package functional;

import com.google.common.collect.ImmutableSet;
import integration.rbacapi.api.v2.V2CPLookupTest;
import io.confluent.rbacdb.config.DbAuthStoreConfig;
import io.confluent.rbacdb.kafka.DbAuthCache;
import io.confluent.rbacdb.kafka.DbAuthStoreDummyConfig;
import io.confluent.rbacdb.kafka.DbAuthWriter;
import io.confluent.rbacdb.orm.RbacOrmStubService;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.authorizer.StubDBAuthorizer;
import java.util.Collections;
import java.util.concurrent.TimeUnit;
import org.apache.kafka.common.metrics.Metrics;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.testng.Assert;
import org.testng.annotations.Test;
import utils.V2RolesUtil;

/* loaded from: input_file:functional/RbacOrmStubServiceTest.class */
public class RbacOrmStubServiceTest {
    private final KafkaPrincipal alice = new KafkaPrincipal("User", V2CPLookupTest.ALICE);
    private final KafkaPrincipal bob = new KafkaPrincipal("User", V2CPLookupTest.BOB);
    private final Scope acmeOrg = new Scope.Builder(new String[0]).addPath("organization=acme").build();
    private final Scope acmeDev = new Scope.Builder(new String[0]).addPath("organization=acme").addPath("environment=dev").build();
    private final Scope acmeStg = new Scope.Builder(new String[0]).addPath("organization=acme").addPath("environment=stg").build();
    private final Scope acmeStgLkc1 = new Scope.Builder(new String[0]).addPath("organization=acme").addPath("environment=stg").addPath("cloud-cluster=1").build();
    private final Scope acmeDevLkc2 = new Scope.Builder(new String[0]).addPath("organization=acme").addPath("environment=dev").addPath("cloud-cluster=2").build();
    ResourceType SECURITY_METADATA_TYPE = new ResourceType("SecurityMetadata");
    ResourcePattern SECURITY_METADATA = new ResourcePattern(this.SECURITY_METADATA_TYPE, "security-metadata", PatternType.LITERAL);
    Operation ALTER = new Operation("Alter");
    Action doRoleBindingOrg = new Action(this.acmeOrg, this.SECURITY_METADATA, this.ALTER);
    Action doRoleBindingEnvDev = new Action(this.acmeDev, this.SECURITY_METADATA, this.ALTER);
    Action doRoleBindingEnvDevLkc2 = new Action(this.acmeDevLkc2, this.SECURITY_METADATA, this.ALTER);
    Action doRoleBindingEnvStg = new Action(this.acmeStg, this.SECURITY_METADATA, this.ALTER);
    Action doRoleBindingEnvStgLkc1 = new Action(this.acmeStgLkc1, this.SECURITY_METADATA, this.ALTER);

    @Test
    public void testAddRemoveFlow() throws Exception {
        RbacOrmStubService rbacOrmStubService = new RbacOrmStubService();
        Metrics metrics = new Metrics();
        DbAuthStoreConfig dbAuthStoreConfig = new DbAuthStoreConfig(DbAuthStoreDummyConfig.getConfig());
        DbAuthCache dbAuthCache = new DbAuthCache(Scope.ROOT_SCOPE, dbAuthStoreConfig, rbacOrmStubService, metrics);
        DbAuthWriter dbAuthWriter = new DbAuthWriter(Scope.ROOT_SCOPE, dbAuthStoreConfig, rbacOrmStubService, metrics);
        StubDBAuthorizer stubDBAuthorizer = new StubDBAuthorizer(rbacOrmStubService);
        Assert.assertTrue(dbAuthCache.rbacRoleBindings(this.alice).isEmpty());
        Assert.assertTrue(dbAuthCache.rbacRoleBindings(this.bob).isEmpty());
        Assert.assertEquals(stubDBAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.DENIED);
        dbAuthWriter.addClusterRoleBinding(this.bob, V2RolesUtil.ROLE_ENV_ADMIN, this.acmeStg).toCompletableFuture().get(1L, TimeUnit.SECONDS);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob).size(), 1);
        Assert.assertTrue(dbAuthCache.rbacRoleBindings(this.alice).isEmpty(), "alice still no role");
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeStg)).size(), 1);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeDev)).size(), 0);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeOrg)).size(), 0);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob, ImmutableSet.of(this.acmeStg, this.acmeOrg)).size(), 1);
        Assert.assertEquals(stubDBAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.ALLOWED);
        Assert.assertEquals(stubDBAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingOrg)).get(0), AuthorizeResult.DENIED);
        Assert.assertEquals(stubDBAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvDev)).get(0), AuthorizeResult.DENIED);
        Assert.assertEquals(stubDBAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStgLkc1)).get(0), AuthorizeResult.ALLOWED);
        Assert.assertEquals(stubDBAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvDevLkc2)).get(0), AuthorizeResult.DENIED);
        dbAuthWriter.addClusterRoleBinding(this.bob, V2RolesUtil.ROLE_ENV_ADMIN, this.acmeDev).toCompletableFuture().get(1L, TimeUnit.SECONDS);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob).size(), 2);
        Assert.assertTrue(dbAuthCache.rbacRoleBindings(this.alice).isEmpty(), "alice still no role");
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeStg)).size(), 1);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeDev)).size(), 1);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeOrg)).size(), 0);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob, ImmutableSet.of(this.acmeStg, this.acmeOrg)).size(), 1);
        dbAuthWriter.addClusterRoleBinding(this.bob, V2RolesUtil.ROLE_ORG_ADMIN, this.acmeOrg).toCompletableFuture().get(1L, TimeUnit.SECONDS);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob).size(), 3);
        Assert.assertTrue(dbAuthCache.rbacRoleBindings(this.alice).isEmpty(), "alice still no role");
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeStg)).size(), 1);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeDev)).size(), 1);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeOrg)).size(), 1);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob, ImmutableSet.of(this.acmeStg, this.acmeOrg)).size(), 2);
        Assert.assertEquals(stubDBAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.ALLOWED);
        Assert.assertEquals(stubDBAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingOrg)).get(0), AuthorizeResult.ALLOWED);
        Assert.assertEquals(stubDBAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvDev)).get(0), AuthorizeResult.ALLOWED);
        dbAuthWriter.addClusterRoleBinding(this.alice, V2RolesUtil.ROLE_ORG_ADMIN, this.acmeOrg).toCompletableFuture().get(1L, TimeUnit.SECONDS);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob).size(), 3);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.alice).size(), 1);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeStg)).size(), 1);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeDev)).size(), 1);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeOrg)).size(), 2);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob, ImmutableSet.of(this.acmeStg, this.acmeOrg)).size(), 2);
        dbAuthWriter.removeRoleBinding(this.bob, V2RolesUtil.ROLE_ORG_ADMIN, this.acmeOrg).toCompletableFuture().get(1L, TimeUnit.SECONDS);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob).size(), 2);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.alice).size(), 1);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeStg)).size(), 1);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeDev)).size(), 1);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(ImmutableSet.of(this.acmeOrg)).size(), 1);
        Assert.assertEquals(dbAuthCache.rbacRoleBindings(this.bob, ImmutableSet.of(this.acmeStg, this.acmeOrg)).size(), 1);
        Assert.assertEquals(stubDBAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvStg)).get(0), AuthorizeResult.ALLOWED);
        Assert.assertEquals(stubDBAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingOrg)).get(0), AuthorizeResult.DENIED);
        Assert.assertEquals(stubDBAuthorizer.authorize(this.bob, "", Collections.singletonList(this.doRoleBindingEnvDev)).get(0), AuthorizeResult.ALLOWED);
    }
}
