package com.facebook.presto.tests.hive;

import com.facebook.presto.tests.TestGroups;
import com.facebook.presto.tests.utils.QueryExecutors;
import com.google.common.collect.ImmutableList;
import io.airlift.log.Logger;
import io.prestodb.tempto.AfterTestWithContext;
import io.prestodb.tempto.BeforeTestWithContext;
import io.prestodb.tempto.ProductTest;
import io.prestodb.tempto.assertions.QueryAssert;
import io.prestodb.tempto.context.ContextDsl;
import io.prestodb.tempto.context.ThreadLocalTestContextHolder;
import io.prestodb.tempto.query.QueryExecutor;
import io.prestodb.tempto.sql.SqlContexts;
import org.apache.hive.hcatalog.common.HCatConstants;
import org.testng.annotations.Test;

/* loaded from: input_file:com/facebook/presto/tests/hive/TestGrantRevoke.class */
public class TestGrantRevoke extends ProductTest {
    private String tableName;
    private String viewName;
    private QueryExecutor aliceExecutor;
    private QueryExecutor bobExecutor;

    @BeforeTestWithContext
    public void setup() {
        this.tableName = "alice_owned_table";
        this.viewName = "alice_view";
        this.aliceExecutor = QueryExecutors.connectToPresto("alice@presto");
        this.bobExecutor = QueryExecutors.connectToPresto("bob@presto");
        this.aliceExecutor.executeQuery(String.format("DROP TABLE IF EXISTS %s", this.tableName), new QueryExecutor.QueryParam[0]);
        this.aliceExecutor.executeQuery(String.format("CREATE TABLE %s(month bigint, day bigint)", this.tableName), new QueryExecutor.QueryParam[0]);
        assertAccessDeniedOnAllOperationsOnTable(this.bobExecutor, this.tableName);
    }

    @AfterTestWithContext
    public void cleanup() {
        try {
            this.aliceExecutor.executeQuery(String.format("DROP TABLE IF EXISTS %s", this.tableName), new QueryExecutor.QueryParam[0]);
            this.aliceExecutor.executeQuery(String.format("DROP VIEW IF EXISTS %s", this.viewName), new QueryExecutor.QueryParam[0]);
        } catch (Exception e) {
            Logger.get(getClass()).warn(e, "failed to drop table/view");
        }
    }

    @Test(groups = {TestGroups.HIVE_CONNECTOR, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testGrantRevoke() {
        this.aliceExecutor.executeQuery(String.format("GRANT SELECT ON %s TO bob WITH GRANT OPTION", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(this.bobExecutor.executeQuery(String.format("SELECT * FROM %s", this.tableName), new QueryExecutor.QueryParam[0])).hasNoRows();
        this.aliceExecutor.executeQuery(String.format("GRANT INSERT, SELECT ON %s TO bob", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(this.bobExecutor.executeQuery(String.format("INSERT INTO %s VALUES (3, 22)", this.tableName), new QueryExecutor.QueryParam[0])).hasRowsCount(1);
        QueryAssert.assertThat(this.bobExecutor.executeQuery(String.format("SELECT * FROM %s", this.tableName), new QueryExecutor.QueryParam[0])).hasRowsCount(1);
        QueryAssert.assertThat(() -> {
            return this.bobExecutor.executeQuery(String.format("DELETE FROM %s WHERE day=3", this.tableName), new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(String.format("Access Denied: Cannot delete from table default.%s", this.tableName));
        this.aliceExecutor.executeQuery(String.format("REVOKE INSERT ON %s FROM bob", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(() -> {
            return this.bobExecutor.executeQuery(String.format("INSERT INTO %s VALUES ('y', 5)", this.tableName), new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(String.format("Access Denied: Cannot insert into table default.%s", this.tableName));
        QueryAssert.assertThat(this.bobExecutor.executeQuery(String.format("SELECT * FROM %s", this.tableName), new QueryExecutor.QueryParam[0])).hasRowsCount(1);
        this.aliceExecutor.executeQuery(String.format("REVOKE INSERT, SELECT ON %s FROM bob", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(() -> {
            return this.bobExecutor.executeQuery(String.format("SELECT * FROM %s", this.tableName), new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(String.format("Access Denied: Cannot select from table default.%s", this.tableName));
    }

    @Test(groups = {TestGroups.HIVE_CONNECTOR, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testShowGrants() {
        QueryAssert.assertThat(this.aliceExecutor.executeQuery(String.format("SHOW GRANTS ON %s", this.tableName), new QueryExecutor.QueryParam[0])).containsOnly(ImmutableList.of(QueryAssert.Row.row("alice", "hive", "default", this.tableName, "SELECT", Boolean.TRUE), QueryAssert.Row.row("alice", "hive", "default", this.tableName, HCatConstants.HCAT_INSERT_EVENT, Boolean.TRUE), QueryAssert.Row.row("alice", "hive", "default", this.tableName, "UPDATE", Boolean.TRUE), QueryAssert.Row.row("alice", "hive", "default", this.tableName, "DELETE", Boolean.TRUE)));
        this.aliceExecutor.executeQuery(String.format("GRANT SELECT ON %s TO bob WITH GRANT OPTION", this.tableName), new QueryExecutor.QueryParam[0]);
        this.aliceExecutor.executeQuery(String.format("GRANT INSERT ON %s TO bob", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(this.bobExecutor.executeQuery(String.format("SHOW GRANTS ON %s", this.tableName), new QueryExecutor.QueryParam[0])).containsOnly(ImmutableList.of(QueryAssert.Row.row("bob", "hive", "default", this.tableName, "SELECT", Boolean.TRUE), QueryAssert.Row.row("bob", "hive", "default", this.tableName, HCatConstants.HCAT_INSERT_EVENT, Boolean.FALSE)));
    }

