package io.confluent.rbac.cloud.controlplane;

import io.confluent.rbac.cloud.controlplane.CloudRbacModel;
import io.confluent.rbac.cloud.controlplane.Team;
import io.confluent.rbacapi.entities.AuthorizeRequest;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.retrofit.v2.V2RbacRestApi;
import io.confluent.rbacapi.retrofit.v2.V2RbacRetrofitFactory;
import io.confluent.rbacperf.utils.PerfTestUtils;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.test.utils.RbacClusters;
import java.io.IOException;
import java.net.ConnectException;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.awaitility.Awaitility;
import org.junit.Assert;
import org.testng.AssertJUnit;
import org.testng.annotations.AfterClass;
import org.testng.annotations.Test;
import utils.KafkaConfigTool;
import utils.MdsTestUtil;
import utils.PostgresDbTestBed;

/* loaded from: input_file:io/confluent/rbac/cloud/controlplane/CloudRbacPerfTestBase.class */
public class CloudRbacPerfTestBase {
    private static final boolean PRINT_OUTPUT = false;
    private static final boolean DRY_RUN = false;
    private static final ResourceType CLOUD_CLUSTER_RESOURCE_TYPE = new ResourceType("CloudCluster");
    private static final ResourceType ENVIRONMENT_RESOURCE_TYPE = new ResourceType("Environment");
    private static final ResourceType ORGANIZATION_RESOURCE_TYPE = new ResourceType("Organization");
    private static final Operation DESCRIBE_OPERATION = new Operation("Describe");
    private static final Operation DELETE_OPERATION = new Operation("Delete");
    private static final Operation CREATE_ENVIRONMENT_OPERATION = new Operation("CreateEnvironment");
    private static final Operation DESCRIBE_ACCESS_OPERATION = new Operation("DescribeAccess");
    protected V2RbacRestApi brokerUserClient;
    protected CloudRbacModel rbacModel;
    private RbacClusters rbacClusters;
    private int actualMdsPort;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/confluent/rbac/cloud/controlplane/CloudRbacPerfTestBase$AuthorizeRequestInput.class */
    public static class AuthorizeRequestInput {
        private final String principal;
        private final List<Action> actions;

        private AuthorizeRequestInput(String str, List<Action> list) {
            this.principal = str;
            this.actions = list;
        }

        public String toString() {
            return String.format("%s, %s", this.principal, this.actions);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void startControlPlaneMDS(List<String> list, CloudRbacModel.ClusterProps clusterProps) {
        try {
            if (clusterProps.useExternalMds) {
                this.brokerUserClient = getApiClientForToken(clusterProps.externalMdsHost, clusterProps.externalMdsPort, clusterProps.adminUserToken);
            } else {
                initializeRbacClusters(list, clusterProps);
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private void initializeRbacClusters(List<String> list, CloudRbacModel.ClusterProps clusterProps) throws Exception {
        if (clusterProps.useDBAuthStore) {
            this.rbacClusters = clusterWithDBAuthStore(list);
        } else {
            this.rbacClusters = new RbacClusters(KafkaConfigTool.cloudHashTopic("flowserviceadmin", list));
        }
        this.actualMdsPort = MdsTestUtil.lookupActualMdsPort(this.rbacClusters);
        waitForClusterToBoot();
        this.brokerUserClient = getApiClientForUser("flowserviceadmin");
    }

    private RbacClusters clusterWithDBAuthStore(List<String> list) throws Exception {
        RbacClusters.Config cloudHashTopic = KafkaConfigTool.cloudHashTopic("flowserviceadmin", list);
        cloudHashTopic.overrideMetadataBrokerConfig("confluent.metadata.server.api.flavor", "CC");
        cloudHashTopic.overrideMetadataBrokerConfig("authorizer.class.name", "io.confluent.kafka.multitenant.authorizer.MultiTenantAuthorizer");
        cloudHashTopic.overrideMetadataBrokerConfig("confluent.authorizer.access.rule.providers", "MULTI_TENANT,CC_CONTROL_PLANE_MDS_DB");
        cloudHashTopic.overrideMetadataBrokerConfig("confluent.metadata.server.db.auth.cache.max.size", "1000");
        cloudHashTopic.overrideMetadataBrokerConfig("confluent.metadata.server.db.auth.cache.ttl.ms", "10000");
        PostgresDbTestBed postgresDbTestBed = new PostgresDbTestBed();
        postgresDbTestBed.setupDb();
        System.out.println("DB started at url=" + postgresDbTestBed.getDbUrl() + " with user/pass=" + postgresDbTestBed.getDbUser() + ":" + postgresDbTestBed.getDbPass());
        KafkaConfigTool.applyCloudDbConfig(cloudHashTopic, postgresDbTestBed);
        this.rbacClusters = new RbacClusters(cloudHashTopic, false);
        this.rbacClusters.startMetadataCluster(Duration.ofSeconds(30L));
        return this.rbacClusters;
    }

    protected V2RbacRestApi getApiClientForUser(String str) {
        return V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, str, str);
    }

    protected V2RbacRestApi getApiClientForToken(String str, int i, String str2) {
        return V2RbacRetrofitFactory.buildWithToken(str, i, str2);
    }

    private void waitForClusterToBoot() {
        V2RbacRestApi build = V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, "flowserviceadmin", "flowserviceadmin");
        Awaitility.given().ignoreException(ConnectException.class).await().atMost(25L, TimeUnit.SECONDS).untilAsserted(() -> {
            AssertJUnit.assertEquals("MDS/Kafka didn't start in time.", 200, build.getRoleNames().execute().code());
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addRoleForPrincipals(Team.UserBucket userBucket, MdsScope mdsScope) {
        try {
            Iterator it = userBucket.getUsers().iterator();
            while (it.hasNext()) {
                Assert.assertTrue(this.brokerUserClient.addClusterRoleForPrincipal(String.format("User:%s", (String) it.next()), userBucket.getRole().toString(), mdsScope).execute().isSuccessful());
            }
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }

