package parity.coop;

import io.confluent.rbacapi.entities.AuthorizeRequest;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.retrofit.v2.V2RbacRestApi;
import io.confluent.rbacapi.retrofit.v2.V2RbacRetrofitFactory;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import io.confluent.testing.TestIndependenceUtil;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.kafka.common.resource.PatternType;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import retrofit2.Response;
import utils.MdsTestUtil;

@Test(groups = {"classParallelTests"})
/* loaded from: input_file:parity/coop/V2CloudTrustServiceTest.class */
public class V2CloudTrustServiceTest extends ParityTestBase {
    private final Map<String, V2RbacRestApi> retrofitClients = new HashMap();
    private static final String ORG_ADMIN = TestIndependenceUtil.uniquify("org_admin");
    private static final String ENV_ADMIN = TestIndependenceUtil.uniquify("env_admin");
    private static final String CLOUD_CLUSTER_ADMIN = TestIndependenceUtil.uniquify("cloud_cluster_admin");
    private static final ResourceType PROVIDER_RT = new ResourceType("IdentityProvider");
    private static final ResourceType POOL_RT = new ResourceType("IdentityPool");
    private static final Operation CREATE_OP = new Operation("Create");
    private static final Operation DESCRIBE_OP = new Operation("Describe");
    private static final Operation ALTER_OP = new Operation("Alter");
    private static final Operation DELETE_OP = new Operation("Delete");
    public static final String ORG1_ID = TestIndependenceUtil.uniquify("organization=aaaa-1111");
    private static final MdsScope CLOUD_ORG_1_CLUSTER_1_SCOPE = new MdsScope(new Scope.Builder(new String[0]).addPath(ORG1_ID).addPath("environment=env-abc").addPath("cloud-cluster=lkc-111").build());
    private static final MdsScope CLOUD_ORG_1_PROVIDER_1_SCOPE = new MdsScope(new Scope.Builder(new String[0]).addPath(ORG1_ID).addPath("identity-provider=op-11").build());
    private static final MdsScope CLOUD_ORG_1_SCOPE = new MdsScope(new Scope.Builder(new String[0]).addPath(ORG1_ID).build());
    public static final String ORG2_ID = TestIndependenceUtil.uniquify("organization=aaaa-2222");
    private static final MdsScope CLOUD_ORG_2_SCOPE = new MdsScope(new Scope.Builder(new String[0]).addPath(ORG2_ID).build());
    private static final MdsScope CLOUD_ORG_2_PROVIDER_1_SCOPE = new MdsScope(new Scope.Builder(new String[0]).addPath(ORG2_ID).addPath("identity-provider=op-22").build());

