package com.facebook.presto.hive;

import com.facebook.presto.Session;
import com.facebook.presto.common.type.Type;
import com.facebook.presto.common.type.VarcharType;
import com.facebook.presto.spi.security.Identity;
import com.facebook.presto.spi.security.SelectedRole;
import com.facebook.presto.testing.MaterializedResult;
import com.facebook.presto.testing.QueryRunner;
import com.facebook.presto.tests.AbstractTestQueryFramework;
import com.facebook.presto.tests.QueryAssertions;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import io.airlift.tpch.TpchTable;
import java.util.Iterator;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.Test;

@Test(singleThreaded = true)
/* loaded from: input_file:com/facebook/presto/hive/TestHiveRoles.class */
public class TestHiveRoles extends AbstractTestQueryFramework {
    protected QueryRunner createQueryRunner() throws Exception {
        return HiveQueryRunner.createQueryRunner((TpchTable<?>[]) new TpchTable[0]);
    }

    @AfterMethod
    public void afterMethod() {
        Iterator<String> it = listRoles().iterator();
        while (it.hasNext()) {
            executeFromAdmin("DROP ROLE " + it.next());
        }
    }

    @Test
    public void testCreateRole() throws Exception {
        executeFromAdmin("CREATE ROLE role1");
        Assert.assertEquals(listRoles(), ImmutableSet.of("role1"));
        Assert.assertEquals(listRoles(), ImmutableSet.of("role1"));
    }

    @Test
    public void testCreateDuplicateRole() throws Exception {
        executeFromAdmin("CREATE ROLE duplicate_role");
        assertQueryFails(createAdminSession(), "CREATE ROLE duplicate_role", ".*?Role 'duplicate_role' already exists");
    }

    @Test
    public void testCreateRoleWithAdminOption() throws Exception {
        assertQueryFails(createAdminSession(), "CREATE ROLE role1 WITH ADMIN admin", ".*?Hive Connector does not support WITH ADMIN statement");
    }

    @Test
    public void testCreateReservedRole() throws Exception {
        assertQueryFails(createAdminSession(), "CREATE ROLE all", "Role name cannot be one of the reserved roles: \\[all, default, none\\]");
        assertQueryFails(createAdminSession(), "CREATE ROLE default", "Role name cannot be one of the reserved roles: \\[all, default, none\\]");
        assertQueryFails(createAdminSession(), "CREATE ROLE none", "Role name cannot be one of the reserved roles: \\[all, default, none\\]");
    }

    @Test
    public void testCreateRoleByNonAdminUser() throws Exception {
        assertQueryFails(createUserSession("non_admin_user"), "CREATE ROLE role1", "Access Denied: Cannot create role role1");
    }

    @Test
    public void testDropRole() throws Exception {
        executeFromAdmin("CREATE ROLE role1");
        Assert.assertEquals(listRoles(), ImmutableSet.of("role1"));
        executeFromAdmin("DROP ROLE role1");
        Assert.assertEquals(listRoles(), ImmutableSet.of());
    }

    @Test
    public void testDropNonExistentRole() throws Exception {
        assertQueryFails(createAdminSession(), "DROP ROLE non_existent_role", ".*?Role 'non_existent_role' does not exist");
    }

    @Test
    public void testDropRoleByNonAdminUser() throws Exception {
        assertQueryFails(createUserSession("non_admin_user"), "DROP ROLE role1", "Access Denied: Cannot drop role role1");
    }

    @Test
    public void testListRolesByNonAdminUser() throws Exception {
        assertQueryFails(createUserSession("non_admin_user"), "SELECT * FROM hive.information_schema.roles", "Access Denied: Cannot select from table information_schema.roles");
    }

    @Test
    public void testPublicRoleIsGrantedToAnyone() throws Exception {
        QueryAssertions.assertContains(listApplicableRoles("some_user"), applicableRoles("some_user", "USER", "public", "NO"));
    }

    @Test
    public void testAdminRoleIsGrantedToAdmin() throws Exception {
        QueryAssertions.assertContains(listApplicableRoles("admin"), applicableRoles("admin", "USER", "admin", "YES"));
    }

    @Test
    public void testGrantRoleToUser() throws Exception {
        executeFromAdmin("CREATE ROLE role1");
        executeFromAdmin("GRANT role1 TO USER user");
        QueryAssertions.assertContains(listApplicableRoles("user"), applicableRoles("user", "USER", "role1", "NO"));
    }

