package parity.coop;

import io.confluent.rbacapi.entities.AuthorizeRequest;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.entities.ResourcesRequest;
import io.confluent.rbacapi.retrofit.v2.V2RbacRestApi;
import io.confluent.rbacapi.retrofit.v2.V2RbacRetrofitFactory;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import io.confluent.testing.TestIndependenceUtil;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.kafka.common.resource.PatternType;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import retrofit2.Response;
import utils.MdsTestUtil;

@Test(groups = {"classParallelTests"})
/* loaded from: input_file:parity/coop/V2CloudViewStreamLineageTest.class */
public class V2CloudViewStreamLineageTest extends ParityTestBase {
    private final Map<String, V2RbacRestApi> retrofitClients = new HashMap();
    private static final String ORG_ADMIN = TestIndependenceUtil.uniquify("org_admin");
    private static final String ENV_ADMIN = TestIndependenceUtil.uniquify("env_admin");
    private static final String CLOUD_CLUSTER_ADMIN = TestIndependenceUtil.uniquify("cloud_cluster_admin");
    private static final String METRICS_VIEWER = TestIndependenceUtil.uniquify("metrics_viewer_org");
    private static final String OPERATOR_ORG = TestIndependenceUtil.uniquify("operator_org");
    private static final String OPERATOR_ENV = TestIndependenceUtil.uniquify("operator_env");
    private static final String OPERATOR_LKC = TestIndependenceUtil.uniquify("operator_lkc");
    private static final ResourceType STREAM_LINEAGE_RT = new ResourceType("StreamLineage");
    private static final ResourceType TOPIC_RT = new ResourceType("Topic");
    private static final Operation VIEW_OP = new Operation("View");
    public static final String ORG_ID = TestIndependenceUtil.uniquify("orgA");
    private static final MdsScope CLOUD_ORG_1_CLUSTER_1_SCOPE = new MdsScope(new Scope.Builder(new String[0]).addPath("organization=" + ORG_ID).addPath("environment=env-A").addPath("cloud-cluster=lkc-1111").build());

    @BeforeClass
    public void setUp() throws Exception {
        List asList = Arrays.asList(ORG_ADMIN, ENV_ADMIN, CLOUD_CLUSTER_ADMIN, METRICS_VIEWER, OPERATOR_ORG, OPERATOR_ENV, OPERATOR_LKC);
        this.ldapCrud.createUsers(asList);
        asList.forEach(str -> {
            this.retrofitClients.put(str, V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, str));
        });
        Assert.assertTrue(this.suClient.addClusterRoleForPrincipal("User:" + ORG_ADMIN, "OrganizationAdmin", new MdsScope(CLOUD_ORG_1_CLUSTER_1_SCOPE.scope().ancestorWithBindingScope("organization"))).execute().isSuccessful());
        grantClusterRole(OPERATOR_ORG, "Operator", new MdsScope(CLOUD_ORG_1_CLUSTER_1_SCOPE.scope().ancestorWithBindingScope("organization")));
        grantClusterRole(METRICS_VIEWER, "MetricsViewer", new MdsScope(CLOUD_ORG_1_CLUSTER_1_SCOPE.scope().ancestorWithBindingScope("organization")));
        grantClusterRole(ENV_ADMIN, "EnvironmentAdmin", new MdsScope(CLOUD_ORG_1_CLUSTER_1_SCOPE.scope().ancestorWithBindingScope("environment")));
        grantClusterRole(OPERATOR_ENV, "Operator", new MdsScope(CLOUD_ORG_1_CLUSTER_1_SCOPE.scope().ancestorWithBindingScope("environment")));
        grantClusterRole(CLOUD_CLUSTER_ADMIN, "CloudClusterAdmin", CLOUD_ORG_1_CLUSTER_1_SCOPE);
        grantClusterRole(OPERATOR_LKC, "Operator", CLOUD_ORG_1_CLUSTER_1_SCOPE);
    }

