package io.confluent.connect.security.permissions;

import io.confluent.connect.security.MockAuthorizer;
import io.confluent.connect.security.permissions.entities.Permissions;
import io.confluent.connect.security.permissions.entities.PermittedOperations;
import io.confluent.connect.security.rbac.ConnectActions;
import io.confluent.connect.security.rbac.ConnectorOperations;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.Scope;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:io/confluent/connect/security/permissions/PermissionsBuilderTest.class */
public class PermissionsBuilderTest {
    protected static final Scope SCOPE = new Scope.Builder(new String[0]).withKafkaCluster("clstrfck").withCluster("connect-cluster", "idfk").build();
    protected static final KafkaPrincipal PRINCIPAL = new KafkaPrincipal("User", "Michael Galluzo");
    protected MockAuthorizer authorizer;

    @Before
    public void setup() {
        this.authorizer = new MockAuthorizer();
    }

    @Test
    public void ensureRequestsAreAuthorizedInCorrectOrder() throws Exception {
        PermissionsBuilder withPrincipal = new PermissionsBuilder().withScope(SCOPE).withAuthorizer(this.authorizer).withPrincipal(PRINCIPAL);
        HashSet hashSet = new HashSet(Arrays.asList("mqtt-sink", "mqtt-source", "reddit-source", "idfk"));
        this.authorizer.allowConnectorOperations(PRINCIPAL, "mqtt-sink", ConnectorOperations.READ_CONFIG, ConnectorOperations.READ_STATUS, ConnectorOperations.SCALE, ConnectorOperations.CONFIGURE, ConnectorOperations.DELETE);
        this.authorizer.allowConnectorOperations(PRINCIPAL, "mqtt-source", ConnectorOperations.READ_CONFIG, ConnectorOperations.CONFIGURE);
        this.authorizer.allowConnectorOperations(PRINCIPAL, "reddit-source", ConnectorOperations.READ_STATUS, ConnectorOperations.SCALE);
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap2.put("mqtt-sink", new PermittedOperations((Collection) Stream.of((Object[]) new Operation[]{ConnectorOperations.READ_CONFIG, ConnectorOperations.READ_STATUS, ConnectorOperations.SCALE, ConnectorOperations.CONFIGURE, ConnectorOperations.DELETE}).map((v0) -> {
            return v0.name();
        }).collect(Collectors.toSet())));
        hashMap2.put("mqtt-source", new PermittedOperations((Collection) Stream.of((Object[]) new Operation[]{ConnectorOperations.READ_CONFIG, ConnectorOperations.CONFIGURE}).map((v0) -> {
            return v0.name();
        }).collect(Collectors.toSet())));
        hashMap2.put("reddit-source", new PermittedOperations((Collection) Stream.of((Object[]) new Operation[]{ConnectorOperations.READ_STATUS, ConnectorOperations.SCALE}).map((v0) -> {
            return v0.name();
        }).collect(Collectors.toSet())));
        hashMap.put(ConnectActions.CONNECTOR_RESOURCE, hashMap2);
        Permissions permissions = new Permissions(hashMap, SCOPE);
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            withPrincipal.withOperations(ConnectActions.CONNECTOR_RESOURCE, (String) it.next(), ConnectorOperations.ALL);
        }
        Assert.assertEquals(permissions, withPrincipal.build());
    }
}