    @Test(groups = {TestGroups.HIVE_CONNECTOR, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testAll() {
        this.aliceExecutor.executeQuery(String.format("GRANT ALL PRIVILEGES ON %s TO bob", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(this.bobExecutor.executeQuery(String.format("INSERT INTO %s VALUES (4, 13)", this.tableName), new QueryExecutor.QueryParam[0])).hasRowsCount(1);
        QueryAssert.assertThat(this.bobExecutor.executeQuery(String.format("SELECT * FROM %s", this.tableName), new QueryExecutor.QueryParam[0])).hasRowsCount(1);
        this.bobExecutor.executeQuery(String.format("DELETE FROM %s", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(this.bobExecutor.executeQuery(String.format("SELECT * FROM %s", this.tableName), new QueryExecutor.QueryParam[0])).hasNoRows();
        this.aliceExecutor.executeQuery(String.format("REVOKE ALL PRIVILEGES ON %s FROM bob", this.tableName), new QueryExecutor.QueryParam[0]);
        assertAccessDeniedOnAllOperationsOnTable(this.bobExecutor, this.tableName);
        QueryAssert.assertThat(this.bobExecutor.executeQuery(String.format("SHOW GRANTS ON %s", this.tableName), new QueryExecutor.QueryParam[0])).hasNoRows();
    }

    @Test(groups = {TestGroups.HIVE_CONNECTOR, TestGroups.AUTHORIZATION, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testPublic() {
        this.aliceExecutor.executeQuery(String.format("GRANT SELECT ON %s TO PUBLIC", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(this.bobExecutor.executeQuery(String.format("SELECT * FROM %s", this.tableName), new QueryExecutor.QueryParam[0])).hasNoRows();
        this.aliceExecutor.executeQuery(String.format("REVOKE SELECT ON %s FROM PUBLIC", this.tableName), new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(() -> {
            return this.bobExecutor.executeQuery(String.format("SELECT * FROM %s", this.tableName), new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(String.format("Access Denied: Cannot select from table default.%s", this.tableName));
        QueryAssert.assertThat(this.aliceExecutor.executeQuery(String.format("SELECT * FROM %s", this.tableName), new QueryExecutor.QueryParam[0])).hasNoRows();
    }

    @Test(groups = {TestGroups.AUTHORIZATION, TestGroups.HIVE_CONNECTOR, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testTableOwnerPrivileges() {
        onHive().executeQuery("set role admin;", new QueryExecutor.QueryParam[0]);
        QueryAssert.assertThat(onHive().executeQuery(String.format("SHOW GRANT USER alice ON TABLE %s", this.tableName), new QueryExecutor.QueryParam[0]).project(7, 8)).containsOnly(ownerGrants());
    }

    @Test(groups = {TestGroups.AUTHORIZATION, TestGroups.HIVE_CONNECTOR, TestGroups.PROFILE_SPECIFIC_TESTS})
    public void testViewOwnerPrivileges() {
        onHive().executeQuery("set role admin;", new QueryExecutor.QueryParam[0]);
        ContextDsl.executeWith(SqlContexts.createViewAs(this.viewName, String.format("SELECT * FROM %s", this.tableName), this.aliceExecutor), view -> {
            QueryAssert.assertThat(onHive().executeQuery(String.format("SHOW GRANT USER alice ON %s", this.viewName), new QueryExecutor.QueryParam[0]).project(7, 8)).containsOnly(ownerGrants());
        });
    }

    private ImmutableList<QueryAssert.Row> ownerGrants() {
        return ImmutableList.of(QueryAssert.Row.row("SELECT", Boolean.TRUE), QueryAssert.Row.row(HCatConstants.HCAT_INSERT_EVENT, Boolean.TRUE), QueryAssert.Row.row("UPDATE", Boolean.TRUE), QueryAssert.Row.row("DELETE", Boolean.TRUE));
    }

    public static QueryExecutor onHive() {
        return (QueryExecutor) ThreadLocalTestContextHolder.testContext().getDependency(QueryExecutor.class, "hive");
    }

    private static void assertAccessDeniedOnAllOperationsOnTable(QueryExecutor queryExecutor, String str) {
        QueryAssert.assertThat(() -> {
            return queryExecutor.executeQuery(String.format("SELECT * FROM %s", str), new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(String.format("Access Denied: Cannot select from table default.%s", str));
        QueryAssert.assertThat(() -> {
            return queryExecutor.executeQuery(String.format("INSERT INTO %s VALUES (3, 22)", str), new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(String.format("Access Denied: Cannot insert into table default.%s", str));
        QueryAssert.assertThat(() -> {
            return queryExecutor.executeQuery(String.format("DELETE FROM %s WHERE day=3", str), new QueryExecutor.QueryParam[0]);
        }).failsWithMessage(String.format("Access Denied: Cannot delete from table default.%s", str));
    }
}
