package integration.rbacapi.configuration;

import io.confluent.common.utils.IntegrationTest;
import io.confluent.kafka.test.utils.KafkaTestUtils;
import io.confluent.kafka.test.utils.SecurityTestUtils;
import io.confluent.rbacapi.retrofit.RbacRestApi;
import io.confluent.rbacapi.retrofit.RbacRetrofitFactory;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.test.utils.RbacClusters;
import io.confluent.testing.ldap.client.ExampleComLdapCrud;
import io.confluent.testing.ldap.server.LdapServer;
import java.util.Collections;
import java.util.List;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import utils.KafkaConfigSetupHelper;
import utils.MdsConfigUtil;
import utils.ScopeBuilder;

@Category({IntegrationTest.class})
/* loaded from: input_file:integration/rbacapi/configuration/BootStrapTest.class */
public class BootStrapTest {
    private static final String MDS_USER = "mds";
    private static final String ALICE_USER = "alice";
    private static final String ADMINS_GROUP = "admins_group";
    private static LdapServer ldapServer;
    private static RbacRestApi mdsApiClient;
    private static RbacRestApi aliceApiClient;

    @BeforeClass
    public static void setUp() {
        ldapServer = LdapServer.defaultServerNoUsers().start();
        ExampleComLdapCrud exampleComLdapCrud = new ExampleComLdapCrud();
        exampleComLdapCrud.createUser(MDS_USER);
        exampleComLdapCrud.createUser(ALICE_USER);
        exampleComLdapCrud.addUserToGroup(ALICE_USER, ADMINS_GROUP);
        mdsApiClient = RbacRetrofitFactory.build(MdsConfigUtil.DEFAULT_HTTP_ADVERTISED_LISTENER, MDS_USER, MDS_USER);
        aliceApiClient = RbacRetrofitFactory.build(MdsConfigUtil.DEFAULT_HTTP_ADVERTISED_LISTENER, ALICE_USER, ALICE_USER);
    }

    @AfterClass
    public static void tearDown() {
        ldapServer.stop();
    }

    @Test
    public void backdoorBoostrapSetup() throws Throwable {
        RbacClusters rbacClusters = new RbacClusters(KafkaConfigSetupHelper.justLDAP("does_not_matter"));
        Scope build = ScopeBuilder.withKafka(rbacClusters.metadataClusterId()).build();
        try {
            rbacClusters.assignRole("User", ALICE_USER, "UserAdmin", build, Collections.emptySet());
            Assert.assertTrue(((List) aliceApiClient.getRoleNamesForPrincipal("User:alice", build).execute().body()).contains("UserAdmin"));
            rbacClusters.shutdown();
            SecurityTestUtils.clearSecurityConfigs();
            KafkaTestUtils.verifyThreadCleanup();
        } catch (Throwable th) {
            rbacClusters.shutdown();
            SecurityTestUtils.clearSecurityConfigs();
            KafkaTestUtils.verifyThreadCleanup();
            throw th;
        }
    }

    @Test
    public void realBootstrap() throws Throwable {
        RbacClusters rbacClusters = new RbacClusters(KafkaConfigSetupHelper.justLDAP(MDS_USER));
        Scope build = ScopeBuilder.withKafka(rbacClusters.metadataClusterId()).build();
        try {
            Assert.assertTrue(mdsApiClient.addClusterRoleForPrincipal("User:alice", "UserAdmin", build).execute().isSuccessful());
            Assert.assertTrue(((List) aliceApiClient.getRoleNamesForPrincipal("User:alice", build).execute().body()).contains("UserAdmin"));
            rbacClusters.shutdown();
            SecurityTestUtils.clearSecurityConfigs();
            KafkaTestUtils.verifyThreadCleanup();
        } catch (Throwable th) {
            rbacClusters.shutdown();
            SecurityTestUtils.clearSecurityConfigs();
            KafkaTestUtils.verifyThreadCleanup();
            throw th;
        }
    }
}
