package org.apache.hadoop.yarn.server.resourcemanager;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.ByteBuffer;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AccessControlList;
import org.apache.hadoop.service.Service;
import org.apache.hadoop.yarn.api.ApplicationClientProtocol;
import org.apache.hadoop.yarn.api.protocolrecords.GetApplicationReportRequest;
import org.apache.hadoop.yarn.api.protocolrecords.GetNewApplicationRequest;
import org.apache.hadoop.yarn.api.protocolrecords.KillApplicationRequest;
import org.apache.hadoop.yarn.api.protocolrecords.SubmitApplicationRequest;
import org.apache.hadoop.yarn.api.records.ApplicationAccessType;
import org.apache.hadoop.yarn.api.records.ApplicationId;
import org.apache.hadoop.yarn.api.records.ApplicationSubmissionContext;
import org.apache.hadoop.yarn.api.records.ContainerLaunchContext;
import org.apache.hadoop.yarn.api.records.Priority;
import org.apache.hadoop.yarn.exceptions.YarnException;
import org.apache.hadoop.yarn.ipc.YarnRPC;
import org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMAppState;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairSchedulerConfiguration;
import org.apache.hadoop.yarn.server.utils.BuilderUtils;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-yarn-server-resourcemanager-2.5.0-tests.jar:org/apache/hadoop/yarn/server/resourcemanager/QueueACLsTestBase.class
 */
/* loaded from: input_file:test-classes/org/apache/hadoop/yarn/server/resourcemanager/QueueACLsTestBase.class */
public abstract class QueueACLsTestBase {
    protected static final String COMMON_USER = "common_user";
    protected static final String QUEUE_A_USER = "queueA_user";
    protected static final String QUEUE_B_USER = "queueB_user";
    protected static final String ROOT_ADMIN = "root_admin";
    protected static final String QUEUE_A_ADMIN = "queueA_admin";
    protected static final String QUEUE_B_ADMIN = "queueB_admin";
    protected static final String QUEUEA = "queueA";
    protected static final String QUEUEB = "queueB";
    private static final Log LOG = LogFactory.getLog(TestApplicationACLs.class);
    MockRM resourceManager;
    Configuration conf;
    YarnRPC rpc;
    InetSocketAddress rmAddress;

    /* JADX WARN: Type inference failed for: r0v7, types: [org.apache.hadoop.yarn.server.resourcemanager.QueueACLsTestBase$2] */
    @Before
    public void setup() throws InterruptedException, IOException {
        this.conf = createConfiguration();
        this.rpc = YarnRPC.create(this.conf);
        this.rmAddress = this.conf.getSocketAddr("yarn.resourcemanager.address", "0.0.0.0:8032", 8032);
        this.conf.set("yarn.admin.acl", new AccessControlList("").getAclString());
        this.resourceManager = new MockRM(this.conf) { // from class: org.apache.hadoop.yarn.server.resourcemanager.QueueACLsTestBase.1
            @Override // org.apache.hadoop.yarn.server.resourcemanager.MockRM, org.apache.hadoop.yarn.server.resourcemanager.ResourceManager
            protected ClientRMService createClientRMService() {
                return new ClientRMService(getRMContext(), this.scheduler, this.rmAppManager, this.applicationACLsManager, this.queueACLsManager, getRMContext().getRMDelegationTokenSecretManager());
            }

            @Override // org.apache.hadoop.yarn.server.resourcemanager.ResourceManager
            protected void doSecureLogin() throws IOException {
            }
        };
        new Thread() { // from class: org.apache.hadoop.yarn.server.resourcemanager.QueueACLsTestBase.2
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                QueueACLsTestBase.this.resourceManager.start();
            }
        }.start();
        int i = 0;
        while (this.resourceManager.getServiceState() == Service.STATE.INITED) {
            int i2 = i;
            i++;
            if (i2 >= 60) {
                break;
            }
            LOG.info("Waiting for RM to start...");
            Thread.sleep(1500L);
        }
        if (this.resourceManager.getServiceState() != Service.STATE.STARTED) {
            throw new IOException("ResourceManager failed to start. Final state is " + this.resourceManager.getServiceState());
        }
    }

    @After
    public void tearDown() {
        if (this.resourceManager != null) {
            this.resourceManager.stop();
        }
    }

    @Test
    public void testApplicationACLs() throws Exception {
        verifyKillAppSuccess(QUEUE_A_USER, QUEUE_A_USER, QUEUEA, true);
        verifyKillAppSuccess(QUEUE_A_USER, QUEUE_A_ADMIN, QUEUEA, true);
        verifyKillAppSuccess(QUEUE_A_USER, COMMON_USER, QUEUEA, true);
        verifyKillAppSuccess(QUEUE_A_USER, ROOT_ADMIN, QUEUEA, true);
        verifyKillAppFailure(QUEUE_A_USER, QUEUE_B_USER, QUEUEA, true);
        verifyKillAppFailure(QUEUE_A_USER, QUEUE_B_ADMIN, QUEUEA, true);
        verifyKillAppSuccess(QUEUE_B_USER, QUEUE_B_USER, QUEUEB, true);
        verifyKillAppSuccess(QUEUE_B_USER, QUEUE_B_ADMIN, QUEUEB, true);
        verifyKillAppSuccess(QUEUE_B_USER, COMMON_USER, QUEUEB, true);
        verifyKillAppSuccess(QUEUE_B_USER, ROOT_ADMIN, QUEUEB, true);
        verifyKillAppFailure(QUEUE_B_USER, QUEUE_A_USER, QUEUEB, true);
        verifyKillAppFailure(QUEUE_B_USER, QUEUE_A_ADMIN, QUEUEB, true);
        verifyKillAppSuccess(ROOT_ADMIN, ROOT_ADMIN, QUEUEA, false);
        verifyKillAppSuccess(ROOT_ADMIN, ROOT_ADMIN, QUEUEB, false);
        verifyGetClientAMToken(QUEUE_A_USER, ROOT_ADMIN, QUEUEA, true);
    }

