package com.cloudera.cmf.service.sentry;

import com.cloudera.api.fiql.FIQLParser;
import com.cloudera.cmf.model.ConfigValueProvider;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.CommandUtils;
import com.cloudera.cmf.service.config.ConfigEvaluatorHelpers;
import com.cloudera.cmf.service.config.ConfigGenException;
import com.cloudera.cmf.service.config.EvaluatedConfig;
import com.cloudera.cmf.service.config.GenericConfigEvaluator;
import com.cloudera.cmf.service.config.HardcodedConfigEvaluator;
import com.cloudera.cmf.service.config.ParamParseException;
import com.cloudera.cmf.service.config.XMLConfigFileGenerator;
import com.cloudera.cmf.service.csd.components.CsdVariableProvider;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.hive.HiveParams;
import com.cloudera.cmf.service.hive.HiveReplicationCmdArgs;
import com.cloudera.cmf.service.hive.HiveServiceHandler;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:com/cloudera/cmf/service/sentry/AuthorizationMigrationConfigurationGenerator.class */
public class AuthorizationMigrationConfigurationGenerator extends XMLConfigFileGenerator {
    private static final String ALL_TABLES = "/tbl=.*";
    public static final String AUTHORIZATION_SITE_XML = "authorization-migration-site.xml";

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/cloudera/cmf/service/sentry/AuthorizationMigrationConfigurationGenerator$Builder.class */
    public static class Builder {
        private final DbRole role;
        private String targetServices;
        private String outputFileName;
        private String migrationObjects;
        private boolean dryRun;
        private String cloudPathPrefix;
        private final boolean export;
        private boolean skipUrlPermissions;
        private String filter;
        private boolean upgradeRun;

        Builder(boolean z, DbRole dbRole) {
            this.export = z;
            this.role = dbRole;
        }

        Builder targetServices(String str) {
            this.targetServices = str;
            return this;
        }

        Builder outputFileName(String str) {
            this.outputFileName = str;
            return this;
        }

        Builder migrationObjects(String str) {
            this.migrationObjects = str;
            return this;
        }

        Builder dryRun(boolean z) {
            this.dryRun = z;
            return this;
        }

        Builder cloudPathPrefix(String str) {
            this.cloudPathPrefix = str;
            return this;
        }

        Builder skipUrlPermissions(boolean z) {
            this.skipUrlPermissions = z;
            return this;
        }

        Builder filter(String str) {
            this.filter = str;
            return this;
        }

        Builder upgradeRun(boolean z) {
            this.upgradeRun = z;
            return this;
        }

        AuthorizationMigrationConfigurationGenerator build() {
            return new AuthorizationMigrationConfigurationGenerator(this);
        }
    }

    private AuthorizationMigrationConfigurationGenerator(Builder builder) {
        super(makeEvaluators(builder), makeFileName());
    }

    private static final List<GenericConfigEvaluator> makeEvaluators(Builder builder) {
        if (builder.export && !builder.upgradeRun) {
            return ImmutableList.of(new HardcodedConfigEvaluator("authorization.migration.export.target_services", builder.targetServices), new HardcodedConfigEvaluator("authorization.migration.export.migration_objects", builder.migrationObjects), new HardcodedConfigEvaluator("authorization.migration.export.cluster_name", builder.role.getService().getCluster().getDisplayName()), new HardcodedConfigEvaluator("authorization.migration.export.output_file", "hdfs://" + builder.outputFileName));
        }
        if (!builder.export || !builder.upgradeRun) {
            return ImmutableList.of(new HardcodedConfigEvaluator("authorization.migration.export.target_services", HiveServiceHandler.SERVICE_TYPE), new HardcodedConfigEvaluator("authorization.migration.export.migration_objects", builder.migrationObjects), new HardcodedConfigEvaluator("authorization.migration.export.cluster_name", builder.role.getService().getCluster().getDisplayName()), new HardcodedConfigEvaluator("authorization.migration.export.output_file", builder.outputFileName), new HardcodedConfigEvaluator("authorization.migration.ingest.is_dry_run", String.valueOf(builder.dryRun)), new HardcodedConfigEvaluator("authorization.migration.destination.location.prefix", builder.cloudPathPrefix), new HardcodedConfigEvaluator("authorization.migration.migrate.url.privileges", String.valueOf(!builder.skipUrlPermissions)), new HardcodedConfigEvaluator("authorization.migration.object.filter", builder.filter));
        }
        Map<String, String> sentryAuthProviderUserGroup = getSentryAuthProviderUserGroup(builder.role);
        return ImmutableList.of(new HardcodedConfigEvaluator("authorization.migration.export.target_services", builder.targetServices), new HardcodedConfigEvaluator("authorization.migration.export.migration_objects", builder.migrationObjects), new HardcodedConfigEvaluator("authorization.migration.export.cluster_name", builder.role.getService().getCluster().getDisplayName()), new HardcodedConfigEvaluator("authorization.migration.export.output_file", "hdfs://" + builder.outputFileName), new HardcodedConfigEvaluator("authorization.migration.role.permissions", "true"), new HardcodedConfigEvaluator("authorization.migration.translate.url.privileges", "false"), new HardcodedConfigEvaluator("authorization.migration.ingest.hive.service.user", sentryAuthProviderUserGroup.get("user")), new HardcodedConfigEvaluator("authorization.migration.ingest.hive.service.group", sentryAuthProviderUserGroup.get(CsdVariableProvider.GROUP_PLACEHOLDER)), new HardcodedConfigEvaluator("authorization.migration.create.hdfs.policy", sentryAuthProviderUserGroup.get("sentry-sync")));
    }