    private void grantClusterRole(String str, String str2, MdsScope mdsScope) throws Exception {
        Assert.assertEquals(this.retrofitClients.get(ORG_ADMIN).addClusterRoleForPrincipal("User:" + str, str2, mdsScope).execute().code(), 204, "Should have setup the " + str2);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public Object[][] clusterLevelTests() {
        return new Object[]{new Object[]{ORG_ADMIN, "env-A", "lkc-1111", AuthorizeResult.ALLOWED}, new Object[]{ORG_ADMIN, "env-B", "lkc-3333", AuthorizeResult.ALLOWED}, new Object[]{OPERATOR_ORG, "env-A", "lkc-1111", AuthorizeResult.ALLOWED}, new Object[]{OPERATOR_ORG, "env-B", "lkc-3333", AuthorizeResult.ALLOWED}, new Object[]{METRICS_VIEWER, "env-A", "lkc-1111", AuthorizeResult.ALLOWED}, new Object[]{METRICS_VIEWER, "env-B", "lkc-3333", AuthorizeResult.ALLOWED}, new Object[]{ENV_ADMIN, "env-A", "lkc-1111", AuthorizeResult.ALLOWED}, new Object[]{ENV_ADMIN, "env-A", "lkc-2222", AuthorizeResult.ALLOWED}, new Object[]{OPERATOR_ENV, "env-A", "lkc-1111", AuthorizeResult.ALLOWED}, new Object[]{OPERATOR_ENV, "env-A", "lkc-2222", AuthorizeResult.ALLOWED}, new Object[]{ENV_ADMIN, "env-B", "lkc-3333", AuthorizeResult.DENIED}, new Object[]{OPERATOR_ENV, "env-B", "lkc-3333", AuthorizeResult.DENIED}, new Object[]{CLOUD_CLUSTER_ADMIN, "env-A", "lkc-1111", AuthorizeResult.ALLOWED}, new Object[]{CLOUD_CLUSTER_ADMIN, "env-A", "lkc-2222", AuthorizeResult.DENIED}, new Object[]{OPERATOR_LKC, "env-A", "lkc-1111", AuthorizeResult.ALLOWED}, new Object[]{OPERATOR_LKC, "env-A", "lkc-2222", AuthorizeResult.DENIED}};
    }

    @Test(dataProvider = "clusterLevelTests")
    public void authorizeClusterLevelRoles(String str, String str2, String str3, AuthorizeResult authorizeResult) throws Throwable {
        Response execute = this.retrofitClients.get(str).authorize(new AuthorizeRequest("User:" + str, Collections.singletonList(new Action(new MdsScope(new Scope.Builder(new String[0]).addPath("organization=" + ORG_ID).addPath("environment=" + str2).addPath("cloud-cluster=" + str3).build()).scope(), new ResourcePattern(STREAM_LINEAGE_RT, "stream-lineage", PatternType.LITERAL), VIEW_OP)))).execute();
        Assert.assertEquals(execute.code(), 200);
        Assert.assertEquals(((List) execute.body()).get(0), authorizeResult);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public Object[][] dataplaneLevelTests() {
        return new Object[]{new Object[]{"DeveloperRead", "env-A", "lkc-1111", AuthorizeResult.DENIED}, new Object[]{"DeveloperWrite", "env-A", "lkc-1111", AuthorizeResult.DENIED}, new Object[]{"DeveloperManage", "env-A", "lkc-1111", AuthorizeResult.DENIED}, new Object[]{"ResourceOwner", "env-A", "lkc-1111", AuthorizeResult.DENIED}};
    }

    @Test(dataProvider = "dataplaneLevelTests")
    public void authorizeResourceLevelRoles(String str, String str2, String str3, AuthorizeResult authorizeResult) throws Throwable {
        MdsScope mdsScope = new MdsScope(new Scope.Builder(new String[0]).addPath("organization=" + ORG_ID).addPath("environment=" + str2).addPath("cloud-cluster=" + str3).withKafkaCluster(str3).build());
        MdsScope mdsScope2 = new MdsScope(new Scope.Builder(new String[0]).addPath("organization=" + ORG_ID).addPath("environment=" + str2).addPath("cloud-cluster=" + str3).build());
        String uniquify = TestIndependenceUtil.uniquify(str);
        this.ldapCrud.createUser(uniquify);
        V2RbacRestApi build = V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, uniquify);
        Assert.assertEquals(this.retrofitClients.get(ORG_ADMIN).addRoleResourcesForPrincipal("User:" + uniquify, str, new ResourcesRequest(mdsScope, Collections.singletonList(new ResourcePattern(TOPIC_RT, "test-topic", PatternType.LITERAL)))).execute().code(), 204, "Should have setup the " + uniquify);
        Response execute = build.authorize(new AuthorizeRequest("User:" + uniquify, Arrays.asList(new Action(mdsScope.scope(), new ResourcePattern("Topic", "test-topic", PatternType.LITERAL), new Operation("Describe")), new Action(mdsScope2.scope(), new ResourcePattern(STREAM_LINEAGE_RT, "stream-lineage", PatternType.LITERAL), VIEW_OP)))).execute();
        Assert.assertEquals(execute.code(), 200);
        List list = (List) execute.body();
        Assert.assertEquals(list.get(0), AuthorizeResult.ALLOWED, "Resource role user can Describe their Topic");
        Assert.assertEquals(list.get(1), authorizeResult);
    }
}
