package org.apache.hadoop.yarn.server.timelineservice.reader;

import java.util.LinkedHashSet;
import java.util.Set;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.yarn.api.records.timelineservice.TimelineEntity;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.server.timelineservice.storage.TimelineReader;
import org.apache.hadoop.yarn.webapp.ForbiddenException;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWebServicesBasicAcl.class */
public class TestTimelineReaderWebServicesBasicAcl {
    private TimelineReaderManager manager;
    private static String adminUser = "admin";
    private static UserGroupInformation adminUgi = UserGroupInformation.createRemoteUser(adminUser);
    private Configuration config;

    @Before
    public void setUp() throws Exception {
        this.config = new YarnConfiguration();
    }

    @After
    public void tearDown() throws Exception {
        if (this.manager != null) {
            this.manager.stop();
            this.manager = null;
        }
        this.config = null;
    }

    @Test
    public void testTimelineReaderManagerAclsWhenDisabled() throws Exception {
        this.config.setBoolean("yarn.acl.enable", false);
        this.config.set("yarn.admin.acl", adminUser);
        this.manager = new TimelineReaderManager((TimelineReader) null);
        this.manager.init(this.config);
        this.manager.start();
        Assert.assertTrue(this.manager.checkAccess((UserGroupInformation) null));
        Assert.assertFalse(TimelineReaderWebServices.isDisplayEntityPerUserFilterEnabled(this.config));
    }

    @Test
    public void testTimelineReaderManagerAclsWhenEnabled() throws Exception {
        YarnConfiguration yarnConfiguration = new YarnConfiguration();
        yarnConfiguration.setBoolean("yarn.acl.enable", true);
        yarnConfiguration.setBoolean("yarn.webapp.filter-entity-list-by-user", true);
        yarnConfiguration.set("yarn.admin.acl", adminUser);
        this.manager = new TimelineReaderManager((TimelineReader) null);
        this.manager.init(yarnConfiguration);
        this.manager.start();
        UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser("user1");
        UserGroupInformation createRemoteUser2 = UserGroupInformation.createRemoteUser("user2");
        Assert.assertFalse(TimelineReaderWebServices.validateAuthUserWithEntityUser(this.manager, (UserGroupInformation) null, "user1"));
        Assert.assertTrue(TimelineReaderWebServices.checkAccess(this.manager, (UserGroupInformation) null, "user1"));
        Assert.assertTrue(TimelineReaderWebServices.checkAccess(this.manager, adminUgi, "user1"));
        Assert.assertTrue(TimelineReaderWebServices.checkAccess(this.manager, adminUgi, "user2"));
        try {
            TimelineReaderWebServices.checkAccess(this.manager, createRemoteUser, "user2");
            Assert.fail("user1Ugi is not allowed to view user2");
        } catch (ForbiddenException e) {
        }
        try {
            TimelineReaderWebServices.checkAccess(this.manager, createRemoteUser, "user2");
            Assert.fail("user2Ugi is not allowed to view user1");
        } catch (ForbiddenException e2) {
        }
        Set<TimelineEntity> createEntities = createEntities(10, "user");
        TimelineReaderWebServices.checkAccess(this.manager, adminUgi, createEntities, "user", true);
        Assert.assertTrue(createEntities.size() == 10);
        Set<TimelineEntity> createEntities2 = createEntities(5, "user");
        TimelineReaderWebServices.checkAccess(this.manager, createRemoteUser, createEntities2, "user", true);
        Assert.assertTrue(createEntities2.size() == 1);
        Assert.assertEquals("user1", createEntities2.iterator().next().getInfo().get("user"));
        Set<TimelineEntity> createEntities3 = createEntities(8, "user");
        TimelineReaderWebServices.checkAccess(this.manager, createRemoteUser2, createEntities3, "user", true);
        Assert.assertTrue(createEntities3.size() == 1);
        Assert.assertEquals("user2", createEntities3.iterator().next().getInfo().get("user"));
    }

    Set<TimelineEntity> createEntities(int i, String str) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (int i2 = 0; i2 < i; i2++) {
            TimelineEntity timelineEntity = new TimelineEntity();
            timelineEntity.setType("user" + i2);
            timelineEntity.setId("user" + i2);
            timelineEntity.getInfo().put(str, "user" + i2);
            linkedHashSet.add(timelineEntity);
        }
        return linkedHashSet;
    }
}
