package org.apache.impala.customcluster;

import com.google.common.collect.ImmutableMap;
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
import org.apache.directory.server.core.annotations.CreateDS;
import org.apache.directory.server.core.annotations.CreatePartition;
import org.apache.impala.testutil.LdapUtil;
import org.junit.Assert;
import org.junit.Test;

@CreateDS(name = "myAD", partitions = {@CreatePartition(name = "test", suffix = "dc=myorg,dc=com")})
@ApplyLdifFiles({"adschema.ldif", "adusers.ldif"})
/* loaded from: input_file:org/apache/impala/customcluster/LdapSearchBindDefaultFiltersKerberosImpalaShellTest.class */
public class LdapSearchBindDefaultFiltersKerberosImpalaShellTest extends LdapKerberosImpalaShellTestBase {
    @Test
    public void testCustomLdapFiltersNotAllowedWithKerberos() throws Exception {
        Assert.assertEquals(startImpalaCluster(flagsToArgs(mergeFlags(kerberosKdcEnvironment.getKerberosAuthFlags(), getLdapSearchBindFlags(), getCustomLdapFilterFlags(), ImmutableMap.of("enable_minidumps", "false")))), 1L);
    }

    @Test
    public void testDefaultLdapFiltersAreAllowedWithSearchBindAndKerberos() throws Exception {
        Assert.assertEquals(startImpalaCluster(flagsToArgs(mergeFlags(kerberosKdcEnvironment.getKerberosAuthFlags(), getLdapSearchBindFlags("ou=Users,dc=myorg,dc=com", "ou=Groups,dc=myorg,dc=com")))), 0L);
        testLdapFiltersImpl();
    }

    @Test
    public void testDefaultLdapFiltersAreAppliedToDelegateUserWithKerberosAuth() throws Exception {
        Assert.assertEquals(startImpalaCluster(flagsToArgs(mergeFlags(kerberosKdcEnvironment.getKerberosAuthFlags(), getLdapSearchBindFlags("ou=Users,dc=myorg,dc=com", "ou=Groups,dc=myorg,dc=com"), ImmutableMap.of("authorized_proxy_user_config", String.format("%s=*", LdapUtil.TEST_USER_1))))), 0L);
        testShellKerberosAuthWithUserWithHttpPath(kerberosKdcEnvironment, LdapUtil.TEST_USER_1, "/?doAs=proxyUser$", false, "", "User is not authorized.");
        testShellKerberosAuthWithUserWithHttpPath(kerberosKdcEnvironment, LdapUtil.TEST_USER_1, "/?doAs=Test2Ldap", false, "", "User is not authorized.");
        testShellKerberosAuthWithUserWithHttpPath(kerberosKdcEnvironment, LdapUtil.TEST_USER_1, "/?doAs=Test3Ldap", false, "", "User is not authorized.");
        testShellKerberosAuthWithUserWithHttpPath(kerberosKdcEnvironment, LdapUtil.TEST_USER_1, "/?doAs=Test1Ldap", true, LdapUtil.TEST_USER_1, "");
    }
}
