package functional;

import com.fasterxml.jackson.core.type.TypeReference;
import com.google.common.collect.Lists;
import functional.stubs.StubApplicationUtil;
import functional.stubs.StubRbacApiApplication;
import io.confluent.rbacapi.app.RbacApiApplication;
import io.confluent.rbacapi.entities.AuthorizeRequest;
import io.confluent.rbacapi.entities.ResourcesRequest;
import io.confluent.rbacapi.errors.ErrorResponse;
import io.confluent.rbacapi.retrofit.RbacRestApi;
import io.confluent.rbacapi.retrofit.RbacRetrofitFactory;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import org.apache.kafka.common.resource.PatternType;
import org.junit.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import retrofit2.Response;
import utils.MdsJsonUtil;

/* loaded from: input_file:functional/RbacStubsValidationsTest.class */
public class RbacStubsValidationsTest {
    private RbacApiApplication rbacApiApplication;
    private RbacRestApi rbacRestApi;

    @BeforeClass
    public void setUpBeforeClass() throws Exception {
        this.rbacApiApplication = StubApplicationUtil.createStub();
        this.rbacApiApplication.start();
        String num = Integer.toString(this.rbacApiApplication.actualPort());
        System.out.println("Stub port is " + num);
        this.rbacRestApi = RbacRetrofitFactory.build("http://localhost:" + num);
    }

    @AfterClass
    public void tearDownAfterClass() throws Exception {
        this.rbacApiApplication.stop();
    }

    @Test
    public void verifyError_InvalidPrincipal_AddRoleForPrincipal() throws Throwable {
        Response execute = this.rbacRestApi.addClusterRoleForPrincipal("Bob", "DeveloperRead", Scope.kafkaClusterScope(StubRbacApiApplication.STUB_CLUSTER)).execute();
        Assert.assertNotNull(execute);
        Assert.assertEquals(400L, execute.code());
        Assert.assertTrue(((ErrorResponse) MdsJsonUtil.deserializeJson(execute.errorBody().string(), new TypeReference<ErrorResponse>() { // from class: functional.RbacStubsValidationsTest.1
        })).message.contains("Invalid principal"));
    }

    @Test
    public void verifyError_InvalidRole_AddRoleForPrincipal() throws Throwable {
        Response execute = this.rbacRestApi.addClusterRoleForPrincipal("User:Bob", "Developer", Scope.kafkaClusterScope(StubRbacApiApplication.STUB_CLUSTER)).execute();
        Assert.assertNotNull(execute);
        Assert.assertEquals(400L, execute.code());
        Assert.assertTrue(((ErrorResponse) MdsJsonUtil.deserializeJson(execute.errorBody().string(), new TypeReference<ErrorResponse>() { // from class: functional.RbacStubsValidationsTest.2
        })).message.contains("Invalid role name"));
    }

    @Test
    public void verifyError_InvalidResourceType_AddResourceBinding() throws Throwable {
        Response execute = this.rbacRestApi.addRoleResourcesForPrincipal("User:Bob", "DeveloperRead", new ResourcesRequest(Scope.kafkaClusterScope(StubRbacApiApplication.STUB_CLUSTER), Lists.newArrayList(new ResourcePattern[]{new ResourcePattern("InvalidResourceType", "*", PatternType.PREFIXED)}))).execute();
        Assert.assertNotNull(execute);
        Assert.assertEquals(400L, execute.code());
        Assert.assertTrue(((ErrorResponse) MdsJsonUtil.deserializeJson(execute.errorBody().string(), new TypeReference<ErrorResponse>() { // from class: functional.RbacStubsValidationsTest.3
        })).message.contains("Invalid resource type"));
    }

    @Test
    public void verifyError_InvalidScopeResourceType_AddResourceBinding() throws Throwable {
        Response execute = this.rbacRestApi.addRoleResourcesForPrincipal("User:Bob", "DeveloperWrite", new ResourcesRequest(Scope.kafkaClusterScope(StubRbacApiApplication.STUB_CLUSTER), Lists.newArrayList(new ResourcePattern[]{new ResourcePattern("KsqlCluster", "*", PatternType.LITERAL)}))).execute();
        Assert.assertNotNull(execute);
        Assert.assertEquals(400L, execute.code());
        Assert.assertTrue(((ErrorResponse) MdsJsonUtil.deserializeJson(execute.errorBody().string(), new TypeReference<ErrorResponse>() { // from class: functional.RbacStubsValidationsTest.4
        })).message.contains("Invalid scope resource type binding"));
    }

