package integration.rbacapi.api.v1;

import io.confluent.rbacapi.entities.ClusterAccessInfo;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.retrofit.v1.V1RbacRestApi;
import io.confluent.rbacapi.retrofit.v1.V1RbacRetrofitFactory;
import io.confluent.rbacapi.utils.ClusterType;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.test.utils.RbacClusters;
import io.confluent.testing.TestIndependenceUtil;
import io.confluent.testing.ldap.client.ExampleComLdapCrud;
import io.confluent.testing.ldap.client.LdapCrud;
import io.confluent.testing.ldap.server.LdapServer;
import java.io.IOException;
import java.net.ConnectException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.ws.rs.client.ClientBuilder;
import org.apache.commons.lang3.StringUtils;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.utils.SecurityUtils;
import org.awaitility.Awaitility;
import org.junit.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import retrofit2.Response;
import utils.KafkaConfigTool;
import utils.MdsTestUtil;
import utils.RoleCrudUtil;
import utils.ScopeBuilder;

@Test(groups = {"classParallelTests"})
/* loaded from: input_file:integration/rbacapi/api/v1/ManagedClustersLookupTest.class */
public class ManagedClustersLookupTest {
    private static final String BROKER_USER = "kafka";
    private static final String USER_ADMIN = "cross_cluster_user_admin";
    private static RbacClusters rbacClusters;
    private static LdapServer ldapServer;
    private static LdapCrud ldapCrud;
    private static int actualMdsPort;
    private static V1RbacRestApi userAdminClient;
    private static final MdsScope KAFKA_CLUSTER = ScopeBuilder.withKafka("kafka1").build();
    private static final MdsScope KSQL_CLUSTER = ScopeBuilder.withKafka("kafka1").withKSQL("ksql1").build();
    private static final MdsScope CONNECT_CLUSTER = ScopeBuilder.withKafka("kafka1").withConnect("connect1").build();
    private static final MdsScope SCHEMA_REGISTRY_CLUSTER = ScopeBuilder.withKafka("kafka1").withSR("sr1").build();
    private static final List<MdsScope> ALL_TEST_SCOPES = Arrays.asList(KAFKA_CLUSTER, KSQL_CLUSTER, CONNECT_CLUSTER, SCHEMA_REGISTRY_CLUSTER);

    @BeforeClass
    public static void setUp() throws Exception {
        ldapServer = LdapServer.defaultServerNoUsers().start();
        int actualPort = ldapServer.actualPort();
        ldapCrud = new ExampleComLdapCrud(actualPort);
        ldapCrud.createUsers(Arrays.asList("kafka", USER_ADMIN));
        rbacClusters = new RbacClusters(KafkaConfigTool.justLDAPv1(actualPort, "kafka"));
        actualMdsPort = MdsTestUtil.lookupActualMdsPort(rbacClusters);
        rbacClusters.assignRole("User", "kafka", "UserAdmin", rbacClusters.kafkaClusterId(), Collections.emptySet());
        V1RbacRestApi build = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "kafka", "kafka");
        Awaitility.given().ignoreException(ConnectException.class).await().atMost(30L, TimeUnit.SECONDS).until(() -> {
            return Boolean.valueOf(build.getRoleNames().execute().isSuccessful());
        });
        build.addClusterRoleForPrincipal("User:cross_cluster_user_admin", "UserAdmin", KAFKA_CLUSTER).execute();
        build.addClusterRoleForPrincipal("User:cross_cluster_user_admin", "UserAdmin", CONNECT_CLUSTER).execute();
        build.addClusterRoleForPrincipal("User:cross_cluster_user_admin", "UserAdmin", KSQL_CLUSTER).execute();
        build.addClusterRoleForPrincipal("User:cross_cluster_user_admin", "UserAdmin", SCHEMA_REGISTRY_CLUSTER).execute();
        userAdminClient = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, USER_ADMIN, USER_ADMIN);
    }