    @Test
    public void testGrantRoleToRole() throws Exception {
        executeFromAdmin("CREATE ROLE role1");
        executeFromAdmin("CREATE ROLE role2");
        executeFromAdmin("GRANT role1 TO USER user");
        executeFromAdmin("GRANT role2 TO ROLE role1");
        QueryAssertions.assertContains(listApplicableRoles("user"), applicableRoles("user", "USER", "role1", "NO", "role1", "ROLE", "role2", "NO"));
    }

    @Test
    public void testGrantRoleWithAdminOption() throws Exception {
        executeFromAdmin("CREATE ROLE role1");
        executeFromAdmin("CREATE ROLE role2");
        executeFromAdmin("GRANT role1 TO USER user WITH ADMIN OPTION");
        executeFromAdmin("GRANT role2 TO ROLE role1 WITH ADMIN OPTION");
        QueryAssertions.assertContains(listApplicableRoles("user"), applicableRoles("user", "USER", "role1", "YES", "role1", "ROLE", "role2", "YES"));
    }

    @Test
    public void testGrantRoleMultipleTimes() throws Exception {
        executeFromAdmin("CREATE ROLE role1");
        executeFromAdmin("CREATE ROLE role2");
        executeFromAdmin("GRANT role1 TO USER user");
        executeFromAdmin("GRANT role1 TO USER user");
        executeFromAdmin("GRANT role2 TO ROLE role1");
        executeFromAdmin("GRANT role2 TO ROLE role1");
        executeFromAdmin("GRANT role1 TO USER user WITH ADMIN OPTION");
        executeFromAdmin("GRANT role1 TO USER user WITH ADMIN OPTION");
        executeFromAdmin("GRANT role2 TO ROLE role1 WITH ADMIN OPTION");
        executeFromAdmin("GRANT role2 TO ROLE role1 WITH ADMIN OPTION");
        QueryAssertions.assertContains(listApplicableRoles("user"), applicableRoles("user", "USER", "role1", "YES", "role1", "ROLE", "role2", "YES"));
    }

    @Test
    public void testGrantNonExistingRole() throws Exception {
        assertQueryFails("GRANT grant_revoke_role_existing_1 TO USER grant_revoke_existing_user_1", ".*?Role 'grant_revoke_role_existing_1' does not exist");
        executeFromAdmin("CREATE ROLE grant_revoke_role_existing_1");
        assertQueryFails("GRANT grant_revoke_role_existing_1 TO ROLE grant_revoke_role_existing_2", ".*?Role 'grant_revoke_role_existing_2' does not exist");
    }

    @Test
    public void testRevokeRoleFromUser() throws Exception {
        executeFromAdmin("CREATE ROLE role1");
        executeFromAdmin("GRANT role1 TO USER user");
        QueryAssertions.assertContains(listApplicableRoles("user"), applicableRoles("user", "USER", "role1", "NO"));
        executeFromAdmin("REVOKE role1 FROM USER user");
        QueryAssertions.assertEqualsIgnoreOrder(listApplicableRoles("user"), applicableRoles("user", "USER", "public", "NO"));
    }

    @Test
    public void testRevokeRoleFromRole() throws Exception {
        executeFromAdmin("CREATE ROLE role1");
        executeFromAdmin("CREATE ROLE role2");
        executeFromAdmin("GRANT role1 TO USER user");
        executeFromAdmin("GRANT role2 TO ROLE role1");
        QueryAssertions.assertContains(listApplicableRoles("user"), applicableRoles("user", "USER", "role1", "NO", "role1", "ROLE", "role2", "NO"));
        executeFromAdmin("REVOKE role2 FROM ROLE role1");
        QueryAssertions.assertEqualsIgnoreOrder(listApplicableRoles("user"), applicableRoles("user", "USER", "public", "NO", "user", "USER", "role1", "NO"));
    }

    @Test
    public void testDropGrantedRole() throws Exception {
        executeFromAdmin("CREATE ROLE role1");
        executeFromAdmin("GRANT role1 TO USER user");
        QueryAssertions.assertContains(listApplicableRoles("user"), applicableRoles("user", "USER", "role1", "NO"));
        executeFromAdmin("DROP ROLE role1");
        QueryAssertions.assertEqualsIgnoreOrder(listApplicableRoles("user"), applicableRoles("user", "USER", "public", "NO"));
    }

