package cloud.coop;

import io.confluent.cloud.security.client.AuthorizerAction;
import io.confluent.cloud.security.client.AuthorizerRequest;
import io.confluent.cloud.security.client.AuthorizerResponse;
import io.confluent.cloud.security.client.AuthorizerRestClient;
import io.confluent.cloud.security.client.AuthorizerRestClientConfig;
import io.confluent.rbacapi.entities.V2RoleBinding;
import io.confluent.rbacapi.retrofit.v2.V2CloudRbacRoleBindingRestApi;
import io.confluent.rbacapi.retrofit.v2.V2CloudRbacRoleBindingRestRetrofitFactory;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.testing.TestIndependenceUtil;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import parity.coop.ParityTestBase;
import utils.MdsTestUtil;
import utils.RoleCrudUtil;

@Test
/* loaded from: input_file:cloud/coop/V2CloudTrustServiceTest.class */
public class V2CloudTrustServiceTest extends ParityTestBase {
    final String U_ORG_ADMIN = TestIndependenceUtil.uniquify("u-org1");
    final String U_ENV_ADMIN = TestIndependenceUtil.uniquify("u-env1");
    final String U_CCA_ADMIN = TestIndependenceUtil.uniquify("u-cluster");
    protected static final String WRONG_ORG_PROVIDER_CRN = "crn://confluent.cloud/organization=WRONG_ORG/identity-provider=op-12";
    protected static final String WRONG_ORG_POOL_CRN = "crn://confluent.cloud/organization=WRONG_ORG/identity-provider=op-12/identity-pool=pool-abc";
    private AuthorizerRestClient sharedAuthorizerClient;
    protected static final String ORG_ID = TestIndependenceUtil.uniquify("aaaa-1111");
    protected static final String RIGHT_PROVIDER_CRN = "crn://confluent.cloud/organization=" + ORG_ID + "/identity-provider=op-12";
    protected static final String RIGHT_POOL_CRN = "crn://confluent.cloud/organization=" + ORG_ID + "/identity-provider=op-12/identity-pool=pool-abc";
    protected static final Map<String, V2CloudRbacRoleBindingRestApi> RETROFIT_CRUD_CLIENTS = new HashMap();

