package com.cloudera.cmf.service.config;

import com.cloudera.cmf.Constants;
import com.cloudera.cmf.security.components.SecurityUtils;
import com.cloudera.cmf.service.HadoopSSLParams;
import com.cloudera.cmf.service.config.HbaseCoprocessorEvaluators;
import com.cloudera.cmf.service.core.CoreSettingsParams;
import com.cloudera.cmf.service.hbase.BaseHbaseRoleHandler;
import com.cloudera.cmf.service.hbase.HBaseReplicationAuxiliaryInfoEvaluator;
import com.cloudera.cmf.service.hbase.HbaseParams;
import com.cloudera.cmf.service.hbase.HbaseServiceHandler;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.cmf.service.sentry.SentryParams;
import com.cloudera.cmf.service.zookeeper.ZooKeeperParams;
import com.cloudera.cmf.version.Release;
import com.cloudera.server.cmf.Authentication;
import com.cloudera.server.common.KerberosAuthentication;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableRangeMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.RangeMap;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/cloudera/cmf/service/config/HBaseConfigFileDefinitions.class */
public class HBaseConfigFileDefinitions {
    public static final String HBASE_SITE_FILENAME = "hbase-site.xml";
    public static final String HBASE_ENV_FILENAME = "hbase-env.sh";
    private static final ConfigEvaluationPredicate RANGER_SERVICE_CONDITION = ConditionalEvaluator.and(ConditionalEvaluator.paramSupportsServiceVersion(HbaseParams.RANGER), ConditionalEvaluator.serviceHasDependency(HbaseParams.RANGER));
    public static final List<ConfigEvaluator> HBASE_SITE = ImmutableList.of(new HBaseDirEvaluator(), new HBaseDirEvaluator(HbaseParams.HDFS_WAL_DIR, "WAL Directory"), new ParamSpecEvaluator(HbaseParams.HBASE_MASTER_PORT), ConditionalEvaluator.builder().expectedValue(HbaseParams.HBASE_MASTER_BIND_TO_WILDCARD_ADDRESS, true).evaluators(new HardcodedConfigEvaluator(HbaseParams.HBASE_MASTER_BIND_TO_WILDCARD_ADDRESS.getPropertyNameMap(), "0.0.0.0")).build(), new HardcodedConfigEvaluator("hbase.cluster.distributed", "true", (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.MASTER, HbaseServiceHandler.RoleNames.REGIONSERVER)), ConditionalEvaluator.builder().expectedValue(HbaseParams.HBASE_ENABLE_REPLICATION, true).evaluators(new ParamSpecEvaluator(HbaseParams.HBASE_ENABLE_REPLICATION), new ParamSpecEvaluator(HbaseParams.HBASE_REPLICATION_SOURCE_RATIO), new ParamSpecEvaluator(HbaseParams.HBASE_REPLICATION_SOURCE_NB_CAPACITY)).build(), ConditionalEvaluator.builder().expectedValue(HbaseParams.HBASE_ENABLE_INDEXING, true).evaluators(new HardcodedConfigEvaluator((RangeMap<Release, String>) ImmutableRangeMap.of(Constants.SERVICE_CDH4_VERSION_RANGE, "replication.replicationsource.implementation"), "com.ngdata.sep.impl.SepReplicationSource", HbaseParams.hbasePrimaryRoles)).build(), new ParamSpecEvaluator(HbaseParams.HBASE_MASTER_INFO_PORT), new ParamSpecEvaluator(HbaseParams.HBASE_MASTER_INFO_BINDADDRESS), new ParamSpecEvaluator(HbaseParams.HBASE_CLIENT_WRITE_BUFFER), new ParamSpecEvaluator(HbaseParams.HBASE_CLIENT_PAUSE), new ParamSpecEvaluator(HbaseParams.HBASE_CLIENT_RETRIES_NUMBER), new ConfigEvaluator[]{new ParamSpecEvaluator(HbaseParams.HBASE_CLIENT_SCANNER_CACHING), new ParamSpecEvaluator(HbaseParams.HBASE_CLIENT_KEYVALUE_MAXSIZE), new ParamSpecEvaluator(HbaseParams.HBASE_IPC_CLIENT_ALLOWSINTERRUPT), new ParamSpecEvaluator(HbaseParams.HBASE_CLIENT_PRIMARYCALLTIMEOUT_GET), new ParamSpecEvaluator(HbaseParams.HBASE_CLIENT_PRIMARYCALLTIMEOUT_MULTIGET), new ParamSpecEvaluator(HbaseParams.HBASE_MASTER_DNS_INTERFACE), new ParamSpecEvaluator(HbaseParams.HBASE_MASTER_DNS_NAMESERVER), new ParamSpecEvaluator(HbaseParams.HBASE_MASTER_HANDLER_COUNT), new HardcodedConfigEvaluator((RangeMap<Release, String>) ImmutableRangeMap.builder().put(Constants.SERVICE_VERSIONS_SINCE_CDH7_1_0, "hbase.master.namespace.init.timeout").build(), "1800000", (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.MASTER)), new ParamSpecEvaluator(HbaseParams.HBASE_MASTER_EXECUTOR_OPENREGION_THREADS), new ParamSpecEvaluator(HbaseParams.HBASE_MASTER_EXECUTOR_CLOSEREGION_THREADS), new