package integration.rbacapi.api.v2;

import io.confluent.rbacapi.entities.AuthorizeRequest;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.entities.ResourcesRequest;
import io.confluent.rbacapi.retrofit.v2.V2RbacRestApi;
import io.confluent.rbacapi.retrofit.v2.V2RbacRetrofitFactory;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.test.utils.RbacClusters;
import java.io.IOException;
import java.net.ConnectException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.kafka.common.resource.PatternType;
import org.awaitility.Awaitility;
import org.junit.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import utils.KafkaConfigTool;
import utils.MdsTestUtil;

@Test(groups = {"classParallelTests"})
/* loaded from: input_file:integration/rbacapi/api/v2/NestedScopesTest.class */
public class NestedScopesTest {
    private static final String BROKER_SUPER_USER = "kafka";
    private static final String ROOT_ADMIN = "root";
    private static final String ORG_ADMIN = "org-admin";
    private static final String ENV_1_ADMIN = "env1-admin";
    private static final String ENV_1_CLUSTER_1_ADMIN = "env1-cluster1-admin";
    private static final String ENV_1_CLUSTER_1_DEVELOPER = "env1-cluster1-developer";
    private static final Scope ROOT_SCOPE = new Scope.Builder(new String[0]).build();
    private static final Scope ORG_SCOPE = new Scope.Builder(new String[]{"org"}).build();
    private static final Scope ENV_1_SCOPE = new Scope.Builder(new String[]{"org", "env1"}).build();
    private static final Scope ENV_2_SCOPE = new Scope.Builder(new String[]{"org", "env2"}).build();
    private static final Scope ENV_1_CLUSTER_1_SCOPE = new Scope.Builder(new String[]{"org", "env1"}).withKafkaCluster("cluster1").build();
    private static final Scope ENV_1_CLUSTER_2_SCOPE = new Scope.Builder(new String[]{"org", "env1"}).withKafkaCluster("cluster2").build();
    private static final Scope ENV_2_CLUSTER_3_SCOPE = new Scope.Builder(new String[]{"org", "env2"}).withKafkaCluster("cluster3").build();
    private RbacClusters rbacClusters;
    private int actualMdsPort;
    private final Map<String, V2RbacRestApi> retrofitClients = new HashMap();

    @BeforeClass
    public void setUp() throws Exception {
        List<String> asList = Arrays.asList("kafka", ROOT_ADMIN, ORG_ADMIN, ENV_1_ADMIN, ENV_1_CLUSTER_1_ADMIN, ENV_1_CLUSTER_1_DEVELOPER);
        RbacClusters.Config justHash = KafkaConfigTool.justHash("kafka", (List<String>) asList);
        justHash.overrideMetadataBrokerConfig("confluent.metadata.server.api.flavor", "CC");
        this.rbacClusters = new RbacClusters(justHash);
        this.actualMdsPort = MdsTestUtil.lookupActualMdsPort(this.rbacClusters);
        for (String str : asList) {
            this.retrofitClients.put(str, V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, str, str));
        }
        Awaitility.given().ignoreException(ConnectException.class).await().atMost(30L, TimeUnit.SECONDS).until(() -> {
            return Boolean.valueOf(this.retrofitClients.get(ORG_ADMIN).getRoleNames().execute().isSuccessful());
        });
        Assert.assertTrue(this.retrofitClients.get("kafka").addClusterRoleForPrincipal("User:root", "SystemAdmin", new MdsScope(ROOT_SCOPE)).execute().isSuccessful());
        Assert.assertTrue(this.retrofitClients.get(ROOT_ADMIN).addClusterRoleForPrincipal("User:org-admin", "SystemAdmin", new MdsScope(ORG_SCOPE)).execute().isSuccessful());
        Assert.assertTrue(this.retrofitClients.get(ORG_ADMIN).addClusterRoleForPrincipal("User:env1-admin", "SystemAdmin", new MdsScope(ENV_1_SCOPE)).execute().isSuccessful());
        Assert.assertTrue(this.retrofitClients.get(ENV_1_ADMIN).addClusterRoleForPrincipal("User:env1-cluster1-admin", "SystemAdmin", new MdsScope(ENV_1_CLUSTER_1_SCOPE)).execute().isSuccessful());
        Assert.assertTrue(this.retrofitClients.get(ENV_1_CLUSTER_1_ADMIN).addRoleResourcesForPrincipal("User:env1-cluster1-developer", "DeveloperRead", new ResourcesRequest(new MdsScope(ENV_1_CLUSTER_1_SCOPE), Collections.singletonList(new ResourcePattern("Topic", "clicks", PatternType.LITERAL)))).execute().isSuccessful());
    }

    @AfterClass
    public void tearDown() {
        this.rbacClusters.shutdown();
        MdsTestUtil.releasePort(this.actualMdsPort);
    }

