package com.cloudera.cmf.service.sentry;

import com.cloudera.cmf.Constants;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.security.components.SecurityUtils;
import com.cloudera.cmf.service.CommandUtils;
import com.cloudera.cmf.service.DaemonRoleHandler;
import com.cloudera.cmf.service.ReplicationUtils;
import com.cloudera.cmf.service.RoleHandler;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.config.CombinedEvaluator;
import com.cloudera.cmf.service.config.ConcatenatedListEvaluator;
import com.cloudera.cmf.service.config.ConditionalEvaluator;
import com.cloudera.cmf.service.config.ConfigEvaluationPredicate;
import com.cloudera.cmf.service.config.ConfigEvaluator;
import com.cloudera.cmf.service.config.ConfigEvaluatorHelpers;
import com.cloudera.cmf.service.config.ConfigGenException;
import com.cloudera.cmf.service.config.ConfigLocator;
import com.cloudera.cmf.service.config.DBDriverEvaluator;
import com.cloudera.cmf.service.config.DependencyInvertedContextEvaluator;
import com.cloudera.cmf.service.config.GenericConfigEvaluator;
import com.cloudera.cmf.service.config.HardcodedConfigEvaluator;
import com.cloudera.cmf.service.config.HostNameEvaluator;
import com.cloudera.cmf.service.config.JdbcUrlEvaluator;
import com.cloudera.cmf.service.config.KerberosPrincEvaluator;
import com.cloudera.cmf.service.config.Log4JEvaluator;
import com.cloudera.cmf.service.config.MgmtConfigFileDefinitions;
import com.cloudera.cmf.service.config.NavigatorConditionedEvaluator;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.config.ParamSpecEvaluator;
import com.cloudera.cmf.service.config.RoleNameEvaluator;
import com.cloudera.cmf.service.config.ServiceRoleTypeHostPortEvaluator;
import com.cloudera.cmf.service.config.XMLSafetyValveEvaluator;
import com.cloudera.cmf.service.config.ZKQuorumPeersEvaluator;
import com.cloudera.cmf.service.hdfs.HdfsConnector;
import com.cloudera.cmf.service.hdfs.HdfsParams;
import com.cloudera.cmf.service.hive.HiveParams;
import com.cloudera.cmf.service.hive.HiveServiceHandler;
import com.cloudera.cmf.service.sentry.SentryServiceHandler;
import com.cloudera.cmf.service.zookeeper.ZooKeeperParams;
import com.cloudera.cmf.version.Release;
import com.cloudera.navigator.audit.ClientProperties;
import com.cloudera.server.common.KerberosAuthentication;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableRangeMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import com.google.common.collect.RangeMap;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/cloudera/cmf/service/sentry/SentryConfigFileDefinitions.class */
public class SentryConfigFileDefinitions {
    public static final String SENTRY_SITE_FILENAME = "sentry-site.xml";
    static final String SENTRY_PROCESSOR = "org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessorFactory";
    static final String SENTRY_GENERIC_PROCESSOR = "org.apache.sentry.provider.db.generic.service.thrift.SentryGenericPolicyProcessorFactory";
    static final String SENTRY_PROCESSOR_C6_1 = "org.apache.sentry.api.service.thrift.SentryPolicyStoreProcessorFactory";
    static final String SENTRY_GENERIC_PROCESSOR_C6_1 = "org.apache.sentry.api.generic.thrift.SentryGenericPolicyProcessorFactory";
    static final String SENTRY_HDFS_PROCESSOR = "org.apache.sentry.hdfs.SentryHDFSServiceProcessorFactory";
    public static final ConfigEvaluationPredicate HDFS_SENTRY_SYNC_CONDITION = ConditionalEvaluator.and(ConditionalEvaluator.hasConnector(HdfsConnector.TYPE), ConditionalEvaluator.paramEvaluatesToValue(HdfsParams.HDFS_SENTRY_SYNC_ENABLE, true));
    public static final ConfigEvaluationPredicate SENTRY_HA_CONDITION = new ConfigEvaluationPredicate() { // from class: com.cloudera.cmf.service.sentry.SentryConfigFileDefinitions.1
        @Override // com.cloudera.cmf.service.config.ConfigEvaluationPredicate