    @BeforeClass
    public void setUp() throws Exception {
        List<String> asList = Arrays.asList(this.U_ORG_ADMIN, this.U_ENV_ADMIN, this.U_CCA_ADMIN);
        this.ldapCrud.createUsers(asList);
        for (String str : asList) {
            RETROFIT_CRUD_CLIENTS.put(str, V2CloudRbacRoleBindingRestRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, str));
        }
        Properties properties = new Properties();
        properties.put("confluent.cloud.authorizer.url", MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST + ":" + this.actualMdsPort);
        this.sharedAuthorizerClient = new AuthorizerRestClient(new AuthorizerRestClientConfig(properties));
        Assert.assertTrue(this.suCloudClient.createRoleBinding(new V2RoleBinding((String) null, RoleCrudUtil.kafkaPrincipalString(this.U_ORG_ADMIN), "OrganizationAdmin", "crn://confluent.cloud/organization=" + ORG_ID)).execute().isSuccessful());
        V2CloudRbacRoleBindingRestApi v2CloudRbacRoleBindingRestApi = RETROFIT_CRUD_CLIENTS.get(this.U_ORG_ADMIN);
        Assert.assertTrue(v2CloudRbacRoleBindingRestApi.createRoleBinding(new V2RoleBinding((String) null, RoleCrudUtil.kafkaPrincipalString(this.U_ENV_ADMIN), "EnvironmentAdmin", "crn://confluent.cloud/organization=" + ORG_ID + "/environment=env-abc")).execute().isSuccessful());
        Assert.assertTrue(v2CloudRbacRoleBindingRestApi.createRoleBinding(new V2RoleBinding((String) null, RoleCrudUtil.kafkaPrincipalString(this.U_CCA_ADMIN), "CloudClusterAdmin", "crn://confluent.cloud/organization=" + ORG_ID + "/environment=env-abc/cloud-cluster=lkc-111")).execute().isSuccessful());
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public Object[][] authorizeDataProvider() {
        return new Object[]{new Object[]{this.U_ORG_ADMIN, AuthorizeResult.ALLOWED, RIGHT_PROVIDER_CRN}, new Object[]{this.U_ENV_ADMIN, AuthorizeResult.DENIED, RIGHT_PROVIDER_CRN}, new Object[]{this.U_CCA_ADMIN, AuthorizeResult.DENIED, RIGHT_PROVIDER_CRN}, new Object[]{this.U_ORG_ADMIN, AuthorizeResult.ALLOWED, RIGHT_POOL_CRN}, new Object[]{this.U_ENV_ADMIN, AuthorizeResult.DENIED, RIGHT_POOL_CRN}, new Object[]{this.U_CCA_ADMIN, AuthorizeResult.DENIED, RIGHT_POOL_CRN}, new Object[]{this.U_ORG_ADMIN, AuthorizeResult.DENIED, WRONG_ORG_PROVIDER_CRN}, new Object[]{this.U_ENV_ADMIN, AuthorizeResult.DENIED, WRONG_ORG_PROVIDER_CRN}, new Object[]{this.U_CCA_ADMIN, AuthorizeResult.DENIED, WRONG_ORG_PROVIDER_CRN}, new Object[]{this.U_ORG_ADMIN, AuthorizeResult.DENIED, WRONG_ORG_POOL_CRN}, new Object[]{this.U_ENV_ADMIN, AuthorizeResult.DENIED, WRONG_ORG_POOL_CRN}, new Object[]{this.U_CCA_ADMIN, AuthorizeResult.DENIED, WRONG_ORG_POOL_CRN}};
    }

    @Test(dataProvider = "authorizeDataProvider")
    public void testV2AuthorizeCreate(String str, AuthorizeResult authorizeResult, String str2) throws Exception {
        Assert.assertEquals(authorizeResult, ((AuthorizerResponse) this.sharedAuthorizerClient.authorize(str, str, new AuthorizerRequest(RoleCrudUtil.kafkaPrincipalString(str), Collections.singletonList(new AuthorizerAction(str2, "Create")))).get(0)).getResult());
    }

    @Test(dataProvider = "authorizeDataProvider")
    public void testV2AuthorizeDescribe(String str, AuthorizeResult authorizeResult, String str2) throws Exception {
        Assert.assertEquals(authorizeResult, ((AuthorizerResponse) this.sharedAuthorizerClient.authorize(str, str, new AuthorizerRequest(RoleCrudUtil.kafkaPrincipalString(str), Collections.singletonList(new AuthorizerAction(str2, "Describe")))).get(0)).getResult());
    }

    @Test(dataProvider = "authorizeDataProvider")
    public void testV2AuthorizeAlter(String str, AuthorizeResult authorizeResult, String str2) throws Exception {
        Assert.assertEquals(authorizeResult, ((AuthorizerResponse) this.sharedAuthorizerClient.authorize(str, str, new AuthorizerRequest(RoleCrudUtil.kafkaPrincipalString(str), Collections.singletonList(new AuthorizerAction(str2, "Alter")))).get(0)).getResult());
    }

    @Test(dataProvider = "authorizeDataProvider")
    public void testV2AuthorizeDelete(String str, AuthorizeResult authorizeResult, String str2) throws Exception {
        Assert.assertEquals(authorizeResult, ((AuthorizerResponse) this.sharedAuthorizerClient.authorize(str, str, new AuthorizerRequest(RoleCrudUtil.kafkaPrincipalString(str), Collections.singletonList(new AuthorizerAction(str2, "Delete")))).get(0)).getResult());
    }
}