    @AfterClass
    public static void tearDown() {
        ldapServer.stop();
        rbacClusters.shutdown();
        MdsTestUtil.releasePort(actualMdsPort);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] clusterOnlyScopedRoleVisbilityAndAccess() {
        return new Object[]{new Object[]{"ClusterAdmin", Collections.emptyList(), Collections.emptyList()}, new Object[]{"Operator", Collections.emptyList(), Collections.emptyList()}, new Object[]{"SecurityAdmin", Arrays.asList(KAFKA_CLUSTER, CONNECT_CLUSTER, KSQL_CLUSTER, SCHEMA_REGISTRY_CLUSTER), Collections.singletonList("DescribeAccess")}, new Object[]{"SystemAdmin", Arrays.asList(KAFKA_CLUSTER, CONNECT_CLUSTER, KSQL_CLUSTER, SCHEMA_REGISTRY_CLUSTER), Arrays.asList("AlterAccess", "DescribeAccess")}, new Object[]{"UserAdmin", Arrays.asList(KAFKA_CLUSTER, CONNECT_CLUSTER, KSQL_CLUSTER, SCHEMA_REGISTRY_CLUSTER), Arrays.asList("AlterAccess", "DescribeAccess")}};
    }

    @Test(dataProvider = "clusterOnlyScopedRoleVisbilityAndAccess")
    public void test_listManagedClustersOnRoleClusterScope(String str, List<MdsScope> list, List<String> list2) throws IOException {
        String str2 = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        ldapCrud.createUser(str2);
        RoleCrudUtil.assignClusterRole(userAdminClient, KAFKA_CLUSTER, str2, str);
        RoleCrudUtil.assignClusterRole(userAdminClient, CONNECT_CLUSTER, str2, str);
        RoleCrudUtil.assignClusterRole(userAdminClient, KSQL_CLUSTER, str2, str);
        RoleCrudUtil.assignClusterRole(userAdminClient, SCHEMA_REGISTRY_CLUSTER, str2, str);
        Response execute = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, str2, str2).getManagedClustersForPrincipal(SecurityUtils.parseKafkaPrincipal(RoleCrudUtil.kafkaPrincipalString(str2)), null).execute();
        Assert.assertEquals(200L, execute.code());
        Assert.assertEquals(list, (List) execute.body());
    }

    @Test
    public void test_ReturnedScopesDoNoReturnPath() throws IOException {
        String str = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        ldapCrud.createUser(str);
        RoleCrudUtil.assignClusterRole(userAdminClient, KAFKA_CLUSTER, str, "UserAdmin");
        RoleCrudUtil.assignClusterRole(userAdminClient, CONNECT_CLUSTER, str, "UserAdmin");
        RoleCrudUtil.assignClusterRole(userAdminClient, KSQL_CLUSTER, str, "UserAdmin");
        RoleCrudUtil.assignClusterRole(userAdminClient, SCHEMA_REGISTRY_CLUSTER, str, "UserAdmin");
        javax.ws.rs.core.Response response = ClientBuilder.newClient().target(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST + ":" + actualMdsPort).path("/security/1.0/lookup/managed/clusters/principal/User:" + str).request(new String[]{"application/json"}).header("Authorization", "Basic " + Base64.getEncoder().encodeToString((str + ":" + str).getBytes())).get();
        Assert.assertEquals(200L, response.getStatus());
        String str2 = (String) response.readEntity(String.class);
        Assert.assertTrue(StringUtils.startsWith(str2, "[{"));
        Assert.assertTrue(str2.contains("clusters"));
        Assert.assertTrue(str2.contains("kafka1"));
        Assert.assertFalse(str2.contains("path"));
    }

