package io.confluent.kafkarest.integration.v3;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import io.confluent.kafkarest.entities.Acl;
import io.confluent.kafkarest.entities.v3.AclData;
import io.confluent.kafkarest.entities.v3.AclDataList;
import io.confluent.kafkarest.entities.v3.CreateAclRequest;
import io.confluent.kafkarest.entities.v3.DeleteAclsResponse;
import io.confluent.kafkarest.entities.v3.Resource;
import io.confluent.kafkarest.entities.v3.ResourceCollection;
import io.confluent.kafkarest.entities.v3.SearchAclsResponse;
import io.confluent.kafkarest.integration.ClusterTestHarness;
import java.util.Arrays;
import java.util.Collections;
import java.util.Properties;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Response;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:io/confluent/kafkarest/integration/v3/AclsResourceIntegrationTest.class */
public class AclsResourceIntegrationTest extends ClusterTestHarness {
    private static final AclData.Builder ALICE_ACL_DATA = AclData.builder().setResourceType(Acl.ResourceType.TOPIC).setResourceName("*").setPatternType(Acl.PatternType.LITERAL).setPrincipal("User:alice").setHost("*").setOperation(Acl.Operation.READ).setPermission(Acl.Permission.ALLOW);
    private static final AclData.Builder BOB_ACL_DATA = AclData.builder().setResourceType(Acl.ResourceType.TOPIC).setResourceName("topic-").setPatternType(Acl.PatternType.PREFIXED).setPrincipal("User:bob").setHost("1.2.3.4").setOperation(Acl.Operation.WRITE).setPermission(Acl.Permission.ALLOW);
    private String clusterId;
    private String baseAclUrl;
    private String expectedAliceUrl;
    private String expectedBobUrl;
    private String expectedSearchUrl;

    public AclsResourceIntegrationTest() {
        super(3, false);
    }

    @Override // io.confluent.kafkarest.integration.ClusterTestHarness
    protected SecurityProtocol getBrokerSecurityProtocol() {
        return SecurityProtocol.SASL_PLAINTEXT;
    }

    @Override // io.confluent.kafkarest.integration.ClusterTestHarness
    public Properties overrideBrokerProperties(int i, Properties properties) {
        properties.put("authorizer.class.name", "kafka.security.authorizer.AclAuthorizer");
        properties.put("listener.name.sasl_plaintext.plain.sasl.jaas.config", "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"kafka\" password=\"kafka\" user_kafka=\"kafka\" user_kafkarest=\"kafkarest\" user_alice=\"alice\" user_bob=\"bob\";");
        properties.put("sasl.enabled.mechanisms", "PLAIN");
        properties.put("sasl.mechanism.inter.broker.protocol", "PLAIN");
        properties.put("super.users", "User:kafka;User:kafkarest");
        return properties;
    }

    @Override // io.confluent.kafkarest.integration.ClusterTestHarness
    protected void overrideKafkaRestConfigs(Properties properties) {
        properties.put("client.sasl.jaas.config", "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"kafkarest\" password=\"kafkarest\";");
        properties.put("client.sasl.mechanism", "PLAIN");
        properties.put("client.security.protocol", "SASL_PLAINTEXT");
    }

    @Override // io.confluent.kafkarest.integration.ClusterTestHarness
    @BeforeEach
    public void setUp() throws Exception {
        super.setUp();
        this.clusterId = getClusterId();
        this.baseAclUrl = "/v3/clusters/" + this.clusterId + "/acls";
        this.expectedAliceUrl = this.restConnect + this.baseAclUrl + "?resource_type=TOPIC&resource_name=*&pattern_type=LITERAL&principal=User%3Aalice&host=*&operation=READ&permission=ALLOW";
        this.expectedBobUrl = this.restConnect + this.baseAclUrl + "?resource_type=TOPIC&resource_name=topic-&pattern_type=PREFIXED&principal=User%3Abob&host=1.2.3.4&operation=WRITE&permission=ALLOW";
        this.expectedSearchUrl = this.restConnect + this.baseAclUrl + "?resource_type=TOPIC&resource_name=topic-1&pattern_type=MATCH&principal=&host=&operation=ANY&permission=ANY";
    }