ParamSpecEvaluator(HbaseParams.HBASE_MASTER_EXECUTOR_SERVEROPS_THREADS), new ParamSpecEvaluator(HbaseParams.HBASE_SPLITLOG_MANAGER_TIMEOUT), new ParamSpecEvaluator(HbaseParams.HBASE_MASTER_LOGCLEANER_TTL), new ParamSpecEvaluator(HbaseParams.HBASE_MASTER_LOGCLEANER_PLUGINS), new ParamSpecEvaluator(HbaseParams.HBASE_MASTER_UI_READONLY), new ParamSpecEvaluator(HbaseParams.HBASE_FS_TMP_DIR), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_PORT), ConditionalEvaluator.builder().expectedValue(HbaseParams.HBASE_REGIONSERVER_BIND_TO_WILDCARD_ADDRESS, true).evaluators(new HardcodedConfigEvaluator(HbaseParams.HBASE_REGIONSERVER_BIND_TO_WILDCARD_ADDRESS.getPropertyNameMap(), "0.0.0.0")).build(), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_INFO_PORT), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_INFO_BINDADDRESS), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_CLASS), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_LEASE_PERIOD_MS), new ParamSpecEvaluator(HbaseParams.HBASE_CLIENT_SCANNER_TIMEOUT_PERIOD_MS), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_HANDLER_COUNT), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_METAHANDLER_COUNT), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_MSGINTERVAL), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_OPTIONALLOGFLUSHINTERVAL), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_REGIONSPLITLIMIT), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_LOGROLL_PERIOD), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_HLOG_READER_IMPL), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_HLOG_WRITER_IMPL), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_NBRESERVATIONBLOCKS), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_DNS_INTERFACE), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_DNS_NAMESERVER), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_GLOBAL_MEMSTORE_UPPERLIMIT), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_GLOBAL_MEMSTORE_LOWERLIMIT), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_CODECS), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_MAXLOGS), new CombinedEvaluator((Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.REGIONSERVER), (RangeMap<Release, String>) ImmutableRangeMap.of(Constants.SERVICE_CDH5_VERSION_RANGE, HbaseParams.HBASE_REGIONSERVER_HLOG_BLOCKSIZE), "%s", new ParamSpecEvaluator(HdfsParams.HDFS_BLOCK_SIZE)), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_THREAD_SMALL_COMPACTION), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_IPC_SERVER_READ_THREADPOOL_SIZE), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_WAL_PIPELINES), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_WAL_PROVIDER), new ParamSpecEvaluator(HbaseParams.HBASE_WAL_REGIONGROUP_DELEGATE_PROVIDER), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_WAL_STORAGE_POLICY), new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_WAL_CODEC), new ParamSpecEvaluator(HbaseParams.HBASE_HREGION_MEMSTORE_FLUSH_SIZE), new ParamSpecEvaluator(HbaseParams.HBASE_HREGION_MEMSTORE_MSLAB_ENABLED), new ParamSpecEvaluator(HbaseParams.HBASE_HREGION_MEMSTORE_MSLAB_CHUNKSIZE), new ParamSpecEvaluator(HbaseParams.HBASE_HREGION_MEMSTORE_MSLAB_MAX_ALLOCATION), new ParamSpecEvaluator(HbaseParams.HBASE_HREGION_PRECLOSE_FLUSH_SIZE), new ParamSpecEvaluator(HbaseParams.HBASE_HREGION_MEMSTORE_BLOCK_MULTIPLIER), new ParamSpecEvaluator(HbaseParams.HBASE_HREGION_MAX_FILESIZE), new ParamSpecEvaluator(HbaseParams.HBASE_HREGION_MAJORCOMPACTION_JITTER), new ParamSpecEvaluator(HbaseParams.HBASE_HREGION_REPLICA_REPLICATION_ENABLED), new ParamSpecEvaluator(HbaseParams.HBASE_HSTORE_COMPACTIONTHRESHOLD), new ParamSpecEvaluator(HbaseParams.HBASE_HSTORE_BLOCKINGSTOREFILES), new ParamSpecEvaluator(HbaseParams.HBASE_HSTORE_BLOCKINGWAITTIME), new ParamSpecEvaluator(HbaseParams.HBASE_HSTORE_COMPACTION_MAX), new ParamSpecEvaluator(HbaseParams.HBASE_HREGION_MAJORCOMPACTION), new ParamSpecEvaluator(HbaseParams.HFILE_BLOCK_CACHE_SIZE), new ParamSpecEvaluator(HbaseParams.HFILE_BUCKETCACHE_COMBINEDCACHE_ENABLED), new ParamSpecEvaluator(HbaseParams.HBASE_BUCKETCACHE_IOENGINE), new