    @Test(dataProvider = "clusterOnlyScopedRoleVisbilityAndAccess")
    public void test_clusterRoleAccess(String str, List<Scope> list, List<String> list2) throws IOException {
        String str2 = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        ldapCrud.createUser(str2);
        RoleCrudUtil.assignClusterRole(userAdminClient, KAFKA_CLUSTER, str2, str);
        RoleCrudUtil.assignClusterRole(userAdminClient, CONNECT_CLUSTER, str2, str);
        RoleCrudUtil.assignClusterRole(userAdminClient, KSQL_CLUSTER, str2, str);
        RoleCrudUtil.assignClusterRole(userAdminClient, SCHEMA_REGISTRY_CLUSTER, str2, str);
        V1RbacRestApi build = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, str2, str2);
        Iterator<MdsScope> it = ALL_TEST_SCOPES.iterator();
        while (it.hasNext()) {
            Response execute = build.getClustersAccessInfoForPrincipal(SecurityUtils.parseKafkaPrincipal(RoleCrudUtil.kafkaPrincipalString(str2)), it.next()).execute();
            Assert.assertEquals(200L, execute.code());
            ClusterAccessInfo clusterAccessInfo = (ClusterAccessInfo) execute.body();
            Assert.assertEquals(list2, clusterAccessInfo.getClusterAccess());
            Iterator it2 = clusterAccessInfo.getResourcesAccess().values().iterator();
            while (it2.hasNext()) {
                Assert.assertEquals(list2, (List) it2.next());
            }
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] listManagedClustersOnRoleResourceScope() {
        return new Object[]{new Object[]{"DeveloperRead", Collections.emptyList(), Collections.emptyList()}, new Object[]{"DeveloperWrite", Collections.emptyList(), Collections.emptyList()}, new Object[]{"DeveloperManage", Collections.emptyList(), Collections.emptyList()}, new Object[]{"ResourceOwner", Arrays.asList(KAFKA_CLUSTER, CONNECT_CLUSTER, KSQL_CLUSTER, SCHEMA_REGISTRY_CLUSTER), Arrays.asList("AlterAccess", "DescribeAccess")}};
    }

    @Test(dataProvider = "listManagedClustersOnRoleResourceScope")
    public void test_listManagedClustersOnRoleResourceScope(String str, List<MdsScope> list, List<String> list2) throws IOException {
        String str2 = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        ldapCrud.createUser(str2);
        RoleCrudUtil.assignResourceRole(userAdminClient, KAFKA_CLUSTER, str2, str, RoleCrudUtil.newSingletonResource("Topic", "t1", PatternType.LITERAL));
        RoleCrudUtil.assignResourceRole(userAdminClient, KAFKA_CLUSTER, str2, str, RoleCrudUtil.newSingletonResource(LookupTest.GROUP_TYPE, "g1", PatternType.LITERAL));
        RoleCrudUtil.assignResourceRole(userAdminClient, KAFKA_CLUSTER, str2, str, RoleCrudUtil.newSingletonResource("TransactionalId", "TransactionId1", PatternType.LITERAL));
        RoleCrudUtil.assignResourceRole(userAdminClient, KAFKA_CLUSTER, str2, str, RoleCrudUtil.newSingletonResource("Cluster", "kafka-cluster", PatternType.LITERAL));
        RoleCrudUtil.assignResourceRole(userAdminClient, CONNECT_CLUSTER, str2, str, RoleCrudUtil.newSingletonResource("Connector", "c1", PatternType.LITERAL));
        RoleCrudUtil.assignResourceRole(userAdminClient, SCHEMA_REGISTRY_CLUSTER, str2, str, RoleCrudUtil.newSingletonResource("Subject", "s1", PatternType.LITERAL));
        if (!"DeveloperRead".equals(str)) {
            RoleCrudUtil.assignResourceRole(userAdminClient, KSQL_CLUSTER, str2, str, RoleCrudUtil.newSingletonResource("KsqlCluster", "ksql-cluster", PatternType.LITERAL));
        }
        V1RbacRestApi build = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, str2, str2);
        Response execute = build.getManagedClustersForPrincipal(SecurityUtils.parseKafkaPrincipal(RoleCrudUtil.kafkaPrincipalString(str2)), null).execute();
        Assert.assertEquals(200L, execute.code());
        Assert.assertEquals(list, (List) execute.body());
        Iterator<MdsScope> it = ALL_TEST_SCOPES.iterator();
        while (it.hasNext()) {
            Response execute2 = build.getClustersAccessInfoForPrincipal(SecurityUtils.parseKafkaPrincipal(RoleCrudUtil.kafkaPrincipalString(str2)), it.next()).execute();
            Assert.assertEquals(200L, execute2.code());
            ClusterAccessInfo clusterAccessInfo = (ClusterAccessInfo) execute2.body();
            Assert.assertEquals(0L, clusterAccessInfo.getClusterAccess().size());
            for (String str3 : clusterAccessInfo.getResourcesAccess().keySet()) {
                Assert.assertEquals("Access for " + str3, list2, (List) clusterAccessInfo.getResourcesAccess().get(str3));
            }
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] listManagedClustersWithClusterTypeFilter() {
        return new Object[]{new Object[]{ClusterType.KAFKA_CLUSTER, KAFKA_CLUSTER}, new Object[]{ClusterType.KSQL_CLUSTER, KSQL_CLUSTER}, new Object[]{ClusterType.CONNECT_CLUSTER, CONNECT_CLUSTER}, new Object[]{ClusterType.SCHEMA_REGISTRY_CLUSTER, SCHEMA_REGISTRY_CLUSTER}};
    }

