package parity.coop;

import io.confluent.rbacapi.entities.AuthorizeRequest;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.entities.ResourcesRequest;
import io.confluent.rbacapi.retrofit.v2.V2RbacRestApi;
import io.confluent.rbacapi.retrofit.v2.V2RbacRetrofitFactory;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import io.confluent.testing.TestIndependenceUtil;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import retrofit2.Response;
import utils.MdsTestUtil;
import utils.RoleCrudUtil;

@Test
/* loaded from: input_file:parity/coop/V2CloudPrincipalsTest.class */
public class V2CloudPrincipalsTest extends ParityTestBase {
    private final String U_ORG_ADMIN = TestIndependenceUtil.uniquify("u-orgadm");
    private final String U_ORG_2_ADMIN = TestIndependenceUtil.uniquify("u-org-2-adm");
    private final String U_ENV_ADMIN = TestIndependenceUtil.uniquify("EnvAdminUser");
    private final String U_DEVELOPER_PREFIX = "Developer";
    private final String ORG_ID = TestIndependenceUtil.uniquify("ddf5d3f5-89f2-4c6c-8d53-f881794d532f");
    private final String ORG_2_ID = TestIndependenceUtil.uniquify("ddf5d3f5-89f2-4c6c-8d53-f88179422222");
    private final Scope ORG_SCOPE = new Scope.Builder(new String[]{"organization=" + this.ORG_ID}).build();
    private final Scope ORG_2_SCOPE = new Scope.Builder(new String[]{"organization=" + this.ORG_2_ID}).build();
    private final String ENV_ID_A = "env-aaaaa";
    private final String ENV_ID_B = "env-bbbbb";
    private final Scope ENV_SCOPE_A = childScope(this.ORG_SCOPE, "environment=env-aaaaa");
    private final Scope ENV_SCOPE_B = childScope(this.ORG_SCOPE, "environment=env-bbbbb");
    private final Scope CLOUD_CLUSTER_SCOPE_A1 = childScope(this.ENV_SCOPE_A, "cloud-cluster=lkc-aaaaa11111");
    private final Scope CLOUD_CLUSTER_SCOPE_B2 = childScope(this.ENV_SCOPE_B, "cloud-cluster=lkc-bbbbb22222");
    private final Scope KAFKA_CLUSTER_SCOPE_A1 = childKafkaScope(this.CLOUD_CLUSTER_SCOPE_A1, "lkc-aaaaa11111");
    private final Scope KAFKA_CLUSTER_SCOPE_B2 = childKafkaScope(this.CLOUD_CLUSTER_SCOPE_B2, "lkc-bbbbbb22222");
    private static final Set<String> NO_ROLES = Collections.emptySet();
    private static final ResourceType TOPIC_RESOURCE_TYPE = new ResourceType("Topic");
    private static final Operation READ_OPERATION = new Operation("Read");
    private V2RbacRestApi orgAdminClient;
    private V2RbacRestApi org2AdminClient;
    private V2RbacRestApi envAdminClient;

    @BeforeClass
    public void setup() throws IOException {
        this.ldapCrud.createUsers(new String[]{this.U_ORG_ADMIN, this.U_ORG_2_ADMIN, this.U_ENV_ADMIN});
        this.orgAdminClient = V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, this.U_ORG_ADMIN);
        this.org2AdminClient = V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, this.U_ORG_2_ADMIN);
        this.envAdminClient = V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, this.U_ENV_ADMIN);
        Assert.assertTrue(this.suClient.addClusterRoleForPrincipal(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_ADMIN), "OrganizationAdmin", new MdsScope(this.ORG_SCOPE)).execute().isSuccessful());
        Assert.assertTrue(this.suClient.addClusterRoleForPrincipal(RoleCrudUtil.kafkaPrincipalString(this.U_ENV_ADMIN), "EnvironmentAdmin", new MdsScope(this.ENV_SCOPE_A)).execute().isSuccessful());
        Assert.assertTrue(this.suClient.addClusterRoleForPrincipal(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_2_ADMIN), "OrganizationAdmin", new MdsScope(this.ORG_2_SCOPE)).execute().isSuccessful());
    }

    private Set<String> roleNamesForUser(String str, Scope scope) throws Exception {
        Response execute = this.orgAdminClient.getRoleNamesForPrincipal(str, new MdsScope(scope)).execute();
        Assert.assertTrue(execute.isSuccessful());
        return new HashSet((Collection) execute.body());
    }

