package org.apache.flink.yarn;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import org.apache.flink.configuration.Configuration;
import org.apache.flink.configuration.SecurityOptions;
import org.apache.flink.runtime.security.SecurityConfiguration;
import org.apache.flink.runtime.security.SecurityUtils;
import org.apache.flink.runtime.security.contexts.HadoopSecurityContext;
import org.apache.flink.shaded.guava30.com.google.common.collect.Lists;
import org.apache.flink.test.util.SecureTestEnvironment;
import org.apache.flink.test.util.TestingSecurityContext;
import org.apache.flink.yarn.configuration.YarnConfigOptions;
import org.apache.flink.yarn.util.TestHadoopModuleFactory;
import org.apache.hadoop.yarn.api.records.ApplicationId;
import org.apache.hadoop.yarn.security.AMRMTokenIdentifier;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.ResourceScheduler;
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler;
import org.assertj.core.api.AssertionsForClassTypes;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.Timeout;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/flink/yarn/YARNSessionFIFOSecuredITCase.class */
class YARNSessionFIFOSecuredITCase extends YARNSessionFIFOITCase {
    private static final Logger log = LoggerFactory.getLogger(YARNSessionFIFOSecuredITCase.class);

    YARNSessionFIFOSecuredITCase() {
    }

    @BeforeAll
    public static void setup() {
        log.info("starting secure cluster environment for testing");
        YARN_CONFIGURATION.setClass("yarn.resourcemanager.scheduler.class", FifoScheduler.class, ResourceScheduler.class);
        YARN_CONFIGURATION.setInt("yarn.nodemanager.resource.memory-mb", 768);
        YARN_CONFIGURATION.setInt("yarn.scheduler.minimum-allocation-mb", 512);
        YARN_CONFIGURATION.set("flink-yarn-minicluster-name", "flink-yarn-tests-fifo-secured");
        SecureTestEnvironment.prepare(tmp, new String[0]);
        populateYarnSecureConfigurations(YARN_CONFIGURATION, SecureTestEnvironment.getHadoopServicePrincipal(), SecureTestEnvironment.getTestKeytab());
        Configuration configuration = new Configuration();
        configuration.setString(SecurityOptions.KERBEROS_LOGIN_KEYTAB, SecureTestEnvironment.getTestKeytab());
        configuration.setString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL, SecureTestEnvironment.getHadoopServicePrincipal());
        TestHadoopModuleFactory.hadoopConfiguration = YARN_CONFIGURATION;
        configuration.set(SecurityOptions.SECURITY_MODULE_FACTORY_CLASSES, Collections.singletonList("org.apache.flink.yarn.util.TestHadoopModuleFactory"));
        configuration.set(SecurityOptions.SECURITY_CONTEXT_FACTORY_CLASSES, Collections.singletonList("org.apache.flink.yarn.util.TestHadoopSecurityContextFactory"));
        try {
            TestingSecurityContext.install(new SecurityConfiguration(configuration), SecureTestEnvironment.getClientSecurityConfigurationMap());
            AssertionsForClassTypes.assertThat(SecurityUtils.getInstalledContext()).isInstanceOf(HadoopSecurityContext.class);
            SecurityUtils.getInstalledContext().runSecured(() -> {
                startYARNSecureMode(YARN_CONFIGURATION, SecureTestEnvironment.getHadoopServicePrincipal(), SecureTestEnvironment.getTestKeytab());
                return null;
            });
        } catch (Exception e) {
            throw new RuntimeException("Exception occurred while setting up secure test context. Reason: {}", e);
        }
    }

    @AfterAll
    static void teardownSecureCluster() {
        log.info("tearing down secure cluster environment");
        SecureTestEnvironment.cleanup();
    }

    @Timeout(60)
    @Test
    void testDetachedModeSecureWithPreInstallKeytab() throws Exception {
        runTest(() -> {
            HashMap hashMap = new HashMap();
            if (SecureTestEnvironment.getTestKeytab() != null) {
                hashMap.put(SecurityOptions.KERBEROS_LOGIN_KEYTAB.key(), SecureTestEnvironment.getTestKeytab());
                hashMap.put(YarnConfigOptions.LOCALIZED_KEYTAB_PATH.key(), SecureTestEnvironment.getTestKeytab());
                hashMap.put(YarnConfigOptions.SHIP_LOCAL_KEYTAB.key(), "false");
            }
            if (SecureTestEnvironment.getHadoopServicePrincipal() != null) {
                hashMap.put(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL.key(), SecureTestEnvironment.getHadoopServicePrincipal());
            }
            verifyResultContainsKerberosKeytab(runDetachedModeTest(hashMap));
        });
    }

    @Override // org.apache.flink.yarn.YARNSessionFIFOITCase
    @Timeout(60)
    @Test
    void testDetachedMode() throws Exception {
        runTest(() -> {
            HashMap hashMap = new HashMap();
            if (SecureTestEnvironment.getTestKeytab() != null) {
                hashMap.put(SecurityOptions.KERBEROS_LOGIN_KEYTAB.key(), SecureTestEnvironment.getTestKeytab());
            }
            if (SecureTestEnvironment.getHadoopServicePrincipal() != null) {
                hashMap.put(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL.key(), SecureTestEnvironment.getHadoopServicePrincipal());
            }
            verifyResultContainsKerberosKeytab(runDetachedModeTest(hashMap));
        });
    }

    private static void verifyResultContainsKerberosKeytab(ApplicationId applicationId) throws Exception {
        String[] strArr = {"Login successful for user", "using keytab file"};
        AssertionsForClassTypes.assertThat(verifyStringsInNamedLogFiles(strArr, applicationId, "jobmanager.log") && verifyStringsInNamedLogFiles(strArr, applicationId, "taskmanager.log")).isTrue();
        ArrayList newArrayList = Lists.newArrayList(new String[]{AMRMTokenIdentifier.KIND_NAME.toString()});
        String containerIdByLogName = getContainerIdByLogName("jobmanager.log");
        String containerIdByLogName2 = getContainerIdByLogName("taskmanager.log");
        boolean verifyTokenKindInContainerCredentials = verifyTokenKindInContainerCredentials(newArrayList, containerIdByLogName);
        boolean verifyTokenKindInContainerCredentials2 = verifyTokenKindInContainerCredentials(newArrayList, containerIdByLogName2);
        AssertionsForClassTypes.assertThat(verifyTokenKindInContainerCredentials).isTrue();
        AssertionsForClassTypes.assertThat(verifyTokenKindInContainerCredentials2).isFalse();
    }

    @Override // org.apache.flink.yarn.YARNSessionFIFOITCase
    public void testQueryCluster() {
    }
}
