package org.apache.hadoop.mapred;

import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.examples.SleepJob;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.LocalFileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.mapred.QueueManager;
import org.apache.hadoop.security.UserGroupInformation;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/hadoop/mapred/TestJobACLs.class */
public class TestJobACLs {
    private MiniMRCluster mr = null;
    private String jobSubmitter = "jobSubmitter";
    private String viewColleague = "viewColleague";
    private String modifyColleague = "modifyColleague";
    private String qAdmin = "qAdmin";
    static final Log LOG = LogFactory.getLog(TestJobACLs.class);
    private static final Path TEST_DIR = new Path(System.getProperty("test.build.data", "/tmp"), TestJobACLs.class.getCanonicalName() + "/completed-job-store");

    @Before
    public void setup() throws IOException {
        startCluster(false);
    }

    private void startCluster(boolean z) throws IOException {
        UserGroupInformation loginUser = UserGroupInformation.getLoginUser();
        JobConf jobConf = new JobConf();
        jobConf.setBoolean("mapred.acls.enabled", true);
        jobConf.set(QueueManager.toFullPropertyName("default", QueueManager.QueueACL.ADMINISTER_JOBS.getAclName()), this.qAdmin);
        jobConf.set(QueueManager.toFullPropertyName("default", QueueManager.QueueACL.SUBMIT_JOB.getAclName()), this.jobSubmitter);
        LocalFileSystem local = FileSystem.getLocal(jobConf);
        if (!z) {
            local.delete(TEST_DIR, true);
        }
        jobConf.set("mapred.job.tracker.persist.jobstatus.dir", local.makeQualified(TEST_DIR).toString());
        jobConf.setBoolean("mapred.job.tracker.persist.jobstatus.active", true);
        jobConf.set("mapred.job.tracker.persist.jobstatus.hours", "1");
        jobConf.set("mapred.tasktracker.map.tasks.maximum", "4");
        this.mr = new MiniMRCluster(0, 0, 2, "file:///", 1, null, null, loginUser, jobConf);
    }

    @After
    public void tearDown() {
        if (this.mr != null) {
            this.mr.shutdown();
        }
    }

    @Test
    public void testACLS() throws IOException, InterruptedException, ClassNotFoundException {
        verifyACLViewJob();
        verifyACLModifyJob(this.modifyColleague);
        verifyACLModifyJob(this.qAdmin);
        verifyACLPersistence();
    }

    private void verifyACLViewJob() throws IOException, InterruptedException {
        JobConf createJobConf = this.mr.createJobConf();
        createJobConf.set("mapreduce.job.acl-view-job", this.viewColleague);
        RunningJob submitJobAsUser = submitJobAsUser(createJobConf, this.jobSubmitter);
        JobID id = submitJobAsUser.getID();
        verifyViewJobAsUnauthorizedUser(createJobConf, id, this.modifyColleague);
        verifyViewJobAsAuthorizedUser(createJobConf, id, this.viewColleague);
        verifyViewJobAsAuthorizedUser(createJobConf, id, this.qAdmin);
        submitJobAsUser.killJob();
    }

    private RunningJob submitJobAsUser(final JobConf jobConf, String str) throws IOException, InterruptedException {
        return (RunningJob) UserGroupInformation.createUserForTesting(str, new String[0]).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.mapred.TestJobACLs.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                JobClient jobClient = new JobClient(jobConf);
                SleepJob sleepJob = new SleepJob();
                sleepJob.setConf(jobConf);
                return jobClient.submitJob(sleepJob.setupJobConf(1, 0, 2000L, 1000, 1000L, 1000));
            }
        });
    }

    private void verifyViewJobAsAuthorizedUser(final JobConf jobConf, final JobID jobID, String str) throws IOException, InterruptedException {
        UserGroupInformation.createUserForTesting(str, new String[0]).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.mapred.TestJobACLs.2
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                RunningJob runningJob = null;
                JobClient jobClient = null;
                try {
                    jobClient = new JobClient(jobConf);
                    runningJob = jobClient.getJob(jobID);
                } catch (Exception e) {
                    Assert.fail("Exception .." + e);
                }
                Assert.assertNotNull("Job " + jobID + " is not known to the JobTracker!", runningJob);
                try {
                    runningJob.getCounters();
                } catch (IOException e2) {
                    Assert.fail("Unexpected.. exception.. " + e2);
                }
                try {
                    jobClient.getCleanupTaskReports(jobID);
                    return null;
                } catch (IOException e3) {
                    Assert.fail("Unexpected.. exception.. " + e3);
                    return null;
                }
            }
        });
    }

