package integration.rbacapi.api.v1;

import com.google.common.collect.ImmutableSet;
import io.confluent.rbacapi.entities.AuthorizeRequest;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.entities.ResourcesRequest;
import io.confluent.rbacapi.retrofit.v1.V1RbacRestApi;
import io.confluent.rbacapi.retrofit.v1.V1RbacRetrofitFactory;
import io.confluent.rbacapi.services.RoleBindingProcessing;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.test.utils.RbacClusters;
import io.confluent.testing.TestIndependenceUtil;
import io.confluent.testing.ldap.client.ExampleComLdapCrud;
import io.confluent.testing.ldap.client.LdapCrud;
import io.confluent.testing.ldap.server.LdapServer;
import java.io.IOException;
import java.lang.reflect.Method;
import java.net.ConnectException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.kafka.common.resource.PatternType;
import org.awaitility.Awaitility;
import org.hamcrest.core.Is;
import org.junit.Assert;
import org.testng.ITest;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Factory;
import org.testng.annotations.Test;
import retrofit2.Response;
import utils.KafkaConfigTool;
import utils.MdsTestUtil;
import utils.QuorumTestInfo;
import utils.ScopeBuilder;

@Test(groups = {"classParallelTests"})
/* loaded from: input_file:integration/rbacapi/api/v1/OperationLookupTest.class */
public class OperationLookupTest implements ITest {
    private static final String BROKER_USER = "kafka";
    private static final String USER_ADMIN = "cross_cluster_user_admin";
    private RbacClusters rbacClusters;
    private int actualMdsPort;
    private String mdsClusterId;
    private LdapServer ldapServer;
    private LdapCrud ldapCrud;
    private MdsScope mdsKafkaClusterScope;
    private V1RbacRestApi userAdminClient;
    private static String MDS_KAFKA_KEY = "mdsCluster";
    private static String MDS_CONNECT_KEY = "mdsConnectCluster";
    private static String MDS_SR_KEY = "mdsSRCluster";
    private static String MDS_KSQL_KEY = "mdsKsqlCluster";
    private static String MANAGED_KAFKA_KEY = "managedKafkaCluster";
    private static String MANAGED_CONNECT_KEY = "managedConnectCluster";
    private static String CREATE = "Create";
    private static String ALTER_ACCESS = "AlterAccess";
    private String quorum;
    private final Map<String, MdsScope> scopeMap = new HashMap();
    private ThreadLocal<String> testName = new ThreadLocal<>();

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public static Object[][] quorums() {
        return new Object[]{new Object[]{"zk"}, new Object[]{"kraft"}, new Object[]{"kraft_combined"}};
    }

    @Factory(dataProvider = "quorums")
    public OperationLookupTest(String str) {
        this.quorum = str;
    }

    @BeforeClass
    public void setUp() throws Exception {
        this.ldapServer = LdapServer.defaultServerNoUsers().start();
        int actualPort = this.ldapServer.actualPort();
        this.ldapCrud = new ExampleComLdapCrud(actualPort);
        this.ldapCrud.createUsers(Arrays.asList("kafka", USER_ADMIN));
        this.rbacClusters = new RbacClusters(KafkaConfigTool.justLDAPv1(actualPort, "kafka"), new QuorumTestInfo(this.quorum));
        this.actualMdsPort = MdsTestUtil.lookupActualMdsPort(this.rbacClusters);
        this.mdsClusterId = this.rbacClusters.metadataClusterId();
        this.mdsKafkaClusterScope = new MdsScope(Scope.kafkaClusterScope(this.mdsClusterId));
        this.scopeMap.put(MDS_KAFKA_KEY, this.mdsKafkaClusterScope);
        this.scopeMap.put(MDS_CONNECT_KEY, ScopeBuilder.withKafka(this.mdsClusterId).withConnect("mdsConnect" + TestIndependenceUtil.getUniqueInteger()).build());
        this.scopeMap.put(MDS_SR_KEY, ScopeBuