformation createUserForTesting7 = UserGroupInformation.createUserForTesting("user6", noGroups);
        Configuration configuration = new Configuration(false);
        String str = createUserForTesting2.getShortUserName() + "," + createUserForTesting5.getShortUserName() + "   grp3,grp4  ";
        String str2 = createUserForTesting4.getShortUserName() + "  grp6,grp7";
        configuration.set("tez.am.view-acls", str);
        configuration.set("tez.am.modify-acls", str2);
        ACLManager aCLManager = new ACLManager(createUserForTesting.getShortUserName(), configuration);
        Assert.assertTrue(aCLManager.checkAccess(createUserForTesting, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager.checkAccess(createUserForTesting2, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager.checkAccess(createUserForTesting3, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting4, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager.checkAccess(createUserForTesting5, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting6, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting7, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager.checkAccess(createUserForTesting, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting2, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting3, ACLType.AM_MODIFY_ACL));
        Assert.assertTrue(aCLManager.checkAccess(createUserForTesting4, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting5, ACLType.AM_MODIFY_ACL));
        Assert.assertTrue(aCLManager.checkAccess(createUserForTesting6, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting7, ACLType.AM_MODIFY_ACL));
    }

    @Test
    public void testNoGroupsACLChecks() throws IOException {
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("currentUser", noGroups);
        UserGroupInformation createUserForTesting2 = UserGroupInformation.createUserForTesting("user1", new String[]{"grp1", "grp2"});
        UserGroupInformation createUserForTesting3 = UserGroupInformation.createUserForTesting("user2", new String[]{"grp3", "grp4"});
        UserGroupInformation createUserForTesting4 = UserGroupInformation.createUserForTesting("user3", noGroups);
        UserGroupInformation createUserForTesting5 = UserGroupInformation.createUserForTesting("user4", noGroups);
        UserGroupInformation createUserForTesting6 = UserGroupInformation.createUserForTesting("user5", new String[]{"grp5", "grp6"});
        UserGroupInformation createUserForTesting7 = UserGroupInformation.createUserForTesting("user6", noGroups);
        Configuration configuration = new Configuration(false);
        String str = createUserForTesting2.getShortUserName() + "," + createUserForTesting5.getShortUserName() + " ";
        String str2 = createUserForTesting4.getShortUserName() + " ";
        configuration.set("tez.am.view-acls", str);
        configuration.set("tez.am.modify-acls", str2);
        ACLManager aCLManager = new ACLManager(createUserForTesting.getShortUserName(), configuration);
        Assert.assertTrue(aCLManager.checkAccess(createUserForTesting, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager.checkAccess(createUserForTesting2, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting3, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting4, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager.checkAccess(createUserForTesting5, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting6, ACLType.AM_VIEW_ACL));
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting7, ACLType.AM_VIEW_ACL));
        Assert.assertTrue(aCLManager.checkAccess(createUserForTesting, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting2, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting3, ACLType.AM_MODIFY_ACL));
        Assert.assertTrue(aCLManager.checkAccess(createUserForTesting4, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting5, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting6, ACLType.AM_MODIFY_ACL));
        Assert.assertFalse(aCLManager.checkAccess(createUserForTesting7, ACLType.AM_MODIFY_ACL));
    }

    @Test
    public void checkAMACLs() throws IOException {
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("currentUser", noGroups);
        UserGroupInformation createUserForTesting2 = UserGroupInformation.createUserForTesting("user1", new String[]{"grp1", "grp2"});
        UserGroupInformation createUserForTesting3 = UserGroupInformation.createUserForTesting("user2", new String[]{"grp3", "grp4"});
        UserGroupInformation createUserForTesting4 = UserGroupInformation.createUserForTesting("user3", noGroups);
        UserGroupInformation createUserForTesting5 = UserGroupInformation.createUserForTesting("user4", noGroups);
        UserGroupInformation createUserForTesting6 = UserGroupInformation.createUserForTesting("user5", new String[]{"grp5", "grp6"});
        UserGroupInformation createUserForTesting7 = UserGroupInformation.createUserForTesting("user6", noGroups);
        Configuration configuration = new Configuration(false);
        configuration.set("tez.am.view-acls", "user1,user4,,   grp3,grp4  ");
        configuration.set("tez.am.modify-acls", "user3   grp6,grp7");
        ACLManager aCLManager = new ACLManager(createUserForTesting.getShortUserName(), configuration);
        Assert.assertTrue(aCLManager.checkAMViewAccess(createUserForTesting));
        Assert.assertTrue(aCLManager.checkAMViewAccess(createUserForTesting2));
        Assert.assertTrue(aCLManager.checkAMViewAccess(createUserForTesting3));
        Assert.assertFalse(aCLManager.checkAMViewAccess(createUserForTesting4));
        Assert.assertTrue(aCLManager.checkAMViewAccess(createUserForTesting5));
        Assert.assertFalse(aCLManager.checkAMViewAccess(createUserForTesting6));
        Assert.assertFalse(aCLManager.checkAMViewAccess(createUserForTesting7));
        Assert.assertTrue(aCLManager.checkAMModifyAccess(createUserForTesting));
        Assert.assertFalse(aCLManager.checkAMModifyAccess(createUserForTesting2));
        Assert.assertFalse(aCLManager.checkAMModifyAccess(createUserForTesting3));
        Assert.assertTrue(aCLManager.checkAMModifyAccess(createUserForTesting4));
        Assert.assertFalse(aCLManager.checkAMModifyAccess(createUserForTesting5));
        Assert.assertTrue(aCLManager.checkAMModifyAccess(createUserForTesting6));
        Assert.assertFalse(aCLManager.checkAMModifyAccess(createUserForTesting7));
        Assert.assertTrue(aCLManager.checkDAGViewAccess(createUserForTesting));
        Assert.assertTrue(aCLManager.checkDAGViewAccess(createUserForTesting2));
        Assert.assertTrue(aCLManager.checkDAGViewAccess(createUserForTesting3));
        Assert.assertFalse(aCLManager.checkDAGViewAccess(createUserForTesting4));
        Assert.assertTrue(aCLManager.checkDAGViewAccess(createUserForTesting5));
        Assert.assertFalse(aCLManager.checkDAGViewAccess(createUserForTesting6));
        Assert.assertFalse(aCLManager.checkDAGViewAccess(createUserForTesting7));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess(createUserForTesting));
        Assert.assertFalse(aCLManager.checkDAGModifyAccess(createUserForTesting2));
        Assert.assertFalse(aCLManager.checkDAGModifyAccess(createUserForTesting3));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess(createUserForTesting4));
        Assert.assertFalse(aCLManager.checkDAGModifyAccess(createUserForTesting5));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess(createUserForTesting6));
        Assert.assertFalse(aCLManager.checkDAGModifyAccess(createUserForTesting7));
    }

    @Test
    public void checkDAGACLs() throws IOException {
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("currentUser", noGroups);
        UserGroupInformation createUserForTesting2 = UserGroupInformation.createUserForTesting("user1", new String[]{"grp1", "grp2"});
        UserGroupInformation createUserForTesting3 = UserGroupInformation.createUserForTesting("user2", new String[]{"grp3", "grp4"});
        UserGroupInformation createUserForTesting4 = UserGroupInformation.createUserForTesting("user3", noGroups);
        UserGroupInformation createUserForTesting5 = UserGroupInformation.createUserForTesting("user4", noGroups);
        UserGroupInformation createUserForTesting6 = UserGroupInformation.createUserForTesting("user5", new String[]{"grp5", "grp6"});
        UserGroupInformation createUserForTesting7 = UserGroupInformation.createUserForTesting("user6", noGroups);
        Configuration configuration = new Configuration(false);
        configuration.set("tez.am.view-acls", "user1,user4,,   grp3,grp4  ");
        configuration.set("tez.am.modify-acls", "user3   grp6,grp7");
        configuration.set("tez.am.dag.view-acls", "user6,   grp5  ");
        configuration.set("tez.am.dag.modify-acls", "user6,user5 ");
        UserGroupInformation createUserForTesting8 = UserGroupInformation.createUserForTesting("dagUser", noGroups);
        ACLManager aCLManager = new ACLManager(new ACLManager(createUserForTesting.getShortUserName(), configuration), createUserForTesting8.getShortUserName(), configuration);
        Assert.assertTrue(aCLManager.checkAMViewAccess(createUserForTesting));
        Assert.assertFalse(aCLManager.checkAMViewAccess(createUserForTesting8));
        Assert.assertTrue(aCLManager.checkAMViewAccess(createUserForTesting2));
        Assert.assertTrue(aCLManager.checkAMViewAccess(createUserForTesting3));
        Assert.assertFalse(aCLManager.checkAMViewAccess(createUserForTesting4));
        Assert.assertTrue(aCLManager.checkAMViewAccess(createUserForTesting5));
        Assert.assertFalse(aCLManager.checkAMViewAccess(createUserForTesting6));
        Assert.assertFalse(aCLManager.checkAMViewAccess(createUserForTesting7));
        Assert.assertTrue(aCLManager.checkAMModifyAccess(createUserForTesting));
        Assert.assertFalse(aCLManager.checkAMModifyAccess(createUserForTesting8));
        Assert.assertFalse(aCLManager.checkAMModifyAccess(createUserForTesting2));
        Assert.assertFalse(aCLManager.checkAMModifyAccess(createUserForTesting3));
        Assert.assertTrue(aCLManager.checkAMModifyAccess(createUserForTesting4));
        Assert.assertFalse(aCLManager.checkAMModifyAccess(createUserForTesting5));
        Assert.assertTrue(aCLManager.checkAMModifyAccess(createUserForTesting6));
        Assert.assertFalse(aCLManager.checkAMModifyAccess(createUserForTesting7));
        Assert.assertTrue(aCLManager.checkDAGViewAccess(createUserForTesting));
        Assert.assertTrue(aCLManager.checkDAGViewAccess(createUserForTesting8));
        Assert.assertTrue(aCLManager.checkDAGViewAccess(createUserForTesting2));
        Assert.assertTrue(aCLManager.checkDAGViewAccess(createUserForTesting3));
        Assert.assertFalse(aCLManager.checkDAGViewAccess(createUserForTesting4));
        Assert.assertTrue(aCLManager.checkDAGViewAccess(createUserForTesting5));
        Assert.assertTrue(aCLManager.checkDAGViewAccess(createUserForTesting6));
        Assert.assertTrue(aCLManager.checkDAGViewAccess(createUserForTesting7));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess(createUserForTesting));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess(createUserForTesting8));
        Assert.assertFalse(aCLManager.checkDAGModifyAccess(createUserForTesting2));
        Assert.assertFalse(aCLManager.checkDAGModifyAccess(createUserForTesting3));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess(createUserForTesting4));
        Assert.assertFalse(aCLManager.checkDAGModifyAccess(createUserForTesting5));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess(createUserForTesting6));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess(createUserForTesting7));
    }

    @Test
    public void testWildCardCheck() {
        Configuration configuration = new Configuration(false);
        configuration.set("tez.am.view-acls", "   *  ");
        configuration.set("tez.am.modify-acls", "   * ");
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("a1", noGroups);
        UserGroupInformation createUserForTesting2 = UserGroupInformation.createUserForTesting("u1", noGroups);
        ACLManager aCLManager = new ACLManager(createUserForTesting.getShortUserName(), configuration);
        Assert.assertTrue(aCLManager.checkAMViewAccess(createUserForTesting));
        Assert.assertTrue(aCLManager.checkAMViewAccess(createUserForTesting2));
        Assert.assertTrue(aCLManager.checkAMModifyAccess(createUserForTesting));
        Assert.assertTrue(aCLManager.checkAMModifyAccess(createUserForTesting2));
        Assert.assertTrue(aCLManager.checkDAGViewAccess(createUserForTesting));
        Assert.assertTrue(aCLManager.checkDAGViewAccess(createUserForTesting2));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess(createUserForTesting));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess(createUserForTesting2));
    }

    @Test
    public void testACLsDisabled() {
        Configuration configuration = new Configuration(false);
        configuration.setBoolean("tez.am.acls.enabled", false);
        configuration.set("tez.am.view-acls", "a2,u2  ");
        configuration.set("tez.am.modify-acls", "a2,u2 ");
        UserGroupInformation createUserForTesting = UserGroupInformation.createUserForTesting("a1", noGroups);
        UserGroupInformation createUserForTesting2 = UserGroupInformation.createUserForTesting("u1", noGroups);
        ACLManager aCLManager = new ACLManager(createUserForTesting.getShortUserName(), configuration);
        Assert.assertTrue(aCLManager.checkAMViewAccess(createUserForTesting));
        Assert.assertTrue(aCLManager.checkAMViewAccess(createUserForTesting2));
        Assert.assertTrue(aCLManager.checkAMModifyAccess(createUserForTesting));
        Assert.assertTrue(aCLManager.checkAMModifyAccess(createUserForTesting2));
        Assert.assertTrue(aCLManager.checkDAGViewAccess(createUserForTesting));
        Assert.assertTrue(aCLManager.checkDAGViewAccess(createUserForTesting2));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess(createUserForTesting));
        Assert.assertTrue(aCLManager.checkDAGModifyAccess(createUserForTesting2));
        ACLManager aCLManager2 = new ACLManager(aCLManager, "dagUser", (Configuration) null);
        Assert.assertTrue(aCLManager2.checkAMViewAccess(createUserForTesting));
        Assert.assertTrue(aCLManager2.checkAMViewAccess(createUserForTesting2));
        Assert.assertTrue(aCLManager2.checkAMModifyAccess(createUserForTesting));
        Assert.assertTrue(aCLManager2.checkAMModifyAccess(createUserForTesting2));
        Assert.assertTrue(aCLManager2.checkDAGViewAccess(createUserForTesting));
        Assert.assertTrue(aCLManager2.checkDAGViewAccess(createUserForTesting2));
        Assert.assertTrue(aCLManager2.checkDAGModifyAccess(createUserForTesting));
        Assert.assertTrue(aCLManager2.checkDAGModifyAccess(createUserForTesting2));
    }

    @Test
    public void testConvertToYARNACLs() {
        Configuration configuration = new Configuration(false);
        configuration.set("tez.am.view-acls", "user1,user4,,   grp3,grp4  ");
        configuration.set("tez.am.modify-acls", "   * ");
        Map yARNACls = new ACLManager("c1", configuration).toYARNACls();
        Assert.assertTrue(yARNACls.containsKey(ApplicationAccessType.VIEW_APP));
        Assert.assertEquals("c1,user1,user4 grp3,grp4", yARNACls.get(ApplicationAccessType.VIEW_APP));
        Assert.assertTrue(yARNACls.containsKey(ApplicationAccessType.MODIFY_APP));
        Assert.assertEquals("*", yARNACls.get(ApplicationAccessType.MODIFY_APP));
        configuration.set("tez.am.view-acls", "   grp3,grp4  ");
        Assert.assertEquals("c1 grp3,grp4", new ACLManager("c1", configuration).toYARNACls().get(ApplicationAccessType.VIEW_APP));
    }
}