    private static final String makeFileName() {
        return AUTHORIZATION_SITE_XML;
    }

    public static String generateMigrationObjects(HiveReplicationCmdArgs hiveReplicationCmdArgs, boolean z) {
        if (hiveReplicationCmdArgs.tables.isEmpty()) {
            return z ? "db=.*/tbl=.*" : CommandUtils.CONFIG_TOP_LEVEL_DIR;
        }
        String generateMigrationObjects = generateMigrationObjects(hiveReplicationCmdArgs.tables);
        if (!z && generateMigrationObjects.endsWith(ALL_TABLES)) {
            generateMigrationObjects = generateMigrationObjects.substring(0, generateMigrationObjects.length() - ALL_TABLES.length());
        }
        return generateMigrationObjects;
    }

    public static String generateMigrationObjects(Map<String, List<String>> map) {
        Preconditions.checkArgument(!map.isEmpty(), "Should have exported objects");
        return (String) map.entrySet().stream().map(entry -> {
            return (String) ((List) entry.getValue()).stream().map(str -> {
                return "db=" + ((String) entry.getKey()) + "/tbl=" + str;
            }).collect(Collectors.joining(FIQLParser.OR));
        }).collect(Collectors.joining(FIQLParser.OR));
    }

    public static AuthorizationMigrationConfigurationGenerator forExport(String str, DbRole dbRole, String str2, String str3, boolean z, boolean z2) {
        Preconditions.checkNotNull(dbRole, "sentry server role cannot be null");
        Preconditions.checkArgument(!Strings.isNullOrEmpty(str2), "output filename cannot be empty/null");
        return new Builder(true, dbRole).targetServices(str).outputFileName(str2).migrationObjects(str3).dryRun(z).upgradeRun(z2).build();
    }

    public static AuthorizationMigrationConfigurationGenerator forImport(DbRole dbRole, String str, String str2, boolean z, String str3, boolean z2, String str4) {
        Preconditions.checkNotNull(dbRole, "mive metastore role cannot be null");
        Preconditions.checkArgument(!Strings.isNullOrEmpty(str), "output filename cannot be empty/null");
        Preconditions.checkArgument(!Strings.isNullOrEmpty(str2), "migration objects cannot be empty/null");
        Preconditions.checkArgument(!Strings.isNullOrEmpty(str3), "cloud prefix cannot be empty/null");
        Preconditions.checkArgument(str4 != null, "cloud prefix cannot be null");
        return new Builder(false, dbRole).outputFileName(str).migrationObjects(str2).dryRun(z).cloudPathPrefix(str3).skipUrlPermissions(z2).filter(str4).build();
    }

    public static Map<String, String> getSentryAuthProviderUserGroup(DbRole dbRole) {
        CmfEntityManager currentCmfEntityManager = CmfEntityManager.currentCmfEntityManager();
        HashMap hashMap = new HashMap();
        try {
            ConfigValueProvider configValueProvider = (DbService) SentryParams.DFS_CONNECTOR.extract((ConfigValueProvider) dbRole.getService());
            Boolean extract = HdfsParams.HDFS_SENTRY_SYNC_ENABLE.extract(configValueProvider);
            String extract2 = HdfsParams.SENTRY_AUTHORIZATION_PROVIDER_HDFS_GROUP.extract(configValueProvider);
            String extract3 = HiveParams.HIVE_KERBEROS_PRINC.extract((ConfigValueProvider) dbRole.getService());
            Iterator it = currentCmfEntityManager.findServicesInClusterByType(dbRole.getService().getCluster(), HiveServiceHandler.SERVICE_TYPE).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                ConfigValueProvider configValueProvider2 = (DbService) it.next();
                if (dbRole.getService().equals(HiveParams.SENTRY.extract(configValueProvider2))) {
                    extract3 = HiveParams.HIVE_KERBEROS_PRINC.extract(configValueProvider2);
                    break;
                }
            }
            String extract4 = HdfsParams.HDFS_SERVICE_CONFIG_SAFETY_VALVE.extract(configValueProvider);
            if (StringUtils.isNotEmpty(extract4)) {
                for (EvaluatedConfig evaluatedConfig : ConfigEvaluatorHelpers.xmlStringToSafetyValveEvaluatedConfigs(extract4)) {
                    if (evaluatedConfig.getName().equals("sentry.authorization-provider.hdfs-user")) {
                        extract3 = evaluatedConfig.getValue();
                    }
                }
            }
            hashMap.put("user", extract3);
            hashMap.put(CsdVariableProvider.GROUP_PLACEHOLDER, extract2);
            hashMap.put("sentry-sync", String.valueOf(extract));
            return hashMap;
        } catch (ConfigGenException | ParamParseException e) {
            throw new RuntimeException(e);
        }
    }
}
