package integration.rbacapi.api.v1;

import com.bazaarvoice.jolt.ArrayOrderObliviousDiffy;
import com.bazaarvoice.jolt.Diffy;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.jackson.V1Role;
import io.confluent.rbacapi.retrofit.v1.V1RbacRestApi;
import io.confluent.rbacapi.retrofit.v1.V1RbacRetrofitFactory;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.test.utils.RbacClusters;
import io.confluent.testing.ldap.client.ExampleComLdapCrud;
import io.confluent.testing.ldap.server.LdapServer;
import java.io.IOException;
import java.net.ConnectException;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.apache.kafka.common.utils.Utils;
import org.awaitility.Awaitility;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import utils.KafkaConfigTool;
import utils.MdsTestUtil;
import utils.RolesTestUtils;

@Test(groups = {"classParallelTests"})
/* loaded from: input_file:integration/rbacapi/api/v1/V1RolesTest.class */
public class V1RolesTest {
    public static final String USER_ADMINISTRATOR = "administrator";
    private static final String BROKER_USER = "kafka";
    private static LdapServer ldapServer;
    private static RbacClusters rbacClusters;
    private static int actualMdsPort;
    private static V1RbacRestApi rbacRestApi;
    private static String authHeaderValue;
    private static final Diffy diffy = new ArrayOrderObliviousDiffy();

    @BeforeClass
    public static void setupClass() throws Exception {
        ldapServer = LdapServer.defaultServerNoUsers().start();
        int actualPort = ldapServer.actualPort();
        ExampleComLdapCrud exampleComLdapCrud = new ExampleComLdapCrud(actualPort);
        rbacClusters = new RbacClusters(KafkaConfigTool.justLDAPv1(actualPort, "kafka"));
        actualMdsPort = MdsTestUtil.lookupActualMdsPort(rbacClusters);
        exampleComLdapCrud.createUser("administrator");
        rbacClusters.assignRole("User", "administrator", "UserAdmin", new MdsScope(Scope.kafkaClusterScope(rbacClusters.metadataClusterId())).scope(), Collections.emptySet());
        rbacRestApi = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "administrator");
        authHeaderValue = MdsTestUtil.basicAuthHeader("administrator");
        Awaitility.given().ignoreException(ConnectException.class).await().atMost(30L, TimeUnit.SECONDS).until(() -> {
            return Boolean.valueOf(rbacRestApi.getRoleNames().execute().isSuccessful());
        });
    }

    @AfterClass
    public static void teardownClass() {
        ldapServer.stop();
        rbacClusters.shutdown();
        MdsTestUtil.releasePort(actualMdsPort);
    }

    @Test
    public void testRole() throws Exception {
        V1Role v1Role = (V1Role) rbacRestApi.getRole("Operator").execute().body();
        Assert.assertNotNull(v1Role.accessPolicy());
        Assert.assertEquals("Cluster", v1Role.accessPolicy().scopeType());
    }

    private Map<String, Object> roleJsonFromRolesEndpoint(String str, int i) {
        return RolesTestUtils.roleJsonFromRolesEndpoint(str, "1.0", actualMdsPort, authHeaderValue, i);
    }

    @Test
    public void testUnknownRole() throws Exception {
        Assert.assertNull(roleJsonFromRolesEndpoint("NoSuchRole", 204));
    }

    private ObjectNode v1RoleJson(String str) throws IOException {
        ObjectNode roleJsonNode = RolesTestUtils.roleJsonNode("default_rbac_roles.json", str);
        Assert.assertNotNull(roleJsonNode);
        roleJsonNode.remove("namespace");
        ArrayNode arrayNode = roleJsonNode.get("policies");
        Assert.assertEquals(1, arrayNode.size());
        ObjectNode objectNode = arrayNode.get(0);
        Assert.assertNotNull(objectNode);
        if (objectNode.get("bindWithResource").asBoolean()) {
            objectNode.put("scopeType", "Resource");
        } else {
            objectNode.put("scopeType", "Cluster");
        }
        objectNode.remove("bindWithResource");
        objectNode.remove("bindingScope");
        roleJsonNode.set("accessPolicy", objectNode);
        roleJsonNode.remove("policies");
        return roleJsonNode;
    }

    @Test
    public void testClusterRoleJson() throws Exception {
        Diffy.Result diff = diffy.diff(v1RoleJson("Operator"), roleJsonFromRolesEndpoint("Operator", 200));
        Assert.assertTrue(diff.isEmpty(), diff.toString());
    }

    @Test
    public void testResourceRoleJson() throws Exception {
        Diffy.Result diff = diffy.diff(v1RoleJson("DeveloperRead"), roleJsonFromRolesEndpoint("DeveloperRead", 200));
        Assert.assertTrue(diff.isEmpty(), diff.toString());
    }

    @Test
    public void testRoles() throws Exception {
        List<V1Role> list = (List) rbacRestApi.getRoles().execute().body();
        Assert.assertEquals(10, list.size());
        Set mkSet = Utils.mkSet(new String[]{"Cluster", "Resource"});
        for (V1Role v1Role : list) {
            Assert.assertNotNull(v1Role.accessPolicy());
            Assert.assertTrue(mkSet.contains(v1Role.accessPolicy().scopeType()));
        }
    }
}
