package integration.rbacapi.api.v2;

import com.bazaarvoice.jolt.JsonUtils;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.entities.ResourcesRequest;
import io.confluent.rbacapi.retrofit.v2.V2RbacRestApi;
import io.confluent.rbacapi.retrofit.v2.V2RbacRetrofitFactory;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.test.utils.RbacClusters;
import io.confluent.testing.ldap.client.ExampleComLdapCrud;
import io.confluent.testing.ldap.client.LdapCrud;
import io.confluent.testing.ldap.server.LdapServer;
import java.net.ConnectException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.concurrent.TimeUnit;
import org.apache.kafka.common.resource.PatternType;
import org.awaitility.Awaitility;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import retrofit2.Response;
import utils.KafkaConfigTool;
import utils.MdsTestUtil;

@Test(groups = {"classParallelTests"})
/* loaded from: input_file:integration/rbacapi/api/v2/V2CPPrincipalsTest.class */
public class V2CPPrincipalsTest {
    public static final String USER_ADMINISTRATOR = "administrator";
    private static final String USER_NONADMIN = "nonadmin";
    private static final String BROKER_USER = "kafka";
    private static LdapServer ldapServer;
    private static LdapCrud ldapCrud;
    private static RbacClusters rbacClusters;
    private static int actualMdsPort;
    private static MdsScope kafkaClusterScope;
    private static V2RbacRestApi userAdminRbacRestApi;
    private static final String clusterId = "kafkaGUID";

    @BeforeClass
    public static void setupClass() throws Exception {
        ldapServer = LdapServer.defaultServerNoUsers().start();
        int actualPort = ldapServer.actualPort();
        ldapCrud = new ExampleComLdapCrud(actualPort);
        rbacClusters = new RbacClusters(KafkaConfigTool.justLDAPv1v2(actualPort, "kafka"));
        kafkaClusterScope = new MdsScope(Scope.kafkaClusterScope(clusterId));
        actualMdsPort = MdsTestUtil.lookupActualMdsPort(rbacClusters);
        userAdminRbacRestApi = setupUser(rbacClusters);
        Awaitility.given().ignoreException(ConnectException.class).await().atMost(30L, TimeUnit.SECONDS).until(() -> {
            return Boolean.valueOf(userAdminRbacRestApi.getRoleNames().execute().isSuccessful());
        });
    }

    @AfterClass
    public static void teardownClass() {
        ldapServer.stop();
        rbacClusters.shutdown();
        MdsTestUtil.releasePort(actualMdsPort);
    }

    public static V2RbacRestApi setupUser(RbacClusters rbacClusters2) throws Exception {
        ldapCrud.createUsers(Arrays.asList("administrator", USER_NONADMIN));
        rbacClusters2.assignRole("User", "administrator", "UserAdmin", kafkaClusterScope.scope(), Collections.emptySet());
        return V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "administrator", "administrator");
    }

    @Test
    public void test_bindUserPrincipal() throws Exception {
        Assert.assertEquals((Collection) userAdminRbacRestApi.getRoleNamesForPrincipal("User:alice", kafkaClusterScope).execute().body(), Collections.emptyList());
        Assert.assertEquals(userAdminRbacRestApi.addClusterRoleForPrincipal("User:alice", "ClusterAdmin", kafkaClusterScope).execute().code(), 204);
        Assert.assertEquals((Collection) userAdminRbacRestApi.getRoleNamesForPrincipal("User:alice", kafkaClusterScope).execute().body(), Collections.singletonList("ClusterAdmin"));
    }

    @Test
    public void test_bindGroupPrincipal() throws Exception {
        Assert.assertEquals((Collection) userAdminRbacRestApi.getRoleNamesForPrincipal("Group:admins", kafkaClusterScope).execute().body(), Collections.emptyList());
        Assert.assertEquals(userAdminRbacRestApi.addClusterRoleForPrincipal("Group:admins", "ClusterAdmin", kafkaClusterScope).execute().code(), 204);
        Assert.assertEquals((Collection) userAdminRbacRestApi.getRoleNamesForPrincipal("Group:admins", kafkaClusterScope).execute().body(), Collections.singletonList("ClusterAdmin"));
    }