ParamSpecEvaluator(HbaseParams.HBASE_BUCKETCACHE_SIZE), new ParamSpecEvaluator(HbaseParams.HBASE_HASH_TYPE), new ParamSpecEvaluator(HbaseParams.HBASE_SERVER_THREAD_WAKEFREQUENCY), new ParamSpecEvaluator(HbaseParams.HBASE_COPROCESSOR_ABORT_ON_ERROR), new HbaseCoprocessorEvaluators.MasterCoprocessorEvaluator(), new HbaseCoprocessorEvaluators.RegionServerCoprocessorEvaluator(), new ParamSpecEvaluator(HbaseParams.HBASE_RESTSERVER_DNS_INTERFACE), new ParamSpecEvaluator(HbaseParams.HBASE_RESTSERVER_DNS_NAMESERVER), new ParamSpecEvaluator(HbaseParams.HBASE_THRIFTSERVER_DNS_INTERFACE), new ParamSpecEvaluator(HbaseParams.HBASE_THRIFTSERVER_DNS_NAMESERVER), new ParamSpecEvaluator(HbaseParams.HBASE_THRIFTSERVER_MIN_WORKER_THREADS), new ParamSpecEvaluator(HbaseParams.HBASE_THRIFTSERVER_INFO_PORT), new ParamSpecEvaluator(HbaseParams.HBASE_THRIFTSERVER_HTTP), ConditionalEvaluator.builder().expectedValue(HbaseParams.HBASE_THRIFTSERVER_HTTP, true).evaluators(new ParamSpecEvaluator(HbaseParams.HBASE_THRIFTSERVER_HTTP_SSL_ENABLE), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.not(ConditionalEvaluator.paramEvaluatesToValue(HbaseParams.HBASE_THRIFTSERVER_SECURE_AUTHENTICATION, "none"))).evaluators(new HardcodedConfigEvaluator(HbaseParams.HBASE_THRIFTSERVER_HTTP_SSL_ENABLE, "true")).build(), ConditionalEvaluator.builder().expectedValue(HbaseParams.HBASE_THRIFTSERVER_HTTP_SSL_ENABLE, true).evaluators(new AutoTLSPathParamSpecEvaluator(HbaseParams.HBASE_THRIFTSERVER_HTTP_KEYSTORE_FILE), new AutoTLSPasswordParamSpecEvaluator(HbaseParams.HBASE_THRIFTSERVER_HTTP_KEYSTORE_PASSWORD), new AutoTLSPasswordParamSpecEvaluator(HbaseParams.HBASE_THRIFTSERVER_HTTP_KEYSTORE_KEYPASSWORD)).build()).build(), new ParamSpecEvaluator(HbaseParams.HBASE_THRIFTSERVER_SUPPORT_PROXYUSER), new ParamSpecEvaluator(HbaseParams.HBASE_RESTSERVER_SUPPORT_PROXYUSER), new HostNameEvaluator(HbaseServiceHandler.SERVICE_TYPE, HbaseServiceHandler.RoleNames.HBASETHRIFTSERVER, HbaseParams.HBASE_THRIFTSERVER_INFO_BIND_TO_WILDCARD, HbaseServiceHandler.RoleNames.HBASETHRIFTSERVER), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.serviceVersionInRange(Constants.SERVICE_VERSIONS_PRIOR_TO_CDH7_0_0)).evaluators(new NavigatorConditionedEvaluator(HbaseParams.NAVIGATOR_COLLECTION_ENABLED, new HardcodedConfigEvaluator((RangeMap<Release, String>) ImmutableRangeMap.of(Constants.SERVICE_VERSIONS_SINCE_CDH4, "cloudera.navigator.client.config"), MgmtConfigFileDefinitions.NAVIGATOR_CLIENT_CONFIG_FILE_TMPL, (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.MASTER, HbaseServiceHandler.RoleNames.REGIONSERVER)))).build(), new ParamSpecEvaluator(HbaseParams.HBASE_SUPERUSER), new ParamSpecEvaluator(HbaseParams.HBASE_RPC_TIMEOUT), new ParamSpecEvaluator(HbaseParams.HBASE_SNAPSHOT_ENABLED), new ParamSpecEvaluator(HbaseParams.HBASE_SNAPSHOT_MASTER_TIMEOUTMILLIS), new ParamSpecEvaluator(HbaseParams.HBASE_SNAPSHOT_REGION_TIMEOUT), new ParamSpecEvaluator(HbaseParams.HBASE_SNAPSHOT_MASTER_TIMEOUT_MILLIS), new ParamSpecEvaluator(HbaseParams.HBASE_SECURE_AUTHENTICATION), new ParamSpecEvaluator(HbaseParams.HBASE_SECURE_AUTHORIZATION), new ParamSpecEvaluator(HbaseParams.HBASE_SPNEGO_ADMIN_GROUPS), new ParamSpecEvaluator(HbaseParams.HBASE_ROW_LEVEL_AUTHORIZATION), new ParamSpecEvaluator<Boolean>(HbaseParams.HBASE_CELL_ACL_AUTHORIZATION) { // from class: com.cloudera.cmf.service.config.HBaseConfigFileDefinitions.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.cloudera.cmf.service.config.ParamSpecEvaluator
        public Boolean getParamSpecValue(ConfigEvaluationContext configEvaluationContext) throws ConfigGenException {
            return Boolean.valueOf(!((Boolean) super.getParamSpecValue(configEvaluationContext)).booleanValue());
        }
