package org.apache.hadoop.hbase.security.access;

import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hbase.HBaseClassTestRule;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.client.Admin;
import org.apache.hadoop.hbase.client.Table;
import org.apache.hadoop.hbase.coprocessor.CoprocessorHost;
import org.apache.hadoop.hbase.security.User;
import org.apache.hadoop.hbase.security.access.Permission;
import org.apache.hadoop.hbase.security.access.SnapshotScannerHDFSAclController;
import org.apache.hadoop.hbase.testclassification.LargeTests;
import org.apache.hadoop.hbase.testclassification.SecurityTests;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.TestName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Category({SecurityTests.class, LargeTests.class})
/* loaded from: input_file:org/apache/hadoop/hbase/security/access/TestSnapshotScannerHDFSAclController2.class */
public class TestSnapshotScannerHDFSAclController2 {

    @Rule
    public TestName name = new TestName();
    private static final String UN_GRANT_USER = "un_grant_user";
    private static SnapshotScannerHDFSAclHelper helper;
    private static Table aclTable;
    private static FileSystem FS;

    @ClassRule
    public static final HBaseClassTestRule CLASS_RULE = HBaseClassTestRule.forClass(TestSnapshotScannerHDFSAclController2.class);
    private static final Logger LOG = LoggerFactory.getLogger(TestSnapshotScannerHDFSAclController2.class);
    private static HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
    private static Configuration conf = TEST_UTIL.getConfiguration();
    private static Admin admin = null;

    @BeforeClass
    public static void setupBeforeClass() throws Exception {
        conf.setBoolean(DFSConfigKeys.DFS_NAMENODE_ACLS_ENABLED_KEY, true);
        conf.set("fs.permissions.umask-mode", "027");
        conf.setBoolean(SnapshotScannerHDFSAclHelper.ACL_SYNC_TO_HDFS_ENABLE, true);
        conf.set(User.HBASE_SECURITY_CONF_KEY, "simple");
        conf.set(SnapshotScannerHDFSAclHelper.SNAPSHOT_RESTORE_TMP_DIR, SnapshotScannerHDFSAclHelper.SNAPSHOT_RESTORE_TMP_DIR_DEFAULT);
        SecureTestUtil.enableSecurity(conf);
        conf.set(CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY, conf.get(CoprocessorHost.MASTER_COPROCESSOR_CONF_KEY) + "," + SnapshotScannerHDFSAclController.class.getName());
        TEST_UTIL.startMiniCluster();
        SnapshotScannerHDFSAclController snapshotScannerHDFSAclController = (SnapshotScannerHDFSAclController) TEST_UTIL.getHBaseCluster().getMaster().getMasterCoprocessorHost().findCoprocessor(SnapshotScannerHDFSAclController.class);
        TEST_UTIL.waitFor(30000L, () -> {
            return snapshotScannerHDFSAclController.checkInitialized("check initialized");
        });
        TEST_UTIL.waitTableAvailable(PermissionStorage.ACL_TABLE_NAME);
        admin = TEST_UTIL.getAdmin();
        Path defaultRootDirPath = TEST_UTIL.getDefaultRootDirPath();
        FS = defaultRootDirPath.getFileSystem(conf);
        User.createUserForTesting(conf, UN_GRANT_USER, new String[0]);
        helper = new SnapshotScannerHDFSAclHelper(conf, admin.getConnection());
        FsPermission fsPermission = new FsPermission(conf.get(SnapshotScannerHDFSAclHelper.COMMON_DIRECTORY_PERMISSION, SnapshotScannerHDFSAclHelper.COMMON_DIRECTORY_PERMISSION_DEFAULT));
        Path path = defaultRootDirPath;
        while (true) {
            Path path2 = path;
            if (path2 == null) {
                break;
            }
            FS.setPermission(path2, fsPermission);
            path = path2.getParent();
        }
        Path path3 = new Path(SnapshotScannerHDFSAclHelper.SNAPSHOT_RESTORE_TMP_DIR_DEFAULT);
        if (!FS.exists(path3)) {
            FS.mkdirs(path3);
            FS.setPermission(path3, new FsPermission(conf.get(SnapshotScannerHDFSAclHelper.SNAPSHOT_RESTORE_DIRECTORY_PERMISSION, SnapshotScannerHDFSAclHelper.SNAPSHOT_RESTORE_DIRECTORY_PERMISSION_DEFAULT)));
        }
        Path parent = path3.getParent();
        while (true) {
            Path path4 = parent;
            if (path4 == null) {
                aclTable = admin.getConnection().getTable(PermissionStorage.ACL_TABLE_NAME);
                return;
            } else {
                FS.setPermission(path4, fsPermission);
                parent = path4.getParent();
            }
        }
    }

    @AfterClass
    public static void tearDownAfterClass() throws Exception {
        TEST_UTIL.shutdownMiniCluster();
    }

    @Test
    public void testRestoreSnapshot() throws Exception {
        String methodName = this.name.getMethodName();
        User createUserForTesting = User.createUserForTesting(conf, methodName, new String[0]);
        String methodName2 = this.name.getMethodName();
        TableName valueOf = TableName.valueOf(methodName2, this.name.getMethodName());
        String str = methodName2 + "s1";
        String str2 = methodName2 + "s2";
        String str3 = methodName2 + "s3";
        LOG.info("Create {}", valueOf);
        Table createTable = TestHDFSAclHelper.createTable(TEST_UTIL, valueOf);
        try {
            TestHDFSAclHelper.put(createTable);
            LOG.info("Grant {}", valueOf);
            TestHDFSAclHelper.grantOnTable(TEST_UTIL, methodName, valueOf, Permission.Action.READ);
            admin.snapshot(str, valueOf);
            admin.disableTable(valueOf);
            admin.deleteTable(valueOf);
            LOG.info("Before scan of shapshot! {}", valueOf);
            TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, createUserForTesting, str, -1);
            admin.restoreSnapshot(str, true, true);
            TestHDFSAclHelper.put2(createTable);
            admin.snapshot(str2, valueOf);
            TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, createUserForTesting, str, 6);
            TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, createUserForTesting, str2, 10);
            Assert.assertTrue(SnapshotScannerHDFSAclController.SnapshotScannerHDFSAclStorage.hasUserTableHdfsAcl(aclTable, methodName, valueOf));
            TestSnapshotScannerHDFSAclController.checkUserAclEntry(FS, helper.getTableRootPaths(valueOf, false), methodName, true, true);
            admin.disableTable(valueOf);
            admin.deleteTable(valueOf);
            admin.restoreSnapshot(str);
            admin.snapshot(str3, valueOf);
            LOG.info("CHECK");
            TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, createUserForTesting, str, -1);
            TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, createUserForTesting, str2, -1);
            TestHDFSAclHelper.canUserScanSnapshot(TEST_UTIL, createUserForTesting, str3, -1);
            Assert.assertFalse(SnapshotScannerHDFSAclController.SnapshotScannerHDFSAclStorage.hasUserTableHdfsAcl(aclTable, methodName, valueOf));
            TestSnapshotScannerHDFSAclController.checkUserAclEntry(FS, helper.getPathHelper().getDataTableDir(valueOf), methodName, false, false);
            TestSnapshotScannerHDFSAclController.checkUserAclEntry(FS, helper.getPathHelper().getArchiveTableDir(valueOf), methodName, true, false);
            if (createTable != null) {
                createTable.close();
            }
        } catch (Throwable th) {
            if (createTable != null) {
                try {
                    createTable.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