    @Test(dataProvider = "listManagedClustersWithClusterTypeFilter")
    public void test_listManagedClustersWithClusterTypeFilter(ClusterType clusterType, MdsScope mdsScope) throws IOException {
        String str = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        ldapCrud.createUser(str);
        RoleCrudUtil.assignClusterRole(userAdminClient, KAFKA_CLUSTER, str, "SystemAdmin");
        RoleCrudUtil.assignClusterRole(userAdminClient, CONNECT_CLUSTER, str, "SystemAdmin");
        RoleCrudUtil.assignClusterRole(userAdminClient, KSQL_CLUSTER, str, "SystemAdmin");
        RoleCrudUtil.assignClusterRole(userAdminClient, SCHEMA_REGISTRY_CLUSTER, str, "SystemAdmin");
        Response execute = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, str, str).getManagedClustersForPrincipal(SecurityUtils.parseKafkaPrincipal(RoleCrudUtil.kafkaPrincipalString(str)), clusterType).execute();
        Assert.assertEquals(200L, execute.code());
        Assert.assertEquals(Collections.singletonList(mdsScope), (List) execute.body());
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public static Object[][] securityAdminAndResourceOwnerSpecificData() {
        return new Object[]{new Object[]{KAFKA_CLUSTER, "Topic", "t1"}, new Object[]{KAFKA_CLUSTER, LookupTest.GROUP_TYPE, "g1"}, new Object[]{KAFKA_CLUSTER, "TransactionalId", "tranId"}, new Object[]{KAFKA_CLUSTER, "Cluster", "kafka-cluster"}, new Object[]{KSQL_CLUSTER, "KsqlCluster", "ksql-cluster"}, new Object[]{CONNECT_CLUSTER, "Connector", "c1"}, new Object[]{SCHEMA_REGISTRY_CLUSTER, "Subject", "s1"}};
    }

    @Test(dataProvider = "securityAdminAndResourceOwnerSpecificData")
    public void testSecurityAdminAndResourceOwner(MdsScope mdsScope, String str, String str2) throws IOException {
        String str3 = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        ldapCrud.createUser(str3);
        RoleCrudUtil.assignClusterRole(userAdminClient, mdsScope, str3, "SecurityAdmin");
        RoleCrudUtil.assignResourceRole(userAdminClient, mdsScope, str3, "ResourceOwner", RoleCrudUtil.newSingletonResource(str, str2, PatternType.LITERAL));
        Response execute = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, str3, str3).getClustersAccessInfoForPrincipal(SecurityUtils.parseKafkaPrincipal(RoleCrudUtil.kafkaPrincipalString(str3)), mdsScope).execute();
        Assert.assertEquals(200L, execute.code());
        ClusterAccessInfo clusterAccessInfo = (ClusterAccessInfo) execute.body();
        Assert.assertEquals(Collections.singletonList("DescribeAccess"), clusterAccessInfo.getClusterAccess());
        for (String str4 : clusterAccessInfo.getResourcesAccess().keySet()) {
            List list = (List) clusterAccessInfo.getResourcesAccess().get(str4);
            if (StringUtils.equals(str4, str)) {
                Assert.assertEquals(Arrays.asList("AlterAccess", "DescribeAccess"), list);
            } else {
                Assert.assertEquals(Collections.singletonList("DescribeAccess"), list);
            }
        }
    }
}