    private void checkEnvARoles(String str, Set<String> set, Set<String> set2, Set<String> set3) throws Exception {
        Assert.assertEquals(roleNamesForUser(str, this.ORG_SCOPE), set);
        Assert.assertEquals(roleNamesForUser(str, this.ENV_SCOPE_A), set2);
        Assert.assertEquals(roleNamesForUser(str, this.CLOUD_CLUSTER_SCOPE_A1), set3);
    }

    private void checkRoles(String str, Set<String> set, Set<String> set2, Set<String> set3, Set<String> set4, Set<String> set5) throws Exception {
        Assert.assertEquals(roleNamesForUser(str, this.ORG_SCOPE), set);
        Assert.assertEquals(roleNamesForUser(str, this.ENV_SCOPE_A), set2);
        Assert.assertEquals(roleNamesForUser(str, this.CLOUD_CLUSTER_SCOPE_A1), set3);
        Assert.assertEquals(roleNamesForUser(str, this.ENV_SCOPE_B), set4);
        Assert.assertEquals(roleNamesForUser(str, this.CLOUD_CLUSTER_SCOPE_B2), set5);
    }

    private void setupTwoRoleUser(String str) throws Exception {
        setupTwoRoleUser(str, this.ENV_SCOPE_A, this.CLOUD_CLUSTER_SCOPE_A1);
    }

    private void setupTwoRoleUser(String str, Scope scope, Scope scope2) throws Exception {
        Assert.assertTrue(this.orgAdminClient.addClusterRoleForPrincipal(str, "CloudClusterAdmin", new MdsScope(scope2)).execute().isSuccessful());
        Assert.assertTrue(this.orgAdminClient.addClusterRoleForPrincipal(str, "EnvironmentAdmin", new MdsScope(scope)).execute().isSuccessful());
        checkRoles(str, NO_ROLES, scope.equals(this.ENV_SCOPE_A) ? Collections.singleton("EnvironmentAdmin") : NO_ROLES, scope2.equals(this.CLOUD_CLUSTER_SCOPE_A1) ? Collections.singleton("CloudClusterAdmin") : NO_ROLES, scope.equals(this.ENV_SCOPE_B) ? Collections.singleton("EnvironmentAdmin") : NO_ROLES, scope2.equals(this.CLOUD_CLUSTER_SCOPE_B2) ? Collections.singleton("CloudClusterAdmin") : NO_ROLES);
    }

    private void checkForTwoExpectedRoles(String str) throws Exception {
        checkEnvARoles(str, NO_ROLES, Collections.singleton("EnvironmentAdmin"), Collections.singleton("CloudClusterAdmin"));
    }

    @Test
    public void testNoRoles() throws Exception {
        checkEnvARoles(RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify("u-testNoRoles")), NO_ROLES, NO_ROLES, NO_ROLES);
    }

    @Test
    public void testAddFirstRole() throws Exception {
        String kafkaPrincipalString = RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify("u-testAddFirstRole"));
        checkEnvARoles(kafkaPrincipalString, NO_ROLES, NO_ROLES, NO_ROLES);
        Assert.assertTrue(this.orgAdminClient.addClusterRoleForPrincipal(kafkaPrincipalString, "EnvironmentAdmin", new MdsScope(this.ENV_SCOPE_A)).execute().isSuccessful());
        checkEnvARoles(kafkaPrincipalString, NO_ROLES, Collections.singleton("EnvironmentAdmin"), NO_ROLES);
    }

    @Test
    public void testAddSecondRole() throws Exception {
        String kafkaPrincipalString = RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify("u-testAddSecondRole"));
        checkEnvARoles(kafkaPrincipalString, NO_ROLES, NO_ROLES, NO_ROLES);
        Assert.assertTrue(this.orgAdminClient.addClusterRoleForPrincipal(kafkaPrincipalString, "EnvironmentAdmin", new MdsScope(this.ENV_SCOPE_A)).execute().isSuccessful());
        checkEnvARoles(kafkaPrincipalString, NO_ROLES, Collections.singleton("EnvironmentAdmin"), NO_ROLES);
        Assert.assertTrue(this.orgAdminClient.addClusterRoleForPrincipal(kafkaPrincipalString, "CloudClusterAdmin", new MdsScope(this.CLOUD_CLUSTER_SCOPE_A1)).execute().isSuccessful());
        checkForTwoExpectedRoles(kafkaPrincipalString);
    }