    @Test
    public void testRevokeTransitiveRoleFromUser() throws Exception {
        executeFromAdmin("CREATE ROLE role1");
        executeFromAdmin("CREATE ROLE role2");
        executeFromAdmin("CREATE ROLE role3");
        executeFromAdmin("GRANT role1 TO USER user");
        executeFromAdmin("GRANT role2 TO ROLE role1");
        executeFromAdmin("GRANT role3 TO ROLE role2");
        QueryAssertions.assertContains(listApplicableRoles("user"), applicableRoles("user", "USER", "role1", "NO", "role1", "ROLE", "role2", "NO", "role2", "ROLE", "role3", "NO"));
        executeFromAdmin("REVOKE role1 FROM USER user");
        QueryAssertions.assertEqualsIgnoreOrder(listApplicableRoles("user"), applicableRoles("user", "USER", "public", "NO"));
    }

    @Test
    public void testRevokeTransitiveRoleFromRole() throws Exception {
        executeFromAdmin("CREATE ROLE role1");
        executeFromAdmin("CREATE ROLE role2");
        executeFromAdmin("CREATE ROLE role3");
        executeFromAdmin("GRANT role1 TO USER user");
        executeFromAdmin("GRANT role2 TO ROLE role1");
        executeFromAdmin("GRANT role3 TO ROLE role2");
        QueryAssertions.assertContains(listApplicableRoles("user"), applicableRoles("user", "USER", "role1", "NO", "role1", "ROLE", "role2", "NO", "role2", "ROLE", "role3", "NO"));
        executeFromAdmin("REVOKE role2 FROM ROLE role1");
        QueryAssertions.assertEqualsIgnoreOrder(listApplicableRoles("user"), applicableRoles("user", "USER", "public", "NO", "user", "USER", "role1", "NO"));
    }

    @Test
    public void testDropTransitiveRole() throws Exception {
        executeFromAdmin("CREATE ROLE role1");
        executeFromAdmin("CREATE ROLE role2");
        executeFromAdmin("CREATE ROLE role3");
        executeFromAdmin("GRANT role1 TO USER user");
        executeFromAdmin("GRANT role2 TO ROLE role1");
        executeFromAdmin("GRANT role3 TO ROLE role2");
        QueryAssertions.assertContains(listApplicableRoles("user"), applicableRoles("user", "USER", "role1", "NO", "role1", "ROLE", "role2", "NO", "role2", "ROLE", "role3", "NO"));
        executeFromAdmin("DROP ROLE role2");
        QueryAssertions.assertEqualsIgnoreOrder(listApplicableRoles("user"), applicableRoles("user", "USER", "public", "NO", "user", "USER", "role1", "NO"));
    }

    @Test
    public void testRevokeAdminOption() throws Exception {
        executeFromAdmin("CREATE ROLE role1");
        executeFromAdmin("CREATE ROLE role2");
        executeFromAdmin("GRANT role1 TO USER user WITH ADMIN OPTION");
        executeFromAdmin("GRANT role2 TO ROLE role1 WITH ADMIN OPTION");
        QueryAssertions.assertContains(listApplicableRoles("user"), applicableRoles("user", "USER", "role1", "YES", "role1", "ROLE", "role2", "YES"));
        executeFromAdmin("REVOKE ADMIN OPTION FOR role1 FROM USER user");
        executeFromAdmin("REVOKE ADMIN OPTION FOR role2 FROM ROLE role1");
        QueryAssertions.assertContains(listApplicableRoles("user"), applicableRoles("user", "USER", "role1", "NO", "role1", "ROLE", "role2", "NO"));
    }