    private void verifyGetClientAMToken(String str, String str2, String str3, boolean z) throws Exception {
        GetApplicationReportRequest newInstance = GetApplicationReportRequest.newInstance(submitAppAndGetAppId(str, str3, z));
        ApplicationClientProtocol rMClientForUser = getRMClientForUser(str);
        ApplicationClientProtocol rMClientForUser2 = getRMClientForUser(str2);
        Assert.assertEquals(rMClientForUser.getApplicationReport(newInstance).getApplicationReport().getClientToAMToken(), rMClientForUser2.getApplicationReport(newInstance).getApplicationReport().getClientToAMToken());
    }

    private void verifyKillAppFailure(String str, String str2, String str3, boolean z) throws Exception {
        ApplicationId submitAppAndGetAppId = submitAppAndGetAppId(str, str3, z);
        KillApplicationRequest newInstance = KillApplicationRequest.newInstance(submitAppAndGetAppId);
        try {
            getRMClientForUser(str2).forceKillApplication(newInstance);
            Assert.fail("App killing by the enemy should fail!!");
        } catch (YarnException e) {
            LOG.info("Got exception while killing app as the enemy", e);
            Assert.assertTrue(e.getMessage().contains("User " + str2 + " cannot perform operation MODIFY_APP on " + submitAppAndGetAppId));
        }
        getRMClientForUser(str).forceKillApplication(newInstance);
    }

    private void verifyKillAppSuccess(String str, String str2, String str3, boolean z) throws Exception {
        ApplicationId submitAppAndGetAppId = submitAppAndGetAppId(str, str3, z);
        getRMClientForUser(str2).forceKillApplication(KillApplicationRequest.newInstance(submitAppAndGetAppId));
        this.resourceManager.waitForState(submitAppAndGetAppId, RMAppState.KILLED);
    }

    private ApplicationId submitAppAndGetAppId(String str, String str2, boolean z) throws Exception {
        GetNewApplicationRequest newInstance = GetNewApplicationRequest.newInstance();
        ApplicationClientProtocol rMClientForUser = getRMClientForUser(str);
        ApplicationId applicationId = rMClientForUser.getNewApplication(newInstance).getApplicationId();
        ApplicationSubmissionContext newInstance2 = ApplicationSubmissionContext.newInstance(applicationId, "applicationName", str2, (Priority) null, ContainerLaunchContext.newInstance((Map) null, (Map) null, (List) null, (Map) null, (ByteBuffer) null, createACLs(str, z)), false, true, 1, BuilderUtils.newResource(FairSchedulerConfiguration.DEFAULT_RM_SCHEDULER_INCREMENT_ALLOCATION_MB, 1), "applicationType");
        newInstance2.setApplicationId(applicationId);
        newInstance2.setQueue(str2);
        rMClientForUser.submitApplication(SubmitApplicationRequest.newInstance(newInstance2));
        this.resourceManager.waitForState(applicationId, RMAppState.ACCEPTED);
        return applicationId;
    }

    private Map<ApplicationAccessType, String> createACLs(String str, boolean z) {
        AccessControlList accessControlList = new AccessControlList("");
        AccessControlList accessControlList2 = new AccessControlList("");
        if (z) {
            accessControlList.addUser(str);
            accessControlList.addUser(COMMON_USER);
            accessControlList2.addUser(str);
            accessControlList2.addUser(COMMON_USER);
        }
        HashMap hashMap = new HashMap();
        hashMap.put(ApplicationAccessType.VIEW_APP, accessControlList.getAclString());
        hashMap.put(ApplicationAccessType.MODIFY_APP, accessControlList2.getAclString());
        return hashMap;
    }

    private ApplicationClientProtocol getRMClientForUser(String str) throws IOException, InterruptedException {
        return (ApplicationClientProtocol) UserGroupInformation.createRemoteUser(str).doAs(new PrivilegedExceptionAction<ApplicationClientProtocol>() { // from class: org.apache.hadoop.yarn.server.resourcemanager.QueueACLsTestBase.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public ApplicationClientProtocol run() throws Exception {
                return (ApplicationClientProtocol) QueueACLsTestBase.this.rpc.getProxy(ApplicationClientProtocol.class, QueueACLsTestBase.this.rmAddress, QueueACLsTestBase.this.conf);
            }
        });
    }

    protected abstract Configuration createConfiguration() throws IOException;
}