    @Test
    public void testClusterGrantedAccess() throws IOException {
        PerfTestUtils.printTestName();
        PerfTestUtils.printProfileHeader();
        testResourceAccessAtLevel(CloudRbacModel.Level.CLOUDCLUSTER, CloudRbacModel.Role.CloudClusterAdmin, CLOUD_CLUSTER_RESOURCE_TYPE, DESCRIBE_OPERATION, false);
        testResourceAccessAtLevel(CloudRbacModel.Level.ENVIRONMENT, CloudRbacModel.Role.CloudClusterAdmin, CLOUD_CLUSTER_RESOURCE_TYPE, DESCRIBE_OPERATION, false);
        testResourceAccessAtLevel(CloudRbacModel.Level.ORGANIZATION, CloudRbacModel.Role.CloudClusterAdmin, CLOUD_CLUSTER_RESOURCE_TYPE, DESCRIBE_OPERATION, false);
    }

    @Test
    public void testEnvironmentGrantedAccess() throws IOException {
        PerfTestUtils.printTestName();
        PerfTestUtils.printProfileHeader();
        testResourceAccessAtLevel(CloudRbacModel.Level.ENVIRONMENT, CloudRbacModel.Role.EnvironmentAdmin, ENVIRONMENT_RESOURCE_TYPE, DELETE_OPERATION, false);
        testResourceAccessAtLevel(CloudRbacModel.Level.ORGANIZATION, CloudRbacModel.Role.EnvironmentAdmin, ENVIRONMENT_RESOURCE_TYPE, DELETE_OPERATION, false);
    }

    @Test
    public void testOrganizationGrantedAccess() throws IOException {
        PerfTestUtils.printTestName();
        PerfTestUtils.printProfileHeader();
        testResourceAccessAtLevel(CloudRbacModel.Level.ORGANIZATION, CloudRbacModel.Role.OrganizationAdmin, ORGANIZATION_RESOURCE_TYPE, CREATE_ENVIRONMENT_OPERATION, false);
    }

    @Test
    public void testRootLevelGrantedAccess() throws IOException {
        PerfTestUtils.printTestName();
        PerfTestUtils.printProfileHeader();
        testResourceAccessAtLevel(CloudRbacModel.Level.ROOT, CloudRbacModel.Role.CCloudRoleBindingAdmin, ORGANIZATION_RESOURCE_TYPE, DESCRIBE_ACCESS_OPERATION, false);
    }

    @Test
    public void testClusterDenyAccess() throws IOException {
        PerfTestUtils.printTestName();
        PerfTestUtils.printProfileHeader();
        testResourceAccessAtLevel(CloudRbacModel.Level.CLOUDCLUSTER, CloudRbacModel.Role.CloudClusterAdmin, CLOUD_CLUSTER_RESOURCE_TYPE, DESCRIBE_OPERATION, true);
        testResourceAccessAtLevel(CloudRbacModel.Level.ENVIRONMENT, CloudRbacModel.Role.EnvironmentAdmin, CLOUD_CLUSTER_RESOURCE_TYPE, DESCRIBE_OPERATION, true);
        testResourceAccessAtLevel(CloudRbacModel.Level.ORGANIZATION, CloudRbacModel.Role.OrganizationAdmin, CLOUD_CLUSTER_RESOURCE_TYPE, DESCRIBE_OPERATION, true);
    }

    private void testResourceAccessAtLevel(CloudRbacModel.Level level, CloudRbacModel.Role role, ResourceType resourceType, Operation operation, boolean z) throws IOException {
        PerfTestUtils.ProfilableApiCall profilableApiCall = obj -> {
            return this.brokerUserClient.authorize(new AuthorizeRequest(((AuthorizeRequestInput) obj).principal, ((AuthorizeRequestInput) obj).actions)).execute();
        };
        List<Team> allTeamsAtLevel = this.rbacModel.getAllTeamsAtLevel(level.levelCode);
        ArrayList arrayList = new ArrayList();
        for (Team team : allTeamsAtLevel) {
            List allSubtreeScopesWithRole = team.getAllSubtreeScopesWithRole(role, z);
            for (String str : getUsersFromTeamAsKafkaPrincipalStrings(team)) {
                Iterator it = allSubtreeScopesWithRole.iterator();
                while (it.hasNext()) {
                    arrayList.add(new AuthorizeRequestInput(str, Collections.singletonList(new Action((Scope) it.next(), resourceType, UUID.randomUUID().toString(), operation))));
                }
            }
        }
        List list = (List) arrayList.stream().limit(10000L).collect(Collectors.toList());
        ArrayList arrayList2 = new ArrayList();
        for (Object obj2 : list) {
            for (int i = 0; i < 10; i++) {
                arrayList2.add(obj2);
            }
        }
        Collections.shuffle(arrayList2);
        PerfTestUtils.profileApi(profilableApiCall, arrayList2, level.toString() + " Scope", false, false);
    }

    private static List<String> getUsersFromTeamAsKafkaPrincipalStrings(Team team) {
        return (List) team.getUsers().stream().map(str -> {
            return "User:" + str;
        }).collect(Collectors.toList());
    }

    @AfterClass
    public void tearDown() {
        try {
            if (this.rbacClusters != null) {
                this.rbacClusters.shutdown();
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setCloudRbacModel(CloudRbacModel cloudRbacModel) {
        this.rbacModel = cloudRbacModel;
    }
}