    }, new ParamSpecEvaluator(HbaseParams.HBASE_SECURITY_EXEC_PERMISSION_CHECKS), new ParamSpecEvaluator(HbaseParams.HBASE_RPC_PROTECTION), new ParamSpecEvaluator(HbaseParams.ZOOKEEPER_SESSION_TIMEOUT), new ParamSpecEvaluator(HbaseParams.ZOOKEEPER_RETRIES), new ParamSpecEvaluator(HbaseParams.ZOOKEEPER_PAUSE), new ParamSpecEvaluator(HbaseParams.ZOOKEEPER_ZNODE_PARENT), new ParamSpecEvaluator(HbaseParams.ZOOKEEPER_ZNODE_ROOTSERVER), new ZKQuorumPeersEvaluator("hbase.zookeeper.quorum", "hbase.zookeeper.property.clientPort"), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.kerberos()).evaluators(new HardcodedConfigEvaluator("hbase.zookeeper.client.keytab.file", HbaseParams.HBASE_KEYTAB_FILE_NAME, (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.MASTER, HbaseServiceHandler.RoleNames.REGIONSERVER)), new KerberosPrincEvaluator(ImmutableSet.of(HbaseServiceHandler.RoleNames.MASTER), HbaseServiceHandler.SERVICE_TYPE, HbaseServiceHandler.RoleNames.MASTER, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hbase.master.kerberos.principal"), SecurityUtils.HADOOP_HOST_WILDCARD), new HardcodedConfigEvaluator("hbase.master.keytab.file", HbaseParams.HBASE_KEYTAB_FILE_NAME, (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.MASTER)), new KerberosPrincEvaluator(ImmutableSet.of(HbaseServiceHandler.RoleNames.REGIONSERVER), HbaseServiceHandler.SERVICE_TYPE, HbaseServiceHandler.RoleNames.REGIONSERVER, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hbase.regionserver.kerberos.principal"), SecurityUtils.HADOOP_HOST_WILDCARD), new HardcodedConfigEvaluator("hbase.regionserver.keytab.file", HbaseParams.HBASE_KEYTAB_FILE_NAME, (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.REGIONSERVER)), new KerberosPrincEvaluator(ImmutableSet.of(HbaseServiceHandler.RoleNames.HBASERESTSERVER), HbaseServiceHandler.SERVICE_TYPE, HbaseServiceHandler.RoleNames.HBASERESTSERVER, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hbase.rest.kerberos.principal"), SecurityUtils.HADOOP_HOST_WILDCARD), new HardcodedConfigEvaluator("hbase.rest.keytab.file", HbaseParams.HBASE_KEYTAB_FILE_NAME, (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.HBASERESTSERVER)), getHbaseThriftserverPrincipalEvaluator(ImmutableSet.of(HbaseServiceHandler.RoleNames.HBASETHRIFTSERVER)), new HardcodedConfigEvaluator("hbase.thrift.keytab.file", HbaseParams.HBASE_KEYTAB_FILE_NAME, (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.HBASETHRIFTSERVER)), new HardcodedConfigEvaluator((RangeMap<Release, String>) ImmutableRangeMap.builder().put(Constants.SERVICE_VERSIONS_SINCE_CDH7_1_0, "hbase.thrift.spnego.keytab.file").build(), HbaseParams.HBASE_KEYTAB_FILE_NAME, (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.HBASETHRIFTSERVER)), new KerberosPrincEvaluator((Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.REGIONSERVER), HbaseServiceHandler.SERVICE_TYPE, (Enum<?>) HbaseServiceHandler.RoleNames.REGIONSERVER, (Map<String, String>) ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hbase.client.kerberos.principal"), SecurityUtils.HADOOP_HOST_WILDCARD, (RangeMap<Release, String>) ImmutableRangeMap.builder().put(Constants.SERVICE_VERSIONS_SINCE_CDH5_3_0, "hbase.client.kerberos.principal").build()), new HardcodedConfigEvaluator((RangeMap<Release, String>) ImmutableRangeMap.builder().put(Constants.SERVICE_VERSIONS_SINCE_CDH5_3_0, "hbase.client.keytab.file").build(), HbaseParams.HBASE_KEYTAB_FILE_NAME, (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.REGIONSERVER))).build(), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.or(ConditionalEvaluator.paramEvaluatesToValue(HbaseParams.HBASE_SECURE_AUTHENTICATION, Authentication.AUTHENTICATION_TYPES.kerberos.name()), ConditionalEvaluator.serviceVersionInRange(HbaseCoprocessorEvaluators.ALWAYS_ADD_BULKLOAD_VERSIONS))).evaluators(new ParamSpecEvaluator(HbaseParams.HBASE_BULKLOAD_STAGING_DIR)).build(), ConditionalEvaluator.builder().expectedValue(HbaseParams.HBASE_SECURE_AUTHENTICATION, Authentication.AUTHENTICATION_TYPES.kerberos.name()).evaluators(new HardcodedConfigEvaluator((RangeMap<Release, String>) ImmutableRangeMap.builder().put(Constants.SERVICE_CDH3U4X_VERSION_RANGE, "hbase.rpc.engine").put(Constants.SERVICE_CDH4_VERSION_RANGE, "hbase.rpc.engine").build(), BaseHbaseRoleHandler.SECURE_RPC_ENGINE_NAME, (Set<? extends Enum<?