    @Test
    public void sanityTest_RetroFitBasicAuth() throws IOException {
        Assert.assertNotNull(V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, ORG_ADMIN, ORG_ADMIN).getRoles().execute());
        Assert.assertEquals(200L, r0.code());
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public Object[][] authorizations() {
        return new Object[]{new Object[]{ROOT_ADMIN, ORG_SCOPE, "Cluster", "ignored", "Describe", true}, new Object[]{ROOT_ADMIN, ENV_1_SCOPE, "Cluster", "ignored", "Describe", true}, new Object[]{ROOT_ADMIN, ENV_2_SCOPE, "Cluster", "ignored", "Describe", true}, new Object[]{ROOT_ADMIN, ENV_1_CLUSTER_1_SCOPE, "Cluster", "ignored", "Describe", true}, new Object[]{ROOT_ADMIN, ENV_1_CLUSTER_2_SCOPE, "Cluster", "ignored", "Describe", true}, new Object[]{ROOT_ADMIN, ENV_2_CLUSTER_3_SCOPE, "Cluster", "ignored", "Describe", true}, new Object[]{ROOT_ADMIN, ENV_1_CLUSTER_1_SCOPE, "Topic", "clicks", "Read", true}, new Object[]{ORG_ADMIN, ORG_SCOPE, "Cluster", "ignored", "Describe", true}, new Object[]{ORG_ADMIN, ENV_1_SCOPE, "Cluster", "ignored", "Describe", true}, new Object[]{ORG_ADMIN, ENV_2_SCOPE, "Cluster", "ignored", "Describe", true}, new Object[]{ORG_ADMIN, ENV_1_CLUSTER_1_SCOPE, "Cluster", "ignored", "Describe", true}, new Object[]{ORG_ADMIN, ENV_1_CLUSTER_2_SCOPE, "Cluster", "ignored", "Describe", true}, new Object[]{ORG_ADMIN, ENV_2_CLUSTER_3_SCOPE, "Cluster", "ignored", "Describe", true}, new Object[]{ORG_ADMIN, ENV_1_CLUSTER_1_SCOPE, "Topic", "clicks", "Read", true}, new Object[]{ENV_1_ADMIN, ORG_SCOPE, "Cluster", "ignored", "Describe", false}, new Object[]{ENV_1_ADMIN, ENV_1_SCOPE, "Cluster", "ignored", "Describe", true}, new Object[]{ENV_1_ADMIN, ENV_2_SCOPE, "Cluster", "ignored", "Describe", false}, new Object[]{ENV_1_ADMIN, ENV_1_CLUSTER_1_SCOPE, "Cluster", "ignored", "Describe", true}, new Object[]{ENV_1_ADMIN, ENV_1_CLUSTER_2_SCOPE, "Cluster", "ignored", "Describe", true}, new Object[]{ENV_1_ADMIN, ENV_2_CLUSTER_3_SCOPE, "Cluster", "ignored", "Describe", false}, new Object[]{ENV_1_ADMIN, ENV_1_CLUSTER_1_SCOPE, "Topic", "clicks", "Read", true}, new Object[]{ENV_1_CLUSTER_1_ADMIN, ORG_SCOPE, "Cluster", "ignored", "Describe", false}, new Object[]{ENV_1_CLUSTER_1_ADMIN, ENV_1_SCOPE, "Cluster", "ignored", "Describe", false}, new Object[]{ENV_1_CLUSTER_1_ADMIN, ENV_2_SCOPE, "Cluster", "ignored", "Describe", false}, new Object[]{ENV_1_CLUSTER_1_ADMIN, ENV_1_CLUSTER_1_SCOPE, "Cluster", "ignored", "Describe", true}, new Object[]{ENV_1_CLUSTER_1_ADMIN, ENV_1_CLUSTER_2_SCOPE, "Cluster", "ignored", "Describe", false}, new Object[]{ENV_1_CLUSTER_1_ADMIN, ENV_2_CLUSTER_3_SCOPE, "Cluster", "ignored", "Describe", false}, new Object[]{ENV_1_CLUSTER_1_ADMIN, ENV_1_CLUSTER_1_SCOPE, "Topic", "clicks", "Read", true}, new Object[]{ENV_1_CLUSTER_1_DEVELOPER, ORG_SCOPE, "Cluster", "ignored", "Describe", false}, new Object[]{ENV_1_CLUSTER_1_DEVELOPER, ENV_1_SCOPE, "Cluster", "ignored", "Describe", false}, new Object[]{ENV_1_CLUSTER_1_DEVELOPER, ENV_2_SCOPE, "Cluster", "ignored", "Describe", false}, new Object[]{ENV_1_CLUSTER_1_DEVELOPER, ENV_1_CLUSTER_1_SCOPE, "Cluster", "ignored", "Describe", false}, new Object[]{ENV_1_CLUSTER_1_DEVELOPER, ENV_1_CLUSTER_2_SCOPE, "Cluster", "ignored", "Describe", false}, new Object[]{ENV_1_CLUSTER_1_DEVELOPER, ENV_2_CLUSTER_3_SCOPE, "Cluster", "ignored", "Describe", false}, new Object[]{ENV_1_CLUSTER_1_DEVELOPER, ENV_1_CLUSTER_1_SCOPE, "Topic", "clicks", "Read", true}};
    }

    @Test(dataProvider = "authorizations")
    public void authorizeTest(String str, Scope scope, String str2, String str3, String str4, boolean z) throws IOException {
        List list = (List) this.retrofitClients.get(str).authorize(new AuthorizeRequest("User:" + str, Collections.singletonList(new Action(scope, new ResourceType(str2), str3, new Operation(str4))))).execute().body();
        Assert.assertNotNull(list);
        Assert.assertEquals(1L, list.size());
        if (z) {
            Assert.assertEquals(AuthorizeResult.ALLOWED, list.get(0));
        } else {
            Assert.assertEquals(AuthorizeResult.DENIED, list.get(0));
        }
    }
}