        public boolean checkCondition(ServiceDataProvider serviceDataProvider, DbService dbService, DbRole dbRole, RoleHandler roleHandler, Map<String, Object> map) throws ConfigGenException, DaemonRoleHandler.ProcessSupplierException {
            DbService currentOrDependencyService = ConfigEvaluatorHelpers.getCurrentOrDependencyService(serviceDataProvider.getConfigHelper(), dbService, SentryServiceHandler.SERVICE_TYPE);
            if (null == currentOrDependencyService) {
                return false;
            }
            return ((SentryServiceHandler) serviceDataProvider.getServiceHandlerRegistry().get(currentOrDependencyService)).isSentryHa(currentOrDependencyService);
        }
    };
    public static final ConditionalEvaluator ENABLE_HDFS_SYNC_EVALUATOR = ConditionalEvaluator.builder().checkCondition(HDFS_SENTRY_SYNC_CONDITION).evaluators(new HardcodedConfigEvaluator(",org.apache.sentry.hdfs.SentryHDFSServiceProcessorFactory")).alternateEvaluators(new HardcodedConfigEvaluator(CommandUtils.CONFIG_TOP_LEVEL_DIR)).build();
    public static final List<ConfigEvaluator> SENTRY_SERVER_SITE = ImmutableList.of(connectionEvaluator(null, "sentry.service.server", "sentry", SentryParams.SENTRY_KEYTAB_FILE_NAME, SentryServiceHandler.RoleNames.SENTRY_SERVER, false, true), new ConcatenatedListEvaluator(SentryParams.SENTRY_ADMIN_GROUPS.getPropertyNameMap(), new ParamSpecEvaluator(SentryParams.SENTRY_ADMIN_GROUPS)), new ParamSpecEvaluator(SentryParams.SENTRY_ALLOW_CONNECT), new HardcodedConfigEvaluator("sentry.store.group.mapping", "org.apache.sentry.provider.common.HadoopGroupMappingService", (Set<? extends Enum<?>>) ImmutableSet.of(SentryServiceHandler.RoleNames.SENTRY_SERVER)), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.and(ConditionalEvaluator.serviceVersionInRange(SentryServiceHandler.HA_SINCE), ConditionalEvaluator.serviceHasDependent(HiveServiceHandler.SERVICE_TYPE))).evaluators(new DependencyInvertedContextEvaluator(HiveServiceHandler.SERVICE_TYPE, new ParamSpecEvaluator(HiveParams.SENTRY_SERVER))).build(), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.kerberos()).evaluators(new HardcodedConfigEvaluator("sentry.service.server.keytab", SentryParams.SENTRY_KEYTAB_FILE_NAME, (Set<? extends Enum<?>>) ImmutableSet.of(SentryServiceHandler.RoleNames.SENTRY_SERVER))).build(), new JdbcUrlEvaluator((Set<? extends Enum<?>>) null, (RangeMap<Release, String>) ImmutableRangeMap.of(Constants.SERVICE_ALL_VERSIONS_RANGE, "sentry.store.jdbc.url"), SentryParams.SENTRY_DATABASE_TYPE, (ParamSpec<String>) null, (ParamSpec<String>) SentryParams.SENTRY_DATABASE_NAME, (ParamSpec<String>) SentryParams.SENTRY_DATABASE_HOST, (ParamSpec<Long>) SentryParams.SENTRY_DATABASE_PORT), new DBDriverEvaluator(null, ImmutableRangeMap.of(Constants.SERVICE_ALL_VERSIONS_RANGE, "sentry.store.jdbc.driver"), SentryParams.SENTRY_DATABASE_TYPE), new ParamSpecEvaluator(SentryParams.SENTRY_DATABASE_USER), new ParamSpecEvaluator(SentryParams.SENTRY_DATABASE_PASSWORD), ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.serviceVersionInRange(Constants.SERVICE_VERSIONS_SINCE_CDH5_8_0)).evaluators(ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.serviceVersionInRange(Constants.SERVICE_VERSIONS_SINCE_CDH6_1_0)).evaluators(new CombinedEvaluator("sentry.service.processor.factories", "org.apache.sentry.api.service.thrift.SentryPolicyStoreProcessorFactory,org.apache.sentry.api.generic.thrift.SentryGenericPolicyProcessorFactory%s", ENABLE_HDFS_SYNC_EVALUATOR)).alternateEvaluators(new CombinedEvaluator("sentry.service.processor.factories", "org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessorFactory,org.apache.sentry.provider.db.generic.service.thrift.SentryGenericPolicyProcessorFactory%s", ENABLE_HDFS_SYNC_EVALUATOR)).build()).alternateEvaluators(ConditionalEvaluator.builder().checkCondition(HDFS_SENTRY_SYNC_CONDITION).evaluators(new