package com.cloudera.cmf.service.sentry;

import com.cloudera.cmf.command.flow.CmdWorkCtx;
import com.cloudera.cmf.command.flow.work.OneOffRoleProcCmdWork;
import com.cloudera.cmf.model.DbProcess;
import com.cloudera.cmf.model.DbRole;
import com.cloudera.cmf.model.DbService;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.DaemonRoleHandler;
import com.cloudera.cmf.service.DependencyUtils;
import com.cloudera.cmf.service.ServiceDataProvider;
import com.cloudera.cmf.service.ServiceHandlerRegistry;
import com.cloudera.cmf.service.config.ConfigGenException;
import com.cloudera.cmf.service.config.XMLConfigFileGenerator;
import com.cloudera.cmf.service.config.transform.AddGeneratorTransform;
import com.cloudera.cmf.service.hive.HiveParams;
import com.cloudera.cmf.service.hive.HiveServiceHandler;
import com.cloudera.cmf.service.sentry.SentryServiceHandler;
import com.cloudera.enterprise.MessageWithArgs;
import com.cloudera.enterprise.config.ZipUtil;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import java.util.ArrayList;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/cmf/service/sentry/AbstractSentryCloudExportCmdWork.class */
public abstract class AbstractSentryCloudExportCmdWork extends OneOffRoleProcCmdWork {
    private static final Logger LOG = LoggerFactory.getLogger(AbstractSentryCloudExportCmdWork.class);
    protected final String outputFileName;
    protected final String migrationObjects;
    protected final boolean dryRun;
    protected final String processName;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractSentryCloudExportCmdWork(@JsonProperty("roleId") Long l, @JsonProperty("outputFileName") String str, @JsonProperty("migrationObjects") String str2, @JsonProperty("dryRun") boolean z, @JsonProperty("processName") String str3) {
        super(l);
        this.outputFileName = str;
        this.migrationObjects = str2;
        this.dryRun = z;
        this.processName = str3;
    }

    protected abstract byte[] checkAndSetKerberos(ServiceDataProvider serviceDataProvider, CmfEntityManager cmfEntityManager, DbRole dbRole, Map<String, String> map, byte[] bArr, SentryServerRoleHandler sentryServerRoleHandler);

    protected abstract XMLConfigFileGenerator getAuthzConfigFileGenerator(CmdWorkCtx cmdWorkCtx, DbRole dbRole, String str, String str2, boolean z);

    @Override // com.cloudera.cmf.command.flow.CmdWork
    public MessageWithArgs getDescription(CmdWorkCtx cmdWorkCtx) {
        return MessageWithArgs.of("message.command.service.sentry.cloud.export.desc", new String[0]);
    }

    @Override // com.cloudera.cmf.command.flow.work.OneOffRoleProcCmdWork
    protected void beforeProcessCreation(CmdWorkCtx cmdWorkCtx, DbProcess dbProcess, DbRole dbRole) {
        Preconditions.checkArgument(dbRole.getRoleType().equals(SentryServiceHandler.RoleNames.SENTRY_SERVER.toString()));
        CmfEntityManager cmfEM = cmdWorkCtx.getCmfEM();
        ServiceDataProvider serviceDataProvider = cmdWorkCtx.getServiceDataProvider();
        ServiceHandlerRegistry serviceHandlerRegistry = serviceDataProvider.getServiceHandlerRegistry();
        DbService service = dbRole.getService();
        DbRole runAsRole = getRunAsRole(cmdWorkCtx, dbRole);
        XMLConfigFileGenerator authzConfigFileGenerator = getAuthzConfigFileGenerator(cmdWorkCtx, dbRole, this.outputFileName, this.migrationObjects, this.dryRun);
        ArrayList arrayList = new ArrayList();
        arrayList.add(authzConfigFileGenerator);
        AddGeneratorTransform addGeneratorTransform = new AddGeneratorTransform(arrayList);
        boolean isKerberosEnabled = isKerberosEnabled(serviceHandlerRegistry, cmdWorkCtx.getCmfEM(), runAsRole);
        SentryServerRoleHandler sentryServerRoleHandler = (SentryServerRoleHandler) serviceDataProvider.getServiceHandlerRegistry().getRoleHandler(dbRole);
        Map<String, Object> prepareConfiguration = sentryServerRoleHandler.prepareConfiguration(dbRole);
        byte[] generateConfiguration = sentryServerRoleHandler.generateConfiguration(dbRole, prepareConfiguration, ImmutableList.of(addGeneratorTransform));
        try {
            Map<String, String> environment = sentryServerRoleHandler.getEnvironment(dbRole, prepareConfiguration);
            if (isKerberosEnabled) {
                generateConfiguration = checkAndSetKerberos(serviceDataProvider, cmfEM, runAsRole, environment, generateConfiguration, sentryServerRoleHandler);
            }
            try {
                byte[] addHdfsClientConfigs = addHdfsClientConfigs(cmdWorkCtx, service, serviceDataProvider, generateConfiguration);
                String keytabFilename = getKeytabFilename(runAsRole);
                setProcessUserGroup(runAsRole, serviceDataProvider, dbProcess);
                dbProcess.setEnvironment(environment);
                dbProcess.setConfigurationData(addHdfsClientConfigs);
                dbProcess.setArguments(ImmutableList.of("cloudExport", keytabFilename));
                dbProcess.setProgram("sentry/sentry.sh");
                dbProcess.setResources(sentryServerRoleHandler.makeResources(dbRole, prepareConfiguration));
            } catch (ConfigGenException e) {
                throw new RuntimeException(e);
            }
        } catch (DaemonRoleHandler.ProcessSupplierException e2) {
            LOG.error(String.format("Could not get environment of Sentry server. [service=%s;role=%s]", service.getName(), dbRole.getName()));
            throw e2;
        }
    }