    @Test
    public void testAddDuplicateRole() throws Exception {
        String kafkaPrincipalString = RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify("u-testAddDuplicateRole"));
        setupTwoRoleUser(kafkaPrincipalString);
        Assert.assertTrue(this.orgAdminClient.addClusterRoleForPrincipal(kafkaPrincipalString, "CloudClusterAdmin", new MdsScope(this.CLOUD_CLUSTER_SCOPE_A1)).execute().isSuccessful());
        checkForTwoExpectedRoles(kafkaPrincipalString);
    }

    @Test
    public void testAddRoleAtTooHighScope() throws Exception {
        String kafkaPrincipalString = RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify("u-testAddRoleAtTooHighScope"));
        setupTwoRoleUser(kafkaPrincipalString);
        Assert.assertFalse(this.orgAdminClient.addClusterRoleForPrincipal(kafkaPrincipalString, "CloudClusterAdmin", new MdsScope(this.ENV_SCOPE_A)).execute().isSuccessful());
        checkForTwoExpectedRoles(kafkaPrincipalString);
    }

    @Test
    public void testAddRoleAtTooLowScope() throws Exception {
        String kafkaPrincipalString = RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify("u-testAddRoleAtTooLowScope"));
        setupTwoRoleUser(kafkaPrincipalString);
        Assert.assertFalse(this.orgAdminClient.addClusterRoleForPrincipal(kafkaPrincipalString, this.U_ORG_ADMIN, new MdsScope(this.ENV_SCOPE_A)).execute().isSuccessful());
        checkForTwoExpectedRoles(kafkaPrincipalString);
    }

    @Test
    public void testAddNonexistentRole() throws Exception {
        String kafkaPrincipalString = RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify("u-testAddNonexistentRole"));
        setupTwoRoleUser(kafkaPrincipalString);
        Assert.assertFalse(this.orgAdminClient.addClusterRoleForPrincipal(kafkaPrincipalString, "NoSuchRole", new MdsScope(this.CLOUD_CLUSTER_SCOPE_A1)).execute().isSuccessful());
        checkForTwoExpectedRoles(kafkaPrincipalString);
    }

    @Test
    public void testRemoveUnboundRole() throws Exception {
        String kafkaPrincipalString = RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify("u-testRemoveUnboundRole"));
        setupTwoRoleUser(kafkaPrincipalString);
        Assert.assertTrue(this.orgAdminClient.removeRoleForPrincipal(kafkaPrincipalString, "OrganizationAdmin", new MdsScope(this.ORG_SCOPE)).execute().isSuccessful());
        checkForTwoExpectedRoles(kafkaPrincipalString);
    }

    @Test
    public void testRemoveNonexistentRole() throws Exception {
        String kafkaPrincipalString = RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify("u-testRemoveNonexistentRole"));
        setupTwoRoleUser(kafkaPrincipalString);
        Assert.assertFalse(this.orgAdminClient.removeRoleForPrincipal(kafkaPrincipalString, "NoSuchRole", new MdsScope(this.CLOUD_CLUSTER_SCOPE_A1)).execute().isSuccessful());
        checkForTwoExpectedRoles(kafkaPrincipalString);
    }

    @Test
    public void testRemoveForbiddenRole() throws Exception {
        Assert.assertEquals(this.envAdminClient.removeRoleForPrincipal(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_ADMIN), "OrganizationAdmin", new MdsScope(this.ORG_SCOPE)).execute().code(), 403);
        Response execute = this.envAdminClient.removeRoleForPrincipal(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_ADMIN), "OrganizationAdmin", new MdsScope(this.ENV_SCOPE_A)).execute();
        Assert.assertEquals(execute.code(), 400, "" + execute.errorBody());
        checkEnvARoles(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_ADMIN), Collections.singleton("OrganizationAdmin"), NO_ROLES, NO_ROLES);
        for (V2RbacRestApi v2RbacRestApi : new V2RbacRestApi[]{this.orgAdminClient, this.envAdminClient}) {
            Assert.assertEquals(v2RbacRestApi.removeRoleForPrincipal(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_2_ADMIN), "OrganizationAdmin", new MdsScope(this.ORG_2_SCOPE)).execute().code(), 403);
            checkEnvARoles(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_ADMIN), Collections.singleton("OrganizationAdmin"), NO_ROLES, NO_ROLES);
            Response execute2 = this.org2AdminClient.getRoleNamesForPrincipal(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_2_ADMIN), new MdsScope(this.ORG_2_SCOPE)).execute();
            Assert.assertTrue(execute2.isSuccessful());
            Assert.assertEquals((Collection) execute2.body(), Collections.singleton("OrganizationAdmin"));
        }
    }