    private void createAliceAndBobAcls() {
        SearchAclsResponse create = SearchAclsResponse.create(AclDataList.builder().setMetadata(ResourceCollection.Metadata.builder().setSelf(this.expectedSearchUrl).build()).setData(Collections.emptyList()).build());
        Response response = request(this.baseAclUrl, ImmutableMap.of("resource_type", "topic", "resource_name", "topic-1", "pattern_type", "match")).accept(new String[]{"application/json"}).get();
        Assertions.assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
        Assertions.assertEquals(create, response.readEntity(SearchAclsResponse.class));
        Response post = request(this.baseAclUrl).post(Entity.entity(CreateAclRequest.builder().setResourceType(Acl.ResourceType.TOPIC).setResourceName("*").setPatternType(Acl.PatternType.LITERAL).setPrincipal("User:alice").setHost("*").setOperation(Acl.Operation.READ).setPermission(Acl.Permission.ALLOW).build(), "application/json"));
        Assertions.assertEquals(Response.Status.CREATED.getStatusCode(), post.getStatus());
        Assertions.assertEquals(this.expectedAliceUrl, post.getLocation().toString());
        Response post2 = request(this.baseAclUrl).post(Entity.entity(CreateAclRequest.builder().setResourceType(Acl.ResourceType.TOPIC).setResourceName("topic-").setPatternType(Acl.PatternType.PREFIXED).setPrincipal("User:bob").setHost("1.2.3.4").setOperation(Acl.Operation.WRITE).setPermission(Acl.Permission.ALLOW).build(), "application/json"));
        Assertions.assertEquals(Response.Status.CREATED.getStatusCode(), post2.getStatus());
        Assertions.assertEquals(this.expectedBobUrl, post2.getLocation().toString());
        SearchAclsResponse create2 = SearchAclsResponse.create(AclDataList.builder().setMetadata(ResourceCollection.Metadata.builder().setSelf(this.expectedSearchUrl).build()).setData(Arrays.asList(ALICE_ACL_DATA.setMetadata(Resource.Metadata.builder().setSelf(this.expectedAliceUrl).build()).setClusterId(this.clusterId).build(), BOB_ACL_DATA.setMetadata(Resource.Metadata.builder().setSelf(this.expectedBobUrl).build()).setClusterId(this.clusterId).build())).build());
        Response response2 = request(this.baseAclUrl, ImmutableMap.of("resource_type", "topic", "resource_name", "topic-1", "pattern_type", "match")).accept(new String[]{"application/json"}).get();
        Assertions.assertEquals(Response.Status.OK.getStatusCode(), response2.getStatus());
        Assertions.assertEquals(create2, response2.readEntity(SearchAclsResponse.class));
    }

    @Test
    public void testCreateSearchAndSeparateDelete() {
        createAliceAndBobAcls();
        DeleteAclsResponse create = DeleteAclsResponse.create(Collections.singletonList(ALICE_ACL_DATA.setMetadata(Resource.Metadata.builder().setSelf(this.expectedAliceUrl).build()).setClusterId(this.clusterId).build()));
        Client client = getClient();
        this.restApp.configureBaseApplication(client);
        Response delete = client.target(this.expectedAliceUrl).request().accept(new String[]{"application/json"}).delete();
        Assertions.assertEquals(Response.Status.OK.getStatusCode(), delete.getStatus());
        Assertions.assertEquals(create, delete.readEntity(DeleteAclsResponse.class));
        DeleteAclsResponse create2 = DeleteAclsResponse.create(Collections.singletonList(BOB_ACL_DATA.setMetadata(Resource.Metadata.builder().setSelf(this.expectedBobUrl).build()).setClusterId(this.clusterId).build()));
        Response delete2 = client.target(this.expectedBobUrl).request().accept(new String[]{"application/json"}).delete();
        Assertions.assertEquals(Response.Status.OK.getStatusCode(), delete2.getStatus());
        Assertions.assertEquals(create2, delete2.readEntity(DeleteAclsResponse.class));
        SearchAclsResponse create3 = SearchAclsResponse.create(AclDataList.builder().setMetadata(ResourceCollection.Metadata.builder().setSelf(this.expectedSearchUrl).build()).setData(Collections.emptyList()).build());
        Response response = request(this.baseAclUrl, ImmutableMap.of("resource_type", "topic", "resource_name", "topic-1", "pattern_type", "match")).accept(new String[]{"application/json"}).get();
        Assertions.assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
        Assertions.assertEquals(create3, response.readEntity(SearchAclsResponse.class));
    }

    @Test
    public void testCreateSearchAndMultiDelete() {
        createAliceAndBobAcls();
        Client client = getClient();
        this.restApp.configureBaseApplication(client);
        Assertions.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), client.target(this.restConnect + this.baseAclUrl).request().accept(new String[]{"application/json"}).delete().getStatus());
        DeleteAclsResponse create = DeleteAclsResponse.create(ImmutableList.of(ALICE_ACL_DATA.setMetadata(Resource.Metadata.builder().setSelf(this.expectedAliceUrl).build()).setClusterId(this.clusterId).build(), BOB_ACL_DATA.setMetadata(Resource.Metadata.builder().setSelf(this.expectedBobUrl).build()).setClusterId(this.clusterId).build()));
        Response delete = client.target(this.expectedSearchUrl).request().accept(new String[]{"application/json"}).delete();
        Assertions.assertEquals(Response.Status.OK.getStatusCode(), delete.getStatus());
        Assertions.assertEquals(create, delete.readEntity(DeleteAclsResponse.class));
    }
}