>>) null), new KerberosPrincEvaluator(ImmutableSet.of(HbaseServiceHandler.RoleNames.REGIONSERVER, HbaseServiceHandler.RoleNames.HBASERESTSERVER, HbaseServiceHandler.RoleNames.HBASETHRIFTSERVER, HbaseServiceHandler.RoleNames.GATEWAY), HbaseServiceHandler.SERVICE_TYPE, HbaseServiceHandler.RoleNames.MASTER, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hbase.master.kerberos.principal"), SecurityUtils.HADOOP_HOST_WILDCARD), new KerberosPrincEvaluator(ImmutableSet.of(HbaseServiceHandler.RoleNames.MASTER, HbaseServiceHandler.RoleNames.HBASERESTSERVER, HbaseServiceHandler.RoleNames.HBASETHRIFTSERVER, HbaseServiceHandler.RoleNames.GATEWAY), HbaseServiceHandler.SERVICE_TYPE, HbaseServiceHandler.RoleNames.REGIONSERVER, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hbase.regionserver.kerberos.principal"), SecurityUtils.HADOOP_HOST_WILDCARD), new KerberosPrincEvaluator(ImmutableSet.of(HbaseServiceHandler.RoleNames.GATEWAY), HbaseServiceHandler.SERVICE_TYPE, HbaseServiceHandler.RoleNames.HBASERESTSERVER, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hbase.rest.kerberos.principal"), SecurityUtils.HADOOP_HOST_WILDCARD), getHbaseThriftserverPrincipalEvaluator(ImmutableSet.of(HbaseServiceHandler.RoleNames.GATEWAY))).build(), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.or(ConditionalEvaluator.paramEvaluatesToValue(HbaseParams.HBASE_RESTSERVER_SECURE_AUTHENTICATION, Authentication.AUTHENTICATION_TYPES.kerberos.name()), ConditionalEvaluator.and(ConditionalEvaluator.paramSupportsServiceVersion(HbaseParams.HBASE_THRIFTSERVER_SECURE_AUTHENTICATION), ConditionalEvaluator.not(ConditionalEvaluator.paramEvaluatesToValue(HbaseParams.HBASE_THRIFTSERVER_SECURE_AUTHENTICATION, "none"))))).evaluators(new HardcodedConfigEvaluator("hadoop.security.authorization", "true"), new ProxyUserEvaluator(HbaseServiceHandler.SERVICE_TYPE, (ParamSpec<List<String>>) HbaseParams.HBASE_PROXY_GROUPS, (ParamSpec<List<String>>) HbaseParams.HBASE_PROXY_HOSTS, true)).build(), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.not(ConditionalEvaluator.paramEvaluatesToValue(HbaseParams.HBASE_THRIFTSERVER_SECURE_AUTHENTICATION, "none"))).evaluators(new ParamSpecEvaluator(HbaseParams.HBASE_THRIFTSERVER_SECURE_AUTHENTICATION, (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.HBASETHRIFTSERVER))).build(), ConditionalEvaluator.builder().expectedValue(HbaseParams.HBASE_RESTSERVER_SECURE_AUTHENTICATION, Authentication.AUTHENTICATION_TYPES.kerberos.name()).evaluators(new ParamSpecEvaluator(HbaseParams.HBASE_RESTSERVER_SECURE_AUTHENTICATION, (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.HBASERESTSERVER)), new HardcodedConfigEvaluator("hbase.rest.authentication.kerberos.keytab", HbaseParams.HBASE_KEYTAB_FILE_NAME, (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.HBASERESTSERVER)), new KerberosPrincEvaluator(ImmutableSet.of(HbaseServiceHandler.RoleNames.HBASERESTSERVER), HbaseServiceHandler.SERVICE_TYPE, HbaseServiceHandler.RoleNames.HBASERESTSERVER, ImmutableMap.of(KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL, "hbase.rest.authentication.kerberos.principal"), SecurityUtils.HADOOP_HOST_WILDCARD)).build(), ConditionalEvaluator.builder().roleTypesToEmitFor(HbaseParams.HBASE_SECURE_AUTHENTICATION.getRoleTypesToEmitFor()).versionToPropertyName(HbaseParams.HBASE_SECURE_AUTHENTICATION.getPropertyNameMap()).checkCondition(ConditionalEvaluator.and(ConditionalEvaluator.paramEvaluatesToValue(HbaseParams.HBASE_SECURE_AUTHENTICATION, Authentication.AUTHENTICATION_TYPES.simple.name()), ConditionalEvaluator.paramEvaluatesToValue(HbaseParams.HBASE_SECURE_RPC_ENGINE, true))).evaluators(new HardcodedConfigEvaluator((RangeMap<Release, String>) ImmutableRangeMap.builder().put(Constants.SERVICE_CDH3U4X_VERSION_RANGE, "hbase.rpc.engine").put(Constants.SERVICE_VERSIONS_SINCE_CDH4, "hbase.rpc.engine").build(), BaseHbaseRoleHandler.SECURE_RPC_ENGINE_NAME, (Set<? extends Enum<?