    @Test
    public void testRemoveSelfRoles() throws Exception {
        Assert.assertTrue(this.orgAdminClient.addClusterRoleForPrincipal(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_ADMIN), "EnvironmentAdmin", new MdsScope(this.ENV_SCOPE_A)).execute().isSuccessful());
        checkEnvARoles(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_ADMIN), Collections.singleton("OrganizationAdmin"), Collections.singleton("EnvironmentAdmin"), NO_ROLES);
        Assert.assertTrue(this.orgAdminClient.addClusterRoleForPrincipal(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_ADMIN), "CloudClusterAdmin", new MdsScope(this.CLOUD_CLUSTER_SCOPE_A1)).execute().isSuccessful());
        checkRoles(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_ADMIN), Collections.singleton("OrganizationAdmin"), Collections.singleton("EnvironmentAdmin"), Collections.singleton("CloudClusterAdmin"), NO_ROLES, NO_ROLES);
        Response execute = this.orgAdminClient.removeRoleForPrincipal(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_ADMIN), "OrganizationAdmin", new MdsScope(this.ORG_SCOPE)).execute();
        Assert.assertEquals(execute.code(), 400, "" + execute.errorBody());
        checkEnvARoles(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_ADMIN), Collections.singleton("OrganizationAdmin"), Collections.singleton("EnvironmentAdmin"), Collections.singleton("CloudClusterAdmin"));
        Assert.assertTrue(this.orgAdminClient.removeRoleForPrincipal(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_ADMIN), "EnvironmentAdmin", new MdsScope(this.ENV_SCOPE_A)).execute().isSuccessful());
        checkEnvARoles(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_ADMIN), Collections.singleton("OrganizationAdmin"), NO_ROLES, Collections.singleton("CloudClusterAdmin"));
        Assert.assertTrue(this.orgAdminClient.removeRoleForPrincipal(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_ADMIN), "CloudClusterAdmin", new MdsScope(this.CLOUD_CLUSTER_SCOPE_A1)).execute().isSuccessful());
        checkEnvARoles(RoleCrudUtil.kafkaPrincipalString(this.U_ORG_ADMIN), Collections.singleton("OrganizationAdmin"), NO_ROLES, NO_ROLES);
    }

    @Test
    public void testRemoveOtherOrgAdminRole() throws Exception {
        String kafkaPrincipalString = RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify("u-testRemoveOtherOrgAdminRole"));
        Assert.assertTrue(this.orgAdminClient.addClusterRoleForPrincipal(kafkaPrincipalString, "OrganizationAdmin", new MdsScope(this.ORG_SCOPE)).execute().isSuccessful());
        checkRoles(kafkaPrincipalString, Collections.singleton("OrganizationAdmin"), NO_ROLES, NO_ROLES, NO_ROLES, NO_ROLES);
        Assert.assertTrue(this.orgAdminClient.removeRoleForPrincipal(kafkaPrincipalString, "OrganizationAdmin", new MdsScope(this.ORG_SCOPE)).execute().isSuccessful());
        checkRoles(kafkaPrincipalString, NO_ROLES, NO_ROLES, NO_ROLES, NO_ROLES, NO_ROLES);
    }