    @BeforeClass
    public void setUp() throws Exception {
        List asList = Arrays.asList(ORG_ADMIN, ENV_ADMIN, CLOUD_CLUSTER_ADMIN);
        this.ldapCrud.createUsers(asList);
        asList.forEach(str -> {
            this.retrofitClients.put(str, V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, str));
        });
        Assert.assertTrue(this.suClient.addClusterRoleForPrincipal("User:" + ORG_ADMIN, "OrganizationAdmin", new MdsScope(CLOUD_ORG_1_CLUSTER_1_SCOPE.scope().ancestorWithBindingScope("organization"))).execute().isSuccessful());
        Assert.assertEquals(this.retrofitClients.get(ORG_ADMIN).addClusterRoleForPrincipal("User:" + ENV_ADMIN, "EnvironmentAdmin", new MdsScope(CLOUD_ORG_1_CLUSTER_1_SCOPE.scope().ancestorWithBindingScope("environment"))).execute().code(), 204, "Should have setup the ENVIRONMENT_ADMIN");
        Assert.assertEquals(this.retrofitClients.get(ORG_ADMIN).addClusterRoleForPrincipal("User:" + CLOUD_CLUSTER_ADMIN, "CloudClusterAdmin", CLOUD_ORG_1_CLUSTER_1_SCOPE).execute().code(), 204, "Should have setup the CLOUD_CLUSTER_ADMIN");
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public Object[][] authorizeDataProvider() {
        return new Object[]{new Object[]{ORG_ADMIN, PROVIDER_RT, AuthorizeResult.ALLOWED, CLOUD_ORG_1_SCOPE, "resource"}, new Object[]{ENV_ADMIN, PROVIDER_RT, AuthorizeResult.DENIED, CLOUD_ORG_1_SCOPE, "resource"}, new Object[]{CLOUD_CLUSTER_ADMIN, PROVIDER_RT, AuthorizeResult.DENIED, CLOUD_ORG_1_SCOPE, "resource"}, new Object[]{ORG_ADMIN, POOL_RT, AuthorizeResult.ALLOWED, CLOUD_ORG_1_PROVIDER_1_SCOPE, "resource"}, new Object[]{ENV_ADMIN, POOL_RT, AuthorizeResult.DENIED, CLOUD_ORG_1_PROVIDER_1_SCOPE, "resource"}, new Object[]{CLOUD_CLUSTER_ADMIN, POOL_RT, AuthorizeResult.DENIED, CLOUD_ORG_1_PROVIDER_1_SCOPE, "resource"}, new Object[]{ORG_ADMIN, PROVIDER_RT, AuthorizeResult.DENIED, CLOUD_ORG_2_SCOPE, "resource"}, new Object[]{ENV_ADMIN, PROVIDER_RT, AuthorizeResult.DENIED, CLOUD_ORG_2_SCOPE, "resource"}, new Object[]{CLOUD_CLUSTER_ADMIN, PROVIDER_RT, AuthorizeResult.DENIED, CLOUD_ORG_2_SCOPE, "resource"}, new Object[]{ORG_ADMIN, POOL_RT, AuthorizeResult.DENIED, CLOUD_ORG_2_PROVIDER_1_SCOPE, "resource"}, new Object[]{ENV_ADMIN, POOL_RT, AuthorizeResult.DENIED, CLOUD_ORG_2_PROVIDER_1_SCOPE, "resource"}, new Object[]{CLOUD_CLUSTER_ADMIN, POOL_RT, AuthorizeResult.DENIED, CLOUD_ORG_2_PROVIDER_1_SCOPE, "resource"}};
    }

    @Test(dataProvider = "authorizeDataProvider")
    public void authorizeCreateResourceTest(String str, ResourceType resourceType, AuthorizeResult authorizeResult, MdsScope mdsScope, String str2) throws Throwable {
        Response execute = this.retrofitClients.get(str).authorize(new AuthorizeRequest("User:" + str, Collections.singletonList(new Action(mdsScope.scope(), new ResourcePattern(resourceType, str2, PatternType.LITERAL), CREATE_OP)))).execute();
        Assert.assertEquals(200, execute.code());
        Assert.assertEquals(((List) execute.body()).get(0), authorizeResult);
    }

    @Test(dataProvider = "authorizeDataProvider")
    public void authorizeDescribeResourceTest(String str, ResourceType resourceType, AuthorizeResult authorizeResult, MdsScope mdsScope, String str2) throws Throwable {
        Response execute = this.retrofitClients.get(str).authorize(new AuthorizeRequest("User:" + str, Collections.singletonList(new Action(mdsScope.scope(), new ResourcePattern(resourceType, str2, PatternType.LITERAL), DESCRIBE_OP)))).execute();
        Assert.assertEquals(200, execute.code());
        Assert.assertEquals(((List) execute.body()).get(0), authorizeResult);
    }

    @Test(dataProvider = "authorizeDataProvider")
    public void authorizeAlterResourceTest(String str, ResourceType resourceType, AuthorizeResult authorizeResult, MdsScope mdsScope, String str2) throws Throwable {
        Response execute = this.retrofitClients.get(str).authorize(new AuthorizeRequest("User:" + str, Collections.singletonList(new Action(mdsScope.scope(), new ResourcePattern(resourceType, str2, PatternType.LITERAL), ALTER_OP)))).execute();
        Assert.assertEquals(200, execute.code());
        Assert.assertEquals(((List) execute.body()).get(0), authorizeResult);
    }

    @Test(dataProvider = "authorizeDataProvider")
    public void authorizeDeleteCallsConnectTest(String str, ResourceType resourceType, AuthorizeResult authorizeResult, MdsScope mdsScope, String str2) throws Throwable {
        Response execute = this.retrofitClients.get(str).authorize(new AuthorizeRequest("User:" + str, Collections.singletonList(new Action(mdsScope.scope(), new ResourcePattern(resourceType, str2, PatternType.LITERAL), DELETE_OP)))).execute();
        Assert.assertEquals(200, execute.code());
        Assert.assertEquals(((List) execute.body()).get(0), authorizeResult);
    }
}