>>) null)).build(), getHBaseFipsEvaluator(), new ParamSpecEvaluator(HbaseParams.HBASE_RESTSERVER_HOST), new ParamSpecEvaluator(HbaseParams.HBASE_RESTSERVER_PORT), new HostNameEvaluator(HbaseServiceHandler.SERVICE_TYPE, HbaseServiceHandler.RoleNames.HBASERESTSERVER, HbaseParams.HBASE_RESTSERVER_INFO_BIND_TO_WILDCARD, HbaseServiceHandler.RoleNames.HBASERESTSERVER), new ParamSpecEvaluator(HbaseParams.HBASE_RESTSERVER_INFO_PORT), new ParamSpecEvaluator(HbaseParams.HBASE_RESTSERVER_READONLY), new ParamSpecEvaluator(HbaseParams.HBASE_RESTSERVER_THREADS_MIN), new ParamSpecEvaluator(HbaseParams.HBASE_RESTSERVER_THREADS_MAX), new ParamSpecEvaluator(HbaseParams.HBASE_RESTSERVER_SSL_ENABLE), ConditionalEvaluator.builder().expectedValue(HbaseParams.HBASE_RESTSERVER_SSL_ENABLE, true).evaluators(new AutoTLSPathParamSpecEvaluator(HbaseParams.HBASE_RESTSERVER_KEYSTORE_FILE), new AutoTLSPasswordParamSpecEvaluator(HbaseParams.HBASE_RESTSERVER_KEYSTORE_PASSWORD), new AutoTLSPasswordParamSpecEvaluator(HbaseParams.HBASE_RESTSERVER_KEYSTORE_KEYPASSWORD), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.serviceVersionInRange(Constants.SERVICE_VERSIONS_SINCE_CDH7_1_5)).evaluators(ConfigEvaluatorHelpers.makeNameOverrideEvaluator(ScmParams.KEYSTORE_TYPE, "hbase.rest.ssl.keystore.type", HbaseServiceHandler.RoleNames.HBASERESTSERVER)).build()).build(), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.and(RANGER_SERVICE_CONDITION)).evaluators(new HardcodedConfigEvaluator("hbase.security.authorization", "true", (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.MASTER)), new HardcodedConfigEvaluator("hbase.coprocessor.regionserver.classes", "org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor", (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.REGIONSERVER))).build(), new ParamSpecEvaluator(HbaseParams.HBOSS_FS_S3A_IMPL), new ParamSpecEvaluator(HbaseParams.HBOSS_S3A_IMPL), new ParamSpecEvaluator(HbaseParams.HBOSS_SYNC_IMPL), new ParamSpecEvaluator(HbaseParams.HBOSS_S3A_CONNECTION_MAXIMUM), new ParamSpecEvaluator(HbaseParams.HBOSS_S3A_THREADS_MAX), new ParamSpecEvaluator(HbaseParams.HBASE_USE_DYNAMIC_JARS), new ParamSpecEvaluator(HbaseParams.HDFS_DYNAMIC_JARS_DIR), new XMLSafetyValveEvaluator(HbaseParams.HBASE_SERVICE_CONFIG_SAFETY_VALVE), new XMLSafetyValveEvaluator(HbaseParams.HBASE_MASTER_CONFIG_SAFETY_VALVE), new XMLSafetyValveEvaluator(HbaseParams.HBASE_REGIONSERVER_CONFIG_SAFETY_VALVE), new XMLSafetyValveEvaluator(HbaseParams.HBASE_RESTSERVER_CONFIG_SAFETY_VALVE), new XMLSafetyValveEvaluator(HbaseParams.HBASE_THRIFTSERVER_CONFIG_SAFETY_VALVE), new XMLSafetyValveEvaluator(HbaseParams.HBASE_CLIENT_CONFIG_SAFETY_VALVE), ConditionalEvaluator.builder().expectedValue(HbaseParams.HBASE_SECURE_WEB_UI, true).evaluators(new HardcodedConfigEvaluator("hbase.security.authentication.ui", SentryParams.SECURITY_MODE_KERBEROS, (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.HBASERESTSERVER, HbaseServiceHandler.RoleNames.HBASETHRIFTSERVER, HbaseServiceHandler.RoleNames.MASTER, HbaseServiceHandler.RoleNames.REGIONSERVER)), new HardcodedConfigEvaluator("hbase.security.authentication.spnego.kerberos.keytab", HbaseParams.HBASE_KEYTAB_FILE_NAME, (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.HBASERESTSERVER, HbaseServiceHandler.RoleNames.HBASETHRIFTSERVER, HbaseServiceHandler.RoleNames.MASTER, HbaseServiceHandler.RoleNames.REGIONSERVER)), makeHBaseWebUIPrincEvaluator(HbaseServiceHandler.RoleNames.HBASERESTSERVER), makeHBaseWebUIPrincEvaluator(HbaseServiceHandler.RoleNames.HBASETHRIFTSERVER), makeHBaseWebUIPrincEvaluator(HbaseServiceHandler.RoleNames.MASTER), makeHBaseWebUIPrincEvaluator(HbaseServiceHandler.RoleNames.REGIONSERVER)).build(), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.and(ConditionalEvaluator.paramEvaluatesToValue(HbaseParams.HBASE_SECURE_WEB_UI, true), ConditionalEvaluator.serviceVersionInRange(Constants.SERVICE_VERSIONS_SINCE_CDH7_2_1))).evaluators(new HardcodedConfigEvaluator("hbase.security.authentication.spnego.kerberos.proxyuser.enable", "true", (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.MASTER, HbaseServiceHandler.RoleNames.REGIONSERVER))).build(), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.not(ConditionalEvaluator.paramEvaluatesToValue(HbaseParams.HBASE_REPLICATION_AUXILIARY_INFO, null))).evaluators(new HBaseReplicationAuxiliaryInfoEvaluator()).build()});
    public static final ConfigEvaluator MASTER_LOG_WHITELIST_EVALUATOR = new ParamSpecEvaluator(HbaseParams.HBASE_MASTER_LOG_WHITELIST);