HardcodedConfigEvaluator("sentry.service.processor.factories", "org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessorFactory,org.apache.sentry.hdfs.SentryHDFSServiceProcessorFactory")).build()).build(), ConditionalEvaluator.builder().checkCondition(HDFS_SENTRY_SYNC_CONDITION).evaluators(new HardcodedConfigEvaluator("sentry.policy.store.plugins", "org.apache.sentry.hdfs.SentryPlugin"), new ParamSpecEvaluator(HdfsParams.HDFS_SENTRY_SYNC_PATH_PREFIXES)).build(), new ConfigEvaluator[]{new ParamSpecEvaluator(SentryParams.SENTRY_WEBUI_ENABLED), new ParamSpecEvaluator(SentryParams.SENTRY_WEBUI_PORT), new HardcodedConfigEvaluator((RangeMap<Release, String>) ImmutableRangeMap.of(Constants.SERVICE_VERSIONS_SINCE_CDH5_9_0, "sentry.service.web.authentication.type"), "NONE", (Set<? extends Enum<?>>) ImmutableSet.of(SentryServiceHandler.RoleNames.SENTRY_SERVER)), new HardcodedConfigEvaluator((RangeMap<Release, String>) ImmutableRangeMap.of(SentryServiceHandler.HA_SINCE, "sentry.service.reporter"), "LOG", (Set<? extends Enum<?>>) ImmutableSet.of(SentryServiceHandler.RoleNames.SENTRY_SERVER)), new XMLSafetyValveEvaluator(SentryParams.SENTRY_SAFETY_VALVE), new NavigatorConditionedEvaluator(SentryParams.NAVIGATOR_COLLECTION_ENABLED, new HardcodedConfigEvaluator((RangeMap<Release, String>) ImmutableRangeMap.of(Constants.SERVICE_VERSIONS_SINCE_CDH5_2_0, "cloudera.navigator.client.config"), MgmtConfigFileDefinitions.NAVIGATOR_CLIENT_CONFIG_FILE_TMPL, (Set<? extends Enum<?>>) ImmutableSet.of(SentryServiceHandler.RoleNames.SENTRY_SERVER))), new ParamSpecEvaluator(SentryParams.SENTRY_DB_POLICY_OWNER_AS_PRIVILEGE)});
    public static final String SENTRY_ROOT_LOGGER = "sentry.root.logger";
    public static final List<ConfigEvaluator> LOG4J_PROPERTIES = ImmutableList.of(Log4JEvaluator.builder().addEvaluators(ImmutableList.of(new NavigatorConditionedEvaluator(SentryParams.NAVIGATOR_COLLECTION_ENABLED, new HardcodedConfigEvaluator("log4j.logger.sentry.hive.authorization.ddl.logger", "INFO, sentryAudit"), new HardcodedConfigEvaluator((RangeMap<Release, String>) ImmutableRangeMap.of(Constants.SERVICE_VERSIONS_SINCE_CDH5_8_0, "log4j.logger.sentry.generic.authorization.ddl.logger"), "INFO, sentryAudit"), new HardcodedConfigEvaluator("log4j.appender.sentryAudit", "org.apache.sentry.provider.db.log.appender.RollingFileWithoutDeleteAppender"), new HardcodedConfigEvaluator("log4j.appender.sentryAudit.layout", "org.apache.log4j.PatternLayout"), new HardcodedConfigEvaluator("log4j.appender.sentryAudit.layout.ConversionPattern", "%m%n"), new CombinedEvaluator("log4j.appender.sentryAudit.File", new ParamSpecEvaluator(SentryParams.SENTRY_AUDIT_LOG_DIR), new HardcodedConfigEvaluator(CommandUtils.CONFIG_TOP_LEVEL_DIR, ReplicationUtils.PATH_SEPARATOR), new RoleNameEvaluator(ClientProperties.ROLE_NAME.getName())), new CombinedEvaluator("log4j.appender.sentryAudit.MaxFileSize", new ParamSpecEvaluator(SentryParams.SENTRY_MAX_AUDIT_LOG_SIZE, "%sMB"))))).rootLoggerPropertyName(SENTRY_ROOT_LOGGER).build());
    public static final List<ConfigEvaluator> SENTRY_SITE = ImmutableList.of(connectionEvaluator(null, "sentry.service.client.server", "sentry", SentryParams.SENTRY_KEYTAB_FILE_NAME, SentryServiceHandler.RoleNames.GATEWAY, false), new XMLSafetyValveEvaluator(SentryParams.SENTRY_CLIENT_CONFIG_SAFETY_VALVE));

    /* JADX WARN: Incorrect types in method signature: <T:Ljava/lang/Enum<*>;:Lcom/cloudera/cmf/service/config/ConfigLocator$HasConfigLocator;>(Ljava/util/Set<+Ljava/lang/Enum<*>;>;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;TT;Z)Lcom/cloudera/cmf/service/config/ConfigEvaluator; */
    public static ConfigEvaluator connectionEvaluator(Set set, String str, String str2, String str3, Enum r12, boolean z) {