    @Test
    public void test_bindEmptyUserPrincipalName() throws Exception {
        Response execute = userAdminRbacRestApi.addClusterRoleForPrincipal("User:", "ClusterAdmin", kafkaClusterScope).execute();
        Assert.assertEquals(execute.code(), 400);
        Assert.assertNotNull(execute.errorBody());
        Assert.assertEquals(JsonUtils.jsonToMap(execute.errorBody().string()).get("message"), "Invalid principal : User:");
    }

    @Test
    public void test_bindEmptyGroupPrincipalName() throws Exception {
        Response execute = userAdminRbacRestApi.addClusterRoleForPrincipal("Group:", "ClusterAdmin", kafkaClusterScope).execute();
        Assert.assertEquals(execute.code(), 400);
        Assert.assertNotNull(execute.errorBody());
        Assert.assertEquals(JsonUtils.jsonToMap(execute.errorBody().string()).get("message"), "Invalid principal : Group:");
    }

    @Test
    public void test_bindBogusPrincipalType() throws Exception {
        Response execute = userAdminRbacRestApi.addClusterRoleForPrincipal("Grape:admins", "ClusterAdmin", kafkaClusterScope).execute();
        Assert.assertEquals(execute.code(), 400);
        Assert.assertNotNull(execute.errorBody());
        Assert.assertEquals(JsonUtils.jsonToMap(execute.errorBody().string()).get("message"), "Invalid principal : Grape:admins");
    }

    @Test
    public void test_deleteAllBindings() throws Exception {
        Assert.assertEquals((Collection) userAdminRbacRestApi.getRoleNamesForPrincipal("User:eftychia", kafkaClusterScope).execute().body(), Collections.emptyList());
        Assert.assertEquals(userAdminRbacRestApi.addClusterRoleForPrincipal("User:eftychia", "ClusterAdmin", kafkaClusterScope).execute().code(), 204);
        Assert.assertEquals(userAdminRbacRestApi.addRoleResourcesForPrincipal("User:eftychia", "DeveloperRead", new ResourcesRequest(kafkaClusterScope, Arrays.asList(new ResourcePattern("Topic", "billing", PatternType.PREFIXED), new ResourcePattern("Topic", "*", PatternType.LITERAL)))).execute().code(), 204);
        Assert.assertEquals((Collection) userAdminRbacRestApi.getRoleNamesForPrincipal("User:eftychia", kafkaClusterScope).execute().body(), Arrays.asList("ClusterAdmin", "DeveloperRead"));
        Assert.assertEquals(userAdminRbacRestApi.removeAllRolesForPrincipal("User:eftychia", kafkaClusterScope).execute().code(), 204);
        Assert.assertEquals((Collection) userAdminRbacRestApi.getRoleNamesForPrincipal("User:eftychia", kafkaClusterScope).execute().body(), Collections.emptyList());
    }

    @Test
    public void test_deleteAllBindingsNonadmin() throws Exception {
        Assert.assertEquals((Collection) userAdminRbacRestApi.getRoleNamesForPrincipal("User:sam", kafkaClusterScope).execute().body(), Collections.emptyList());
        Assert.assertEquals(userAdminRbacRestApi.addClusterRoleForPrincipal("User:sam", "ClusterAdmin", kafkaClusterScope).execute().code(), 204);
        Assert.assertEquals(userAdminRbacRestApi.addRoleResourcesForPrincipal("User:sam", "DeveloperRead", new ResourcesRequest(kafkaClusterScope, Arrays.asList(new ResourcePattern("Topic", "billing", PatternType.PREFIXED), new ResourcePattern("Topic", "*", PatternType.LITERAL)))).execute().code(), 204);
        Assert.assertEquals((Collection) userAdminRbacRestApi.getRoleNamesForPrincipal("User:sam", kafkaClusterScope).execute().body(), Arrays.asList("ClusterAdmin", "DeveloperRead"));
        Assert.assertEquals(V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, USER_NONADMIN, USER_NONADMIN).removeAllRolesForPrincipal("User:sam", kafkaClusterScope).execute().code(), 403);
        Assert.assertEquals((Collection) userAdminRbacRestApi.getRoleNamesForPrincipal("User:sam", kafkaClusterScope).execute().body(), Arrays.asList("ClusterAdmin", "DeveloperRead"));
    }
}