    @Test
    public void testRemoveRole() throws Exception {
        String kafkaPrincipalString = RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify("u-testRemoveRole"));
        setupTwoRoleUser(kafkaPrincipalString);
        Assert.assertTrue(this.orgAdminClient.removeRoleForPrincipal(kafkaPrincipalString, "EnvironmentAdmin", new MdsScope(this.ENV_SCOPE_A)).execute().isSuccessful());
        checkEnvARoles(kafkaPrincipalString, NO_ROLES, NO_ROLES, Collections.singleton("CloudClusterAdmin"));
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public Object[][] removeAll() {
        return new Object[]{new Object[]{"Org_test1", this.ORG_SCOPE, this.CLOUD_CLUSTER_SCOPE_A1, NO_ROLES, NO_ROLES, NO_ROLES, NO_ROLES, NO_ROLES}, new Object[]{"Org_test2", this.ORG_SCOPE, this.CLOUD_CLUSTER_SCOPE_B2, NO_ROLES, NO_ROLES, NO_ROLES, NO_ROLES, NO_ROLES}, new Object[]{"EnvA_test1", this.ENV_SCOPE_A, this.CLOUD_CLUSTER_SCOPE_A1, NO_ROLES, NO_ROLES, NO_ROLES, NO_ROLES, NO_ROLES}, new Object[]{"EnvA_test2", this.ENV_SCOPE_A, this.CLOUD_CLUSTER_SCOPE_B2, NO_ROLES, NO_ROLES, NO_ROLES, NO_ROLES, Collections.singleton("CloudClusterAdmin")}, new Object[]{"EnvB_test1", this.ENV_SCOPE_B, this.CLOUD_CLUSTER_SCOPE_A1, NO_ROLES, Collections.singleton("EnvironmentAdmin"), Collections.singleton("CloudClusterAdmin"), NO_ROLES, NO_ROLES}, new Object[]{"EnvB_test2", this.ENV_SCOPE_B, this.CLOUD_CLUSTER_SCOPE_B2, NO_ROLES, Collections.singleton("EnvironmentAdmin"), NO_ROLES, NO_ROLES, NO_ROLES}, new Object[]{"CloudClusterA1_test1", this.CLOUD_CLUSTER_SCOPE_A1, this.CLOUD_CLUSTER_SCOPE_A1, NO_ROLES, Collections.singleton("EnvironmentAdmin"), NO_ROLES, NO_ROLES, NO_ROLES}, new Object[]{"CloudClusterA1_test2", this.CLOUD_CLUSTER_SCOPE_A1, this.CLOUD_CLUSTER_SCOPE_B2, NO_ROLES, Collections.singleton("EnvironmentAdmin"), NO_ROLES, NO_ROLES, Collections.singleton("CloudClusterAdmin")}};
    }

    @Test(dataProvider = "removeAll")
    public void testRemoveAllRoles(String str, Scope scope, Scope scope2, Set<String> set, Set<String> set2, Set<String> set3, Set<String> set4, Set<String> set5) throws Exception {
        String kafkaPrincipalString = RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify("u-testRemoveAllRoles"));
        setupTwoRoleUser(kafkaPrincipalString, this.ENV_SCOPE_A, scope2);
        Assert.assertTrue(this.orgAdminClient.removeAllRolesForPrincipal(kafkaPrincipalString, new MdsScope(scope)).execute().isSuccessful());
        checkRoles(kafkaPrincipalString, set, set2, set3, set4, set5);
    }

    @Test
    public void testPositive_RemoveAllRolesEnvAdminAtEnv() throws Exception {
        String kafkaPrincipalString = RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify("u-testRemoveAllRolesEnvAdminAtEnvTarget"));
        setupTwoRoleUser(kafkaPrincipalString);
        Assert.assertTrue(this.orgAdminClient.removeAllRolesForPrincipal(kafkaPrincipalString, new MdsScope(this.ENV_SCOPE_A)).execute().isSuccessful());
        checkEnvARoles(kafkaPrincipalString, NO_ROLES, NO_ROLES, NO_ROLES);
    }

    @Test
    public void testNegative_RemoveAllRolesEnvAdminAtOrg() throws Exception {
        String kafkaPrincipalString = RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify("u-testRemoveAllRolesEnvAdminAtOrgTarget"));
        setupTwoRoleUser(kafkaPrincipalString);
        Assert.assertFalse(this.envAdminClient.removeAllRolesForPrincipal(kafkaPrincipalString, new MdsScope(this.ORG_SCOPE)).execute().isSuccessful());
    }

    private String uniqueDeveloperStr() {
        return new KafkaPrincipal("User", TestIndependenceUtil.uniquify("Developer")).toString();
    }

    private ResourcesRequest topicReadsResources(String... strArr) {
        return topicReadsResources(this.KAFKA_CLUSTER_SCOPE_A1, strArr);
    }

    private ResourcesRequest topicReadsResources(Scope scope, String... strArr) {
        return new ResourcesRequest(new MdsScope(scope), (List) Arrays.stream(strArr).map(str -> {
            return new ResourcePattern(TOPIC_RESOURCE_TYPE, str, PatternType.LITERAL);
        }).collect(Collectors.toList()));
    }

