package com.google.cloud.storage.it;

import com.google.cloud.Binding;
import com.google.cloud.Condition;
import com.google.cloud.Identity;
import com.google.cloud.Policy;
import com.google.cloud.storage.BucketInfo;
import com.google.cloud.storage.Storage;
import com.google.cloud.storage.StorageRoles;
import com.google.cloud.storage.TestUtils;
import com.google.cloud.storage.TransportCompatibility;
import com.google.cloud.storage.it.runner.StorageITRunner;
import com.google.cloud.storage.it.runner.annotations.Backend;
import com.google.cloud.storage.it.runner.annotations.CrossRun;
import com.google.cloud.storage.it.runner.annotations.Inject;
import com.google.cloud.storage.it.runner.annotations.ParallelFriendly;
import com.google.cloud.storage.it.runner.registry.Generator;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.truth.Truth;
import java.util.List;
import java.util.stream.Collectors;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;

@CrossRun(transports = {TransportCompatibility.Transport.HTTP, TransportCompatibility.Transport.GRPC}, backends = {Backend.PROD})
@RunWith(StorageITRunner.class)
@ParallelFriendly
/* loaded from: input_file:com/google/cloud/storage/it/ITBucketIamPolicyTest.class */
public final class ITBucketIamPolicyTest {

    @Inject
    public Storage storage;

    @Inject
    public BucketInfo bucketInfo;

    @Inject
    public Generator generator;
    private Identity projectOwner;
    private Identity projectEditor;
    private Identity projectViewer;

    @Before
    public void setUp() throws Exception {
        String projectId = this.storage.getOptions().getProjectId();
        this.projectOwner = Identity.projectOwner(projectId);
        this.projectEditor = Identity.projectEditor(projectId);
        this.projectViewer = Identity.projectViewer(projectId);
    }

    @Test
    public void iamPolicyWithCondition() throws Exception {
        Storage.BucketSourceOption requestedPolicyVersion = Storage.BucketSourceOption.requestedPolicyVersion(3L);
        Policy build = Policy.newBuilder().setVersion(3).setBindings(ImmutableList.of(Binding.newBuilder().setRole(StorageRoles.legacyBucketReader().toString()).setMembers(ImmutableList.of(this.projectViewer.strValue())).build(), Binding.newBuilder().setRole(StorageRoles.legacyBucketOwner().toString()).setMembers(ImmutableList.of(this.projectEditor.strValue(), this.projectOwner.strValue())).build(), Binding.newBuilder().setRole(StorageRoles.legacyObjectReader().toString()).setMembers(ImmutableList.of("serviceAccount:storage-python@spec-test-ruby-samples.iam.gserviceaccount.com")).setCondition(Condition.newBuilder().setTitle("Title").setDescription("Description").setExpression("resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")").build()).build())).build();
        TemporaryBucket build2 = TemporaryBucket.newBuilder().setBucketInfo(BucketInfo.newBuilder(this.generator.randomBucketName()).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(true).build()).build()).setStorage(this.storage).build();
        try {
            BucketInfo bucket = build2.getBucket();
            String name = bucket.getName();
            assertPolicyEqual(build, this.storage.setIamPolicy(name, build, new Storage.BucketSourceOption[]{Storage.BucketSourceOption.metagenerationMatch(bucket.getMetageneration().longValue()), requestedPolicyVersion}));
            assertPolicyEqual(build, this.storage.getIamPolicy(name, new Storage.BucketSourceOption[]{requestedPolicyVersion}));
            if (build2 != null) {
                build2.close();
            }
        } catch (Throwable th) {
            if (build2 != null) {
                try {
                    build2.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void iamPolicyWithoutCondition() throws Exception {
        Storage.BucketSourceOption requestedPolicyVersion = Storage.BucketSourceOption.requestedPolicyVersion(1L);
        Policy build = Policy.newBuilder().setVersion(1).setBindings(ImmutableMap.of(StorageRoles.legacyBucketOwner(), ImmutableSet.of(this.projectOwner, this.projectEditor), StorageRoles.legacyBucketReader(), ImmutableSet.of(this.projectViewer))).build();
        TemporaryBucket build2 = TemporaryBucket.newBuilder().setBucketInfo(BucketInfo.newBuilder(this.generator.randomBucketName()).setIamConfiguration(BucketInfo.IamConfiguration.newBuilder().setIsUniformBucketLevelAccessEnabled(false).build()).build()).setStorage(this.storage).build();
        try {
            BucketInfo bucket = build2.getBucket();
            String name = bucket.getName();
            assertPolicyEqual(build, this.storage.setIamPolicy(name, build, new Storage.BucketSourceOption[]{Storage.BucketSourceOption.metagenerationMatch(bucket.getMetageneration().longValue()), requestedPolicyVersion}));
            assertPolicyEqual(build, this.storage.getIamPolicy(name, new Storage.BucketSourceOption[]{requestedPolicyVersion}));
            if (build2 != null) {
                build2.close();
            }
        } catch (Throwable th) {
            if (build2 != null) {
                try {
                    build2.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testIamPermissions() {
        Truth.assertThat(this.storage.testIamPermissions(this.bucketInfo.getName(), ImmutableList.of("storage.buckets.getIamPolicy", "storage.buckets.setIamPolicy"), new Storage.BucketSourceOption[0])).isEqualTo(ImmutableList.of(true, true));
    }

    private static void assertPolicyEqual(Policy policy, Policy policy2) throws Exception {
        TestUtils.assertAll(() -> {
            Truth.assertThat(Integer.valueOf(policy2.getVersion())).isEqualTo(Integer.valueOf(policy.getVersion()));
        }, () -> {
            assertBindingsEqual(policy.getBindingsList(), policy2.getBindingsList());
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void assertBindingsEqual(List<Binding> list, List<Binding> list2) {
        Truth.assertThat(stringifyBindings(list2)).isEqualTo(stringifyBindings(list));
    }

    private static String stringifyBindings(List<Binding> list) {
        return (String) list.stream().map(binding -> {
            Binding.Builder builder = binding.toBuilder();
            builder.setRole(binding.getRole());
            builder.setCondition(binding.getCondition());
            builder.setMembers((Iterable) binding.getMembers().stream().sorted().collect(ImmutableList.toImmutableList()));
            return builder.build();
        }).map((v0) -> {
            return v0.toString();
        }).sorted().collect(Collectors.joining(",\n\t", "[\n\t", "\n]"));
    }
}