    protected DbRole getRunAsRole(CmdWorkCtx cmdWorkCtx, DbRole dbRole) {
        return dbRole;
    }

    protected void setProcessUserGroup(DbRole dbRole, ServiceDataProvider serviceDataProvider, DbProcess dbProcess) {
        DaemonRoleHandler daemonRoleHandler = (DaemonRoleHandler) serviceDataProvider.getServiceHandlerRegistry().getRoleHandler(dbRole);
        Map<String, Object> prepareConfiguration = daemonRoleHandler.prepareConfiguration(dbRole);
        String processUser = daemonRoleHandler.getProcessUser(prepareConfiguration);
        Preconditions.checkState(processUser != null, "Unable to find service process user");
        String processGroup = daemonRoleHandler.getProcessGroup(prepareConfiguration);
        Preconditions.checkState(processUser != null, "Unable to find service process group");
        dbProcess.setUser(processUser);
        dbProcess.setGroup(processGroup);
    }

    protected boolean isKerberosEnabled(ServiceHandlerRegistry serviceHandlerRegistry, CmfEntityManager cmfEntityManager, DbRole dbRole) {
        return serviceHandlerRegistry.get(dbRole.getService()).requiresCredentials(cmfEntityManager, dbRole.getService());
    }

    protected String getKeytabFilename(DbRole dbRole) {
        String str;
        if (dbRole.getRoleType().equals(SentryServiceHandler.RoleNames.SENTRY_SERVER.toString())) {
            str = SentryParams.SENTRY_KEYTAB_FILE_NAME;
        } else {
            if (!dbRole.getRoleType().equals(HiveServiceHandler.RoleNames.HIVEMETASTORE.toString())) {
                throw new IllegalStateException("Unexpected role type: " + dbRole.getRoleType());
            }
            str = HiveParams.HIVE_KEYTAB_FILE_NAME;
        }
        return str;
    }

    protected byte[] addHdfsClientConfigs(CmdWorkCtx cmdWorkCtx, DbService dbService, ServiceDataProvider serviceDataProvider, byte[] bArr) throws ConfigGenException {
        DbService dependencyService = DependencyUtils.getDependencyService(dbService, serviceDataProvider.getServiceHandlerRegistry().get(dbService), serviceDataProvider.getServiceHandlerRegistry(), SentryParams.DFS_CONNECTOR, cmdWorkCtx.getCmfEM());
        Preconditions.checkNotNull(dependencyService, "Unable to find hdfs dependency");
        byte[] buildClientConfig = serviceDataProvider.getServiceHandlerRegistry().get(dependencyService).getClientConfigHandler().buildClientConfig(dependencyService);
        ArrayList arrayList = new ArrayList();
        arrayList.add(bArr);
        arrayList.add(buildClientConfig);
        return ZipUtil.mergeZipBuffers(arrayList);
    }
}