    private void addTopicReads(String str, Scope scope, String... strArr) throws IOException {
        Assert.assertTrue(this.orgAdminClient.addRoleResourcesForPrincipal(str, "DeveloperRead", topicReadsResources(scope, strArr)).execute().isSuccessful());
    }

    private void addTopicReads(String str, String... strArr) throws IOException {
        Assert.assertTrue(this.orgAdminClient.addRoleResourcesForPrincipal(str, "DeveloperRead", topicReadsResources(strArr)).execute().isSuccessful());
    }

    private void removeTopicReads(String str, String... strArr) throws IOException {
        Assert.assertTrue(this.orgAdminClient.removeRoleResourcesForPrincipal(str, "DeveloperRead", topicReadsResources(strArr)).execute().isSuccessful());
    }

    private void checkAuthorization(String str, AuthorizeResult authorizeResult, String... strArr) throws IOException {
        Response execute = this.orgAdminClient.authorize(new AuthorizeRequest(str, (List) Arrays.stream(strArr).map(str2 -> {
            return new Action(this.KAFKA_CLUSTER_SCOPE_A1, TOPIC_RESOURCE_TYPE, str2, READ_OPERATION);
        }).collect(Collectors.toList()))).execute();
        Assert.assertTrue(((List) execute.body()).stream().allMatch(authorizeResult2 -> {
            return authorizeResult2.equals(authorizeResult);
        }), "Expected " + authorizeResult + " but found: " + ((String) ((List) execute.body()).stream().map((v0) -> {
            return Objects.toString(v0);
        }).collect(Collectors.joining(", "))));
    }

    @Test
    public void test_AddRoleWithResource() throws Exception {
        String uniqueDeveloperStr = uniqueDeveloperStr();
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks");
        addTopicReads(uniqueDeveloperStr, "clicks");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks");
    }

    @Test
    public void test_AddRoleWithMultipleResourcesBatch() throws Exception {
        String uniqueDeveloperStr = uniqueDeveloperStr();
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks", "billing", "payroll");
        addTopicReads(uniqueDeveloperStr, "clicks", "billing", "payroll");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks", "billing", "payroll");
    }

    @Test
    public void test_AddRoleWithMultipleResourcesIndividually() throws Exception {
        String uniqueDeveloperStr = uniqueDeveloperStr();
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks", "billing", "payroll");
        addTopicReads(uniqueDeveloperStr, "clicks");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "billing", "payroll");
        addTopicReads(uniqueDeveloperStr, "billing");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks", "billing");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "payroll");
        addTopicReads(uniqueDeveloperStr, "payroll");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks", "billing", "payroll");
    }

    @Test
    public void test_AddRoleWithSameResourceTwice() throws Exception {
        String uniqueDeveloperStr = uniqueDeveloperStr();
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks");
        addTopicReads(uniqueDeveloperStr, "clicks");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks");
        addTopicReads(uniqueDeveloperStr, "clicks");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks");
    }

    @Test
    public void test_AddRoleWithSameResourcesOverlapping() throws Exception {
        String uniqueDeveloperStr = uniqueDeveloperStr();
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks", "billing", "payroll");
        addTopicReads(uniqueDeveloperStr, "clicks", "billing");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks", "billing");
        addTopicReads(uniqueDeveloperStr, "billing", "payroll");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks", "billing", "payroll");
    }

    @Test
    public void test_RemoveRoleWithResource() throws Exception {
        String uniqueDeveloperStr = uniqueDeveloperStr();
        addTopicReads(uniqueDeveloperStr, "clicks");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks");
        removeTopicReads(uniqueDeveloperStr, "clicks");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks");
    }

    @Test
    public void test_RemoveRoleWithMultipleResourcesBatch() throws Exception {
        String uniqueDeveloperStr = uniqueDeveloperStr();
        addTopicReads(uniqueDeveloperStr, "clicks", "billing", "payroll");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks", "billing", "payroll");
        removeTopicReads(uniqueDeveloperStr, "clicks", "billing", "payroll");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks", "billing", "payroll");
    }

    @Test
    public void test_RemoveRoleWithMultipleResourcesIndividually() throws Exception {
        String uniqueDeveloperStr = uniqueDeveloperStr();
        addTopicReads(uniqueDeveloperStr, "clicks", "billing", "payroll");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks", "billing", "payroll");
        removeTopicReads(uniqueDeveloperStr, "clicks");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "billing", "payroll");
        removeTopicReads(uniqueDeveloperStr, "billing");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks", "billing");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "payroll");
        removeTopicReads(uniqueDeveloperStr, "payroll");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks", "billing", "payroll");
    }