    @Test
    public void verifyError_InvalidResourceType_Authorize() throws Throwable {
        Response execute = this.rbacRestApi.authorize(new AuthorizeRequest("User:Bob", Lists.newArrayList(new Action[]{new Action(Scope.kafkaClusterScope(StubRbacApiApplication.STUB_CLUSTER), new ResourceType("InvalidResourceType"), "*", new Operation("Alter"))}))).execute();
        Assert.assertNotNull(execute);
        Assert.assertEquals(400L, execute.code());
        Assert.assertTrue(((ErrorResponse) MdsJsonUtil.deserializeJson(execute.errorBody().string(), new TypeReference<ErrorResponse>() { // from class: functional.RbacStubsValidationsTest.5
        })).message.contains("Invalid resource type"));
    }

    @Test
    public void verifyError_InvalidOperation_Authorize() throws Throwable {
        Response execute = this.rbacRestApi.authorize(new AuthorizeRequest("User:Bob", Lists.newArrayList(new Action[]{new Action(Scope.kafkaClusterScope(StubRbacApiApplication.STUB_CLUSTER), new ResourceType("Topic"), "*", new Operation("No Such Operation"))}))).execute();
        Assert.assertNotNull(execute);
        Assert.assertEquals(400L, execute.code());
        Assert.assertTrue(((ErrorResponse) MdsJsonUtil.deserializeJson(execute.errorBody().string(), new TypeReference<ErrorResponse>() { // from class: functional.RbacStubsValidationsTest.6
        })).message.contains("Invalid operation"));
    }

    @Test
    public void verifyError_InvalidRoleResourceType_AddResourceBinding() throws Throwable {
        Response execute = this.rbacRestApi.addRoleResourcesForPrincipal("User:Bob", "DeveloperRead", new ResourcesRequest(Scope.kafkaClusterScope(StubRbacApiApplication.STUB_CLUSTER), Lists.newArrayList(new ResourcePattern[]{new ResourcePattern("ControlCenterBrokerMetrics", "*", PatternType.PREFIXED)}))).execute();
        Assert.assertNotNull(execute);
        Assert.assertEquals(400L, execute.code());
        Assert.assertTrue(((ErrorResponse) MdsJsonUtil.deserializeJson(execute.errorBody().string(), new TypeReference<ErrorResponse>() { // from class: functional.RbacStubsValidationsTest.7
        })).message.contains("Invalid role resource type binding"));
    }

    @Test
    public void verifyError_InvalidPatternType_AddResourceBinding() throws Throwable {
        Response execute = this.rbacRestApi.addRoleResourcesForPrincipal("User:Bob", "DeveloperRead", new ResourcesRequest(Scope.kafkaClusterScope(StubRbacApiApplication.STUB_CLUSTER), Lists.newArrayList(new ResourcePattern[]{new ResourcePattern("Topic", "*", PatternType.MATCH)}))).execute();
        Assert.assertNotNull(execute);
        Assert.assertEquals(400L, execute.code());
        Assert.assertTrue(((ErrorResponse) MdsJsonUtil.deserializeJson(execute.errorBody().string(), new TypeReference<ErrorResponse>() { // from class: functional.RbacStubsValidationsTest.8
        })).message.contains("Invalid pattern type"));
    }

    @Test
    public void verifyError_InvalidClusterIds_AddRoleForPrincipal() throws Throwable {
        Response execute = this.rbacRestApi.addClusterRoleForPrincipal("User:Bob", "DeveloperRead", Scope.ROOT_SCOPE).execute();
        Assert.assertNotNull(execute);
        Assert.assertEquals(400L, execute.code());
        Assert.assertTrue(((ErrorResponse) MdsJsonUtil.deserializeJson(execute.errorBody().string(), new TypeReference<ErrorResponse>() { // from class: functional.RbacStubsValidationsTest.9
        })).message.contains("Invalid Scope : clusters should contain one or two cluster id keys"));
    }
}
