package com.cloudera.cmf.service.config;

import com.cloudera.cmf.service.SecurityParams;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.hdfs.HdfsServiceHandler;
import com.cloudera.cmf.service.mapreduce.MapReduceParams;
import com.cloudera.cmf.service.mapreduce.MapReduceServiceHandler;
import com.cloudera.cmf.service.yarn.YarnParams;
import com.cloudera.cmf.service.yarn.YarnServiceHandler;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:com/cloudera/cmf/service/config/HadoopPolicyConfigFileDefinitions.class */
public class HadoopPolicyConfigFileDefinitions {
    private static final Set<? extends Enum<?>> MR1_ROLES = ImmutableSet.of(MapReduceServiceHandler.RoleNames.JOBTRACKER, MapReduceServiceHandler.RoleNames.TASKTRACKER);
    private static final Set<? extends Enum<?>> YARN_ROLES = ImmutableSet.of(YarnServiceHandler.RoleNames.RESOURCEMANAGER, YarnServiceHandler.RoleNames.NODEMANAGER, YarnServiceHandler.RoleNames.JOBHISTORY);
    private static final List<ConfigEvaluator> HADOOP_POLICY = ImmutableList.of(ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.paramEvaluatesToValue(SecurityParams.SECURE_AUTHORIZATION, Boolean.TRUE)).evaluators(makeUserGroupEvaluator("security.client.protocol.acl"), makeUserGroupEvaluator("security.client.datanode.protocol.acl"), makeUserEvaluator("security.datanode.protocol.acl", ImmutableSet.of(HdfsServiceHandler.RoleNames.DATANODE), HdfsParams.HDFS_KERBEROS_PRINC), makeUserEvaluator("security.inter.datanode.protocol.acl", ImmutableSet.of(HdfsServiceHandler.RoleNames.DATANODE), HdfsParams.HDFS_KERBEROS_PRINC), makeUserEvaluator("security.namenode.protocol.acl", ImmutableSet.of(HdfsServiceHandler.RoleNames.SECONDARYNAMENODE), HdfsParams.HDFS_KERBEROS_PRINC), makeUserEvaluator("security.zkfc.protocol.acl", ImmutableSet.of(HdfsServiceHandler.RoleNames.FAILOVERCONTROLLER), HdfsParams.HDFS_KERBEROS_PRINC), makeUserEvaluator("security.qjournal.service.protocol.acl", ImmutableSet.of(HdfsServiceHandler.RoleNames.JOURNALNODE), HdfsParams.HDFS_KERBEROS_PRINC), makeAdminUserGroupEvaluator("security.refresh.policy.protocol.acl"), makeAdminUserGroupEvaluator("security.ha.service.protocol.acl"), makeAdminUserGroupEvaluator("security.refresh.usertogroups.mappings.protocol.acl", MR1_ROLES), makeAdminUserGroupEvaluator("security.admin.operations.protocol.acl", MR1_ROLES), makeUserGroupEvaluator("security.job.submission.protocol.acl", MR1_ROLES), new HardcodedConfigEvaluator("security.task.umbilical.protocol.acl", "*", (Set<? extends Enum<?>>) ImmutableSet.of(MapReduceServiceHandler.RoleNames.TASKTRACKER)), makeUserEvaluator("security.inter.tracker.protocol.acl", ImmutableSet.of(MapReduceServiceHandler.RoleNames.TASKTRACKER), MapReduceParams.MAPREDUCE_KERBEROS_PRINC), makeUserGroupEvaluator("security.mrhs.client.protocol.acl", YARN_ROLES), makeUserGroupEvaluator("security.applicationclient.protocol.acl", YARN_ROLES), makeUserGroupEvaluator("security.job.client.protocol.acl", YARN_ROLES), makeAdminUserGroupEvaluator("security.resourcemanager-administration.protocol.acl", YARN_ROLES), new HardcodedConfigEvaluator("security.job.task.protocol.acl", "*", YARN_ROLES), makeUserEvaluator("security.resourcetracker.protocol.acl", YARN_ROLES, YarnParams.YARN_KERBEROS_PRINC), new HardcodedConfigEvaluator("security.applicationmaster.protocol.acl", "*", YARN_ROLES), new HardcodedConfigEvaluator("security.containermanagement.protocol.acl", "*", YARN_ROLES), new HardcodedConfigEvaluator("security.resourcelocalizer.protocol.acl", "*", YARN_ROLES)).build(), new XMLSafetyValveEvaluator(HdfsParams.HADOOP_POLICY_SAFETY_VALVE), new XMLSafetyValveEvaluator(MapReduceParams.MAPREDUCE_HADOOP_POLICY_SAFETY_VALVE), new XMLSafetyValveEvaluator(YarnParams.YARN_HADOOP_POLICY_SAFETY_VALVE));
    public static final ConfigFileGenerator HADOOP_POLICY_XML = new XMLConfigFileGenerator(HADOOP_POLICY, "hadoop-policy.xml");

    private static CombinedEvaluator makeUserGroupEvaluator(String str) {
        return makeUserGroupEvaluator(str, null);
    }

    private static CombinedEvaluator makeUserGroupEvaluator(String str, Set<? extends Enum<?>> set) {
        return new CombinedEvaluator(set, str, "%s %s", new ParamSpecEvaluator(SecurityParams.HADOOP_AUTHORIZED_USERS), new ParamSpecEvaluator(SecurityParams.HADOOP_AUTHORIZED_GROUPS));
    }

    private static CombinedEvaluator makeAdminUserGroupEvaluator(String str) {
        return makeAdminUserGroupEvaluator(str, null);
    }

    private static CombinedEvaluator makeAdminUserGroupEvaluator(String str, Set<? extends Enum<?>> set) {
        return new CombinedEvaluator(set, str, "%s %s", new ParamSpecEvaluator(SecurityParams.HADOOP_AUTHORIZED_ADMIN_USERS), new ParamSpecEvaluator(SecurityParams.HADOOP_AUTHORIZED_ADMIN_GROUPS));
    }

    private static ParamSpecEvaluator<String> makeUserEvaluator(String str, Set<? extends Enum<?>> set, StringParamSpec stringParamSpec) {
        return new ParamSpecEvaluator<>(stringParamSpec, set, str, (String) null);
    }
}