    @Test
    public void test_RemoveRoleWithSameResourceTwice() throws Exception {
        String uniqueDeveloperStr = uniqueDeveloperStr();
        addTopicReads(uniqueDeveloperStr, "clicks");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks");
        removeTopicReads(uniqueDeveloperStr, "clicks");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks");
        removeTopicReads(uniqueDeveloperStr, "clicks");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks");
    }

    @Test
    public void test_RemoveRoleWithResourceNeverSet() throws Exception {
        String uniqueDeveloperStr = uniqueDeveloperStr();
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks");
        removeTopicReads(uniqueDeveloperStr, "clicks");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks");
    }

    @Test
    public void test_RemoveRoleWithSameResourcesOverlapping() throws Exception {
        String uniqueDeveloperStr = uniqueDeveloperStr();
        addTopicReads(uniqueDeveloperStr, "clicks", "billing", "payroll");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks", "billing", "payroll");
        removeTopicReads(uniqueDeveloperStr, "clicks", "billing");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks", "billing");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "payroll");
        removeTopicReads(uniqueDeveloperStr, "billing", "payroll");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks", "billing", "payroll");
    }

    @Test
    public void test_AddRemoveAddAddRoleWithResources() throws Exception {
        String uniqueDeveloperStr = uniqueDeveloperStr();
        addTopicReads(uniqueDeveloperStr, "clicks");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks");
        removeTopicReads(uniqueDeveloperStr, "clicks");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks");
        addTopicReads(uniqueDeveloperStr, "clicks");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks");
        addTopicReads(uniqueDeveloperStr, "clicks");
        checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks");
    }

    @Test
    public void test_AddRemoveRoleWithResourceRepeatedly() throws Exception {
        String uniqueDeveloperStr = uniqueDeveloperStr();
        for (int i = 0; i < 10; i++) {
            addTopicReads(uniqueDeveloperStr, "clicks");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks");
            removeTopicReads(uniqueDeveloperStr, "clicks");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks");
        }
    }

    @Test
    public void test_AddRemoveRoleWithResourceBatchRepeatedly() throws Exception {
        String uniqueDeveloperStr = uniqueDeveloperStr();
        for (int i = 0; i < 10; i++) {
            addTopicReads(uniqueDeveloperStr, "clicks", "billing", "payroll");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks", "billing", "payroll");
            removeTopicReads(uniqueDeveloperStr, "clicks", "billing", "payroll");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks", "billing", "payroll");
        }
    }

    @Test
    public void test_AddRemoveRoleWithResourceIndividuallyRepeatedly() throws Exception {
        String uniqueDeveloperStr = uniqueDeveloperStr();
        for (int i = 0; i < 10; i++) {
            addTopicReads(uniqueDeveloperStr, "clicks");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "billing", "payroll");
            addTopicReads(uniqueDeveloperStr, "billing");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks", "billing");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "payroll");
            addTopicReads(uniqueDeveloperStr, "payroll");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks", "billing", "payroll");
            removeTopicReads(uniqueDeveloperStr, "clicks");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "billing", "payroll");
            removeTopicReads(uniqueDeveloperStr, "billing");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks", "billing");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "payroll");
            removeTopicReads(uniqueDeveloperStr, "payroll");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks", "billing", "payroll");
        }
    }

    @Test
    public void test_AddRemoveRoleWithResourceOverlappingRepeatedly() throws Exception {
        String uniqueDeveloperStr = uniqueDeveloperStr();
        for (int i = 0; i < 10; i++) {
            addTopicReads(uniqueDeveloperStr, "clicks", "billing");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks", "billing");
            addTopicReads(uniqueDeveloperStr, "billing", "payroll");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "clicks", "billing", "payroll");
            removeTopicReads(uniqueDeveloperStr, "clicks", "billing");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks", "billing");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.ALLOWED, "payroll");
            removeTopicReads(uniqueDeveloperStr, "billing", "payroll");
            checkAuthorization(uniqueDeveloperStr, AuthorizeResult.DENIED, "clicks", "billing", "payroll");
        }
    }
}