    @Test
    public void testRevokeRoleMultipleTimes() throws Exception {
        executeFromAdmin("CREATE ROLE role1");
        executeFromAdmin("CREATE ROLE role2");
        executeFromAdmin("GRANT role1 TO USER user WITH ADMIN OPTION");
        executeFromAdmin("GRANT role2 TO ROLE role1 WITH ADMIN OPTION");
        QueryAssertions.assertContains(listApplicableRoles("user"), applicableRoles("user", "USER", "role1", "YES", "role1", "ROLE", "role2", "YES"));
        executeFromAdmin("REVOKE ADMIN OPTION FOR role1 FROM USER user");
        executeFromAdmin("REVOKE ADMIN OPTION FOR role1 FROM USER user");
        executeFromAdmin("REVOKE ADMIN OPTION FOR role2 FROM ROLE role1");
        executeFromAdmin("REVOKE ADMIN OPTION FOR role2 FROM ROLE role1");
        QueryAssertions.assertContains(listApplicableRoles("user"), applicableRoles("user", "USER", "role1", "NO", "role1", "ROLE", "role2", "NO"));
        executeFromAdmin("REVOKE role1 FROM USER user");
        executeFromAdmin("REVOKE role1 FROM USER user");
        executeFromAdmin("REVOKE role2 FROM ROLE role1");
        executeFromAdmin("REVOKE role2 FROM ROLE role1");
        QueryAssertions.assertEqualsIgnoreOrder(listApplicableRoles("user"), applicableRoles("user", "USER", "public", "NO"));
    }

    @Test
    public void testRevokeNonExistingRole() throws Exception {
        assertQueryFails(createAdminSession(), "REVOKE grant_revoke_role_existing_1 FROM USER grant_revoke_existing_user_1", ".*?Role 'grant_revoke_role_existing_1' does not exist");
        executeFromAdmin("CREATE ROLE grant_revoke_role_existing_1");
        assertQueryFails(createAdminSession(), "REVOKE grant_revoke_role_existing_1 FROM ROLE grant_revoke_role_existing_2", ".*?Role 'grant_revoke_role_existing_2' does not exist");
    }

    @Test
    public void testSetRole() throws Exception {
        executeFromAdmin("CREATE ROLE set_role_1");
        executeFromAdmin("CREATE ROLE set_role_2");
        executeFromAdmin("CREATE ROLE set_role_3");
        executeFromAdmin("CREATE ROLE set_role_4");
        executeFromAdmin("GRANT set_role_1 TO USER set_user_1");
        executeFromAdmin("GRANT set_role_2 TO ROLE set_role_1");
        executeFromAdmin("GRANT set_role_3 TO ROLE set_role_2");
        Session build = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty())).build();
        Session build2 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of(HiveQueryRunner.HIVE_CATALOG, new SelectedRole(SelectedRole.Type.ALL, Optional.empty())), ImmutableMap.of(), ImmutableMap.of())).build();
        Session build3 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of(HiveQueryRunner.HIVE_CATALOG, new SelectedRole(SelectedRole.Type.NONE, Optional.empty())), ImmutableMap.of(), ImmutableMap.of())).build();
        Session build4 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of(HiveQueryRunner.HIVE_CATALOG, new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_1"))), ImmutableMap.of(), ImmutableMap.of())).build();
        Session build5 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of(HiveQueryRunner.HIVE_CATALOG, new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_2"))), ImmutableMap.of(), ImmutableMap.of())).build();
        Session build6 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of(HiveQueryRunner.HIVE_CATALOG, new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_3"))), ImmutableMap.of(), ImmutableMap.of())).build();
        Session build7 = Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("set_user_1", Optional.empty(), ImmutableMap.of(HiveQueryRunner.HIVE_CATALOG, new SelectedRole(SelectedRole.Type.ROLE, Optional.of("set_role_4"))), ImmutableMap.of(), ImmutableMap.of())).build();
        QueryAssertions.assertEqualsIgnoreOrder(getQueryRunner().execute(build, "SELECT * FROM hive.information_schema.applicable_roles"), MaterializedResult.resultBuilder(build, new Type[]{VarcharType.createUnboundedVarcharType(), VarcharType.createUnboundedVarcharType(), VarcharType.createUnboundedVarcharType(), VarcharType.createUnboundedVarcharType()}).row(new Object[]{"set_user_1", "USER", "public", "NO"}).row(new Object[]{"set_user_1", "USER", "set_role_1", "NO"}).row(new Object[]{"set_role_1", "ROLE", "set_role_2", "NO"}).row(new Object[]{"set_role_2", "ROLE", "set_role_3", "NO"}).build());
        QueryAssertions.assertEqualsIgnoreOrder(getQueryRunner().execute(build, "SELECT * FROM hive.information_schema.enabled_roles"), MaterializedResult.resultBuilder(build, new Type[]{VarcharType.createUnboundedVarcharType()}).row(new Object[]{"public"}).row(new Object[]{"set_role_1"}).row(new Object[]{"set_role_2"}).row(new Object[]{"set_role_3"}).build());
        QueryAssertions.assertEqualsIgnoreOrder(getQueryRunner().execute(build2, "SELECT * FROM hive.information_schema.enabled_roles"), MaterializedResult.resultBuilder(build2, new Type[]{VarcharType.createUnboundedVarcharType()}).row(new Object[]{"public"}).row(new Object[]{"set_role_1"}).row(new Object[]{"set_role_2"}).row(new Object[]{"set_role_3"}).build());
        QueryAssertions.assertEqualsIgnoreOrder(getQueryRunner().execute(build3, "SELECT * FROM hive.information_schema.enabled_roles"), MaterializedResult.resultBuilder(build3, new Type[]{VarcharType.createUnboundedVarcharType()}).row(new Object[]{"public"}).build());
        QueryAssertions.assertEqualsIgnoreOrder(getQueryRunner().execute(build4, "SELECT * FROM hive.information_schema.enabled_roles"), MaterializedResult.resultBuilder(build4, new Type[]{VarcharType.createUnboundedVarcharType()}).row(new Object[]{"public"}).row(new Object[]{"set_role_1"}).row(new Object[]{"set_role_2"}).row(new Object[]{"set_role_3"}).build());
        QueryAssertions.assertEqualsIgnoreOrder(getQueryRunner().execute(build5, "SELECT * FROM hive.information_schema.enabled_roles"), MaterializedResult.resultBuilder(build5, new Type[]{VarcharType.createUnboundedVarcharType()}).row(new Object[]{"public"}).row(new Object[]{"set_role_2"}).row(new Object[]{"set_role_3"}).build());
        QueryAssertions.assertEqualsIgnoreOrder(getQueryRunner().execute(build6, "SELECT * FROM hive.information_schema.enabled_roles"), MaterializedResult.resultBuilder(build6, new Type[]{VarcharType.createUnboundedVarcharType()}).row(new Object[]{"public"}).row(new Object[]{"set_role_3"}).build());
        assertQueryFails(build7, "SELECT * FROM hive.information_schema.enabled_roles", ".*?Cannot set role set_role_4");
        executeFromAdmin("DROP ROLE set_role_1");
        executeFromAdmin("DROP ROLE set_role_2");
        executeFromAdmin("DROP ROLE set_role_3");
        executeFromAdmin("DROP ROLE set_role_4");
    }