    public static final ConfigEvaluator REGIONSERVER_LOG_WHITELIST_EVALUATOR = new ParamSpecEvaluator(HbaseParams.HBASE_REGIONSERVER_LOG_WHITELIST);
    public static final ConfigEvaluator THRIFTSERVER_LOG_WHITELIST_EVALUATOR = new ParamSpecEvaluator(HbaseParams.HBASE_THRIFTSERVER_LOG_WHITELIST);
    private static final String HBASE_DAEMON_JAAS_TEMPLATES = "Client {\n  com.sun.security.auth.module.Krb5LoginModule required\n  useKeyTab=true\n  useTicketCache=false\n  keyTab=\"hbase.keytab\"\n  principal=\"%s\";\n};";
    public static final ConfigEvaluator HBASE_MASTER_JAAS_CONF_EVALUATOR = ConditionalEvaluator.builder().expectedValue(ZooKeeperParams.ZOOKEEPER_ENABLE_SECURITY, true).evaluators(new CombinedEvaluator((Set<? extends Enum<?>>) null, (RangeMap<Release, String>) ParamSpec.PROPERTY_MAP_ALL_VERSIONS_NO_NAME, HBASE_DAEMON_JAAS_TEMPLATES, new KerberosPrincEvaluator(null, HbaseServiceHandler.SERVICE_TYPE, HbaseServiceHandler.RoleNames.MASTER, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "unused"), null))).build();
    public static final ConfigEvaluator HBASE_REGIONSERVER_JAAS_CONF_EVALUATOR = ConditionalEvaluator.builder().expectedValue(ZooKeeperParams.ZOOKEEPER_ENABLE_SECURITY, true).evaluators(new CombinedEvaluator((Set<? extends Enum<?>>) null, (RangeMap<Release, String>) ParamSpec.PROPERTY_MAP_ALL_VERSIONS_NO_NAME, HBASE_DAEMON_JAAS_TEMPLATES, new KerberosPrincEvaluator(null, HbaseServiceHandler.SERVICE_TYPE, HbaseServiceHandler.RoleNames.REGIONSERVER, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "unused"), null))).build();
    public static final ConfigEvaluator HBASE_RESTSERVER_JAAS_CONF_EVALUATOR = ConditionalEvaluator.builder().expectedValue(HbaseParams.HBASE_RESTSERVER_SECURE_AUTHENTICATION, SentryParams.SECURITY_MODE_KERBEROS).evaluators(new CombinedEvaluator((Set<? extends Enum<?>>) null, (RangeMap<Release, String>) ParamSpec.PROPERTY_MAP_ALL_VERSIONS_NO_NAME, HBASE_DAEMON_JAAS_TEMPLATES, new KerberosPrincEvaluator(null, HbaseServiceHandler.SERVICE_TYPE, HbaseServiceHandler.RoleNames.HBASERESTSERVER, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "unused"), null))).build();
    public static final String CLIENT_JAAS = ConfigGeneratorHelpers.loadFileToString("hbase/client_jaas.conf");
    public static final ConfigEvaluator CLIENT_JAAS_CONF_EVALUATOR = ConditionalEvaluator.builder().expectedValue(ZooKeeperParams.ZOOKEEPER_ENABLE_SECURITY, true).evaluators(new HardcodedConfigEvaluator(CLIENT_JAAS)).build();
    public static final NestedEvaluator HBASE_ENV = new NestedEvaluator(ConditionalEvaluator.builder().expectedValue(ZooKeeperParams.ZOOKEEPER_ENABLE_SECURITY, true).evaluators(new HardcodedConfigEvaluator("export HBASE_OPTS", "\"$HBASE_OPTS -Djava.security.auth.login.config={{HBASE_CONF_DIR}}/jaas.conf\"")).build(), new HardcodedConfigEvaluator("# HBASE_CLASSPASTH", "{{HBASE_CLASSPATH}}"), new HardcodedConfigEvaluator("# JAVA_LIBRARY_PATH", "{{JAVA_LIBRARY_PATH}}"), new HardcodedConfigEvaluator("export HBASE_CLASSPATH", "`echo $HBASE_CLASSPATH | sed -e \"s|$ZOOKEEPER_CONF:||\"`"), new EnvironmentParamSpecEvaluator(HbaseParams.HBASE_CLIENT_CONFIG_ENV_SAFETY_VALVE, "HBASE_OPTS", HbaseParams.HBASE_CLIENT_CONFIG_JAVA_HEAPSIZE, HbaseParams.HBASE_CLIENT_CONFIG_JAVA_OPTS));
    private static final Map<String, String> ADDITIONAL_LOG4J_PROPERTIES = ImmutableMap.builder().put("log.file", "${hbase.log.file}").put("log4j.logger.org.apache.zookeeper", "INFO").put("log4j.logger.org.apache.hadoop.hbase.zookeeper.ZKUtil", "INFO").put("log4j.logger.org.apache.hadoop.hbase.zookeeper.ZooKeeperWatcher", "INFO").build();
    public static final String HBASE_ROOT_LOGGER = "hbase.root.logger";
    public static final List<ConfigEvaluator> LOG4J_PROPERTIES = ImmutableList.of(Log4JEvaluator.builder().addConfigs(ADDITIONAL_LOG4J_PROPERTIES).rootLoggerPropertyName(HBASE_ROOT_LOGGER).build());