        return connectionEvaluator(set, str, str2, str3, r12, z, false);
    }

    /* JADX WARN: Incorrect types in method signature: <T:Ljava/lang/Enum<*>;:Lcom/cloudera/cmf/service/config/ConfigLocator$HasConfigLocator;>(Ljava/util/Set<+Ljava/lang/Enum<*>;>;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;TT;ZZ)Lcom/cloudera/cmf/service/config/ConfigEvaluator; */
    /* JADX WARN: Multi-variable type inference failed */
    private static ConfigEvaluator connectionEvaluator(Set set, String str, String str2, String str3, Enum r17, boolean z, boolean z2) {
        Preconditions.checkNotNull(str3);
        Preconditions.checkArgument(!((ConfigLocator.HasConfigLocator) r17).getConfigLocator().isServiceLevelConfig());
        ConditionalEvaluator build = ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.kerberosServiceLevel()).evaluators(new KerberosPrincEvaluator(null, SentryServiceHandler.SERVICE_TYPE, SentryServiceHandler.RoleNames.SENTRY_SERVER, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, str2 + ".service.server.principal"), SecurityUtils.HADOOP_HOST_WILDCARD), new HardcodedConfigEvaluator(str2 + ".service.security.mode", SentryParams.SECURITY_MODE_KERBEROS)).alternateEvaluators(new HardcodedConfigEvaluator(str2 + ".service.security.mode", "none")).build();
        List<? extends GenericConfigEvaluator> of = ImmutableList.of(new HostNameEvaluator(SentryServiceHandler.SERVICE_TYPE, SentryServiceHandler.RoleNames.SENTRY_SERVER, str + ".rpc-address"), new ParamSpecEvaluator(SentryParams.SENTRY_SERVER_RPC_PORT, (Set<? extends Enum<?>>) set, str + ".rpc-port", (String) null));
        ArrayList newArrayList = Lists.newArrayList();
        ArrayList newArrayList2 = Lists.newArrayList();
        newArrayList.add(build);
        newArrayList2.add(build);
        if (z2) {
            ArrayList newArrayList3 = Lists.newArrayList(new GenericConfigEvaluator[]{new HardcodedConfigEvaluator("sentry.ha.zookeeper.security", "true"), new HardcodedConfigEvaluator("sentry.zookeeper.client.keytab", str3), new KerberosPrincEvaluator(set, ((ConfigLocator.HasConfigLocator) r17).getConfigLocator().getServiceType(), r17, ImmutableMap.of(KerberosAuthentication.KERBEROS_ROLE_PRINCIPAL, "sentry.zookeeper.client.principal"), SecurityUtils.HADOOP_HOST_WILDCARD)});
            if (z) {
                newArrayList3.add(new HardcodedConfigEvaluator("sentry.zookeeper.client.ticketcache", "true"));
            }
            newArrayList.addAll(ImmutableList.of(new ZKQuorumPeersEvaluator("sentry.ha.zookeeper.quorum", (String) null), new HardcodedConfigEvaluator("sentry.ha.zookeeper.namespace", "/sentry"), ConditionalEvaluator.builder().expectedValue(ZooKeeperParams.ZOOKEEPER_ENABLE_SECURITY, true).evaluators(newArrayList3).build()));
            newArrayList.addAll(of);
            newArrayList2.addAll(of);
        } else {
            ServiceRoleTypeHostPortEvaluator build2 = ServiceRoleTypeHostPortEvaluator.builder(SentryServiceHandler.RoleNames.SENTRY_SERVER.getConfigLocator()).propertyName(str + ".rpc-addresses").portPs(SentryParams.SENTRY_SERVER_RPC_PORT).build();
            ConditionalEvaluator build3 = ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.serviceVersionInRange(Constants.SERVICE_VERSIONS_PRIOR_TO_CDH6_0_0)).evaluators(of).build();
            newArrayList.add(build3);
            newArrayList.add(build2);
            newArrayList2.add(build3);
            newArrayList2.add(ConditionalEvaluator.builder().checkCondition(ConditionalEvaluator.serviceVersionInRange(SentryServiceHandler.HA_SINCE)).evaluators(build2).build());
        }
        return ConditionalEvaluator.builder().roleTypesToEmitFor((Set<? extends Enum<?>>) set).checkCondition(SENTRY_HA_CONDITION).evaluators(newArrayList).alternateEvaluators(newArrayList2).build();
    }
}