    private Set<String> listRoles() {
        return (Set) executeFromAdmin("SELECT * FROM hive.information_schema.roles").getMaterializedRows().stream().map(materializedRow -> {
            return materializedRow.getField(0).toString();
        }).collect(Collectors.toSet());
    }

    private MaterializedResult listApplicableRoles(String str) {
        return executeFromUser(str, "SELECT * FROM hive.information_schema.applicable_roles");
    }

    private MaterializedResult applicableRoles(String... strArr) {
        ImmutableList of = ImmutableList.of(VarcharType.createUnboundedVarcharType(), VarcharType.createUnboundedVarcharType(), VarcharType.createUnboundedVarcharType(), VarcharType.createUnboundedVarcharType());
        int size = of.size();
        Preconditions.checkArgument(strArr.length % size == 0);
        MaterializedResult.Builder resultBuilder = MaterializedResult.resultBuilder(getQueryRunner().getDefaultSession(), of);
        Object[] objArr = null;
        for (int i = 0; i < strArr.length; i++) {
            if (i % size == 0) {
                if (objArr != null) {
                    resultBuilder.row(objArr);
                }
                objArr = new Object[size];
            }
            Preconditions.checkState(objArr != null);
            objArr[i % size] = strArr[i];
        }
        if (objArr != null) {
            resultBuilder.row(objArr);
        }
        return resultBuilder.build();
    }

    private MaterializedResult executeFromAdmin(String str) {
        return getQueryRunner().execute(createAdminSession(), str);
    }

    private MaterializedResult executeFromUser(String str, String str2) {
        return getQueryRunner().execute(createUserSession(str), str2);
    }

    private Session createAdminSession() {
        return Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity("admin", Optional.empty(), ImmutableMap.of(HiveQueryRunner.HIVE_CATALOG, new SelectedRole(SelectedRole.Type.ROLE, Optional.of("admin"))), ImmutableMap.of(), ImmutableMap.of())).build();
    }

    private Session createUserSession(String str) {
        return Session.builder(getQueryRunner().getDefaultSession()).setIdentity(new Identity(str, Optional.empty())).build();
    }
}