    private static final List<? extends GenericConfigEvaluator> HDFS_SITE = ImmutableList.of(ConditionalEvaluator.builder().checkCondition(DfsConfigEvaluationPredicates.SHORT_CIRCUIT_READ).evaluators(new ParamSpecEvaluator(HbaseParams.HBASE_DFS_CLIENT_READ_SHORTCIRCUIT)).build(), new ParamSpecEvaluator(HbaseParams.DFS_CLIENT_HEDGED_READ_THREADPOOL_SIZE), new ParamSpecEvaluator(HbaseParams.DFS_CLIENT_HEDGED_READ_THRESHOLD_MILLIS), new HardcodedConfigEvaluator((RangeMap<Release, String>) ImmutableRangeMap.of(Constants.SERVICE_CDH5_VERSION_RANGE, "dfs.client.block.write.replace-datanode-on-failure.enable"), "false", (Set<? extends Enum<?>>) ImmutableSet.of(HbaseServiceHandler.RoleNames.REGIONSERVER)));
    public static final ConfigFileGenerator HDFS_SITE_XML = new XMLConfigFileGenerator(HDFS_SITE, HdfsParams.HDFS_SITE_XML);
    private static final List<? extends GenericConfigEvaluator> CORE_SITE = ImmutableList.of(new ParamSpecEvaluator(HadoopSSLParams.HBASE_HADOOP_SSL_ENABLED), CoreConfigFileDefinitions.HADOOP_SSL_EVALUATOR, ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.and(ConditionalEvaluator.evaluatingForRoleType(HbaseServiceHandler.RoleNames.MASTER.getConfigLocator()), ConditionalEvaluator.paramSupportsServiceVersion(HbaseParams.HBASE_HREGION_REPLICA_REPLICATION_ENABLED), ConditionalEvaluator.paramEvaluatesToValue(HbaseParams.HBASE_HREGION_REPLICA_REPLICATION_ENABLED, true))).evaluators(HardcodedConfigEvaluator.builder().propertyNames(CommonParamSpecs.TOPOLOGY_SCRIPT_FILE_PROPERTY_NAMES).value("{{CMF_CONF_DIR}}/topology.py").roleTypesToEmitFor(HbaseServiceHandler.RoleNames.MASTER).build()).build(), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.serviceVersionInRange(Constants.SERVICE_VERSIONS_SINCE_CDH7_1_1)).evaluators(new SecureWebUIEvaluator(HbaseParams.HBASE_SECURE_WEB_UI)).build(), new XMLSafetyValveEvaluator(HbaseParams.HBASE_CORE_SITE_SAFETY_VALVE));
    public static final ConfigFileGenerator CORE_SITE_XML = new XMLConfigFileGenerator(CORE_SITE, CoreSettingsParams.CORE_SITE_XML);

    private static KerberosPrincEvaluator makeHBaseWebUIPrincEvaluator(HbaseServiceHandler.RoleNames roleNames) {
        return new KerberosPrincEvaluator(ImmutableSet.of(HbaseServiceHandler.RoleNames.HBASERESTSERVER, HbaseServiceHandler.RoleNames.HBASETHRIFTSERVER, HbaseServiceHandler.RoleNames.MASTER, HbaseServiceHandler.RoleNames.REGIONSERVER), HbaseServiceHandler.SERVICE_TYPE, roleNames, ImmutableMap.of(KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL, "hbase.security.authentication.spnego.kerberos.principal"), SecurityUtils.HADOOP_HOST_WILDCARD);
    }

    public static final ConfigEvaluator getHbaseThriftserverPrincipalEvaluator(Set<HbaseServiceHandler.RoleNames> set) {
        return ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.serviceVersionInRange(Constants.SERVICE_VERSIONS_SINCE_CDH7_1_0)).evaluators(new KerberosPrincEvaluator(set, HbaseServiceHandler.SERVICE_TYPE, HbaseServiceHandler.RoleNames.HBASETHRIFTSERVER, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hbase.thrift.kerberos.principal", KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL, "hbase.thrift.spnego.principal"), SecurityUtils.HADOOP_HOST_WILDCARD)).alternateEvaluators(ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.paramEvaluatesToValue(HbaseParams.HBASE_THRIFTSERVER_HTTP, Boolean.TRUE)).evaluators(new KerberosPrincEvaluator(set, HbaseServiceHandler.SERVICE_TYPE, HbaseServiceHandler.RoleNames.HBASETHRIFTSERVER, ImmutableMap.of(KerberosAuthentication.KERBEROS_HTTP_PRINCIPAL, "hbase.thrift.kerberos.principal"), SecurityUtils.HADOOP_HOST_WILDCARD)).alternateEvaluators(new KerberosPrincEvaluator(set, HbaseServiceHandler.SERVICE_TYPE, HbaseServiceHandler.RoleNames.HBASETHRIFTSERVER, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "hbase.thrift.kerberos.principal"), SecurityUtils.HADOOP_HOST_WILDCARD)).build()).build();
    }

    public static final ConfigEvaluator getHBaseFipsEvaluator() {
        return ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.and(ConditionalEvaluator.serviceVersionInRange(Constants.SERVICE_VERSIONS_SINCE_CDH7_1_5), ConditionalEvaluator.isInFipsMode())).evaluators(new HardcodedConfigEvaluator("hbase.crypto.enabled", "false"), new HardcodedConfigEvaluator("hbase.crypto.key.hash.algorithm", "SHA-384"), new HardcodedConfigEvaluator("hbase.crypto.key.hash.algorithm.failOnMismatch", "true")).build();
    }
}