    private void verifyViewJobAsUnauthorizedUser(final JobConf jobConf, final JobID jobID, String str) throws IOException, InterruptedException {
        UserGroupInformation.createUserForTesting(str, new String[0]).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.mapred.TestJobACLs.3
            @Override // java.security.PrivilegedExceptionAction
            public Object run() {
                RunningJob runningJob = null;
                JobClient jobClient = null;
                try {
                    jobClient = new JobClient(jobConf);
                    runningJob = jobClient.getJob(jobID);
                } catch (Exception e) {
                    Assert.fail("Exception .." + e);
                }
                Assert.assertNotNull("Job " + jobID + " is not known to the JobTracker!", runningJob);
                try {
                    runningJob.getCounters();
                    Assert.fail("AccessControlException expected..");
                } catch (IOException e2) {
                    Assert.assertTrue(e2.getMessage().contains("AccessControlException"));
                }
                try {
                    jobClient.getSetupTaskReports(jobID);
                    Assert.fail("AccessControlException expected..");
                    return null;
                } catch (IOException e3) {
                    Assert.assertTrue(e3.getMessage().contains("AccessControlException"));
                    return null;
                }
            }
        });
    }

    private void verifyACLModifyJob(String str) throws IOException, InterruptedException, ClassNotFoundException {
        JobConf createJobConf = this.mr.createJobConf();
        createJobConf.set("mapreduce.job.acl-modify-job", this.modifyColleague);
        JobID id = submitJobAsUser(createJobConf, this.jobSubmitter).getID();
        verifyModifyJobAsUnauthorizedUser(createJobConf, id, this.viewColleague);
        verifyModifyJobAsAuthorizedUser(createJobConf, id, str);
    }

    private void verifyModifyJobAsAuthorizedUser(final JobConf jobConf, final JobID jobID, String str) throws IOException, InterruptedException {
        UserGroupInformation.createUserForTesting(str, new String[0]).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.mapred.TestJobACLs.4
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                RunningJob runningJob = null;
                try {
                    runningJob = new JobClient(jobConf).getJob(jobID);
                } catch (Exception e) {
                    Assert.fail("Exception .." + e);
                }
                Assert.assertNotNull("Job " + jobID + " is not known to the JobTracker!", runningJob);
                try {
                    runningJob.setJobPriority(JobPriority.HIGH.toString());
                } catch (IOException e2) {
                    Assert.fail("Unexpected.. exception.. " + e2);
                }
                try {
                    runningJob.killJob();
                    return null;
                } catch (IOException e3) {
                    Assert.fail("Unexpected.. exception.. " + e3);
                    return null;
                }
            }
        });
    }

    private void verifyModifyJobAsUnauthorizedUser(final JobConf jobConf, final JobID jobID, String str) throws IOException, InterruptedException {
        UserGroupInformation.createUserForTesting(str, new String[0]).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.mapred.TestJobACLs.5
            @Override // java.security.PrivilegedExceptionAction
            public Object run() {
                RunningJob runningJob = null;
                try {
                    runningJob = new JobClient(jobConf).getJob(jobID);
                } catch (Exception e) {
                    Assert.fail("Exception .." + e);
                }
                Assert.assertNotNull("Job " + jobID + " is not known to the JobTracker!", runningJob);
                try {
                    runningJob.killJob();
                    Assert.fail("AccessControlException expected..");
                } catch (IOException e2) {
                    Assert.assertTrue(e2.getMessage().contains("AccessControlException"));
                }
                try {
                    runningJob.setJobPriority(JobPriority.HIGH.toString());
                    Assert.fail("AccessControlException expected..");
                    return null;
                } catch (IOException e3) {
                    Assert.assertTrue(e3.getMessage().contains("AccessControlException"));
                    return null;
                }
            }
        });
    }

    private void verifyACLPersistence() throws IOException, InterruptedException {
        JobConf createJobConf = this.mr.createJobConf();
        createJobConf.set("mapreduce.job.acl-view-job", this.viewColleague + " group2");
        RunningJob submitJobAsUser = submitJobAsUser(createJobConf, this.jobSubmitter);
        final JobID id = submitJobAsUser.getID();
        submitJobAsUser.killJob();
        while (submitJobAsUser.getJobState() != 5) {
            LOG.info("Waiting for the job to be killed successfully..");
            Thread.sleep(200L);
        }
        tearDown();
        startCluster(true);
        final JobConf createJobConf2 = this.mr.createJobConf();
        verifyViewJobAsAuthorizedUser(createJobConf2, id, this.viewColleague);
        verifyViewJobAsAuthorizedUser(createJobConf2, id, this.qAdmin);
        UserGroupInformation.createUserForTesting(this.modifyColleague, new String[0]).doAs(new PrivilegedExceptionAction<Object>() { // from class: org.apache.hadoop.mapred.TestJobACLs.6
            @Override // java.security.PrivilegedExceptionAction
            public Object run() {
                RunningJob runningJob = null;
                try {
                    runningJob = new JobClient(createJobConf2).getJob(id);
                } catch (Exception e) {
                    Assert.fail("Exception .." + e);
                }
                Assert.assertNotNull("Job " + id + " is not known to the JobTracker!", runningJob);
                try {
                    runningJob.getCounters();
                    Assert.fail("AccessControlException expected..");
                    return null;
                } catch (IOException e2) {
                    Assert.assertTrue(e2.getMessage().contains("AccessControlException"));
                    return null;
                }
            }
        });
    }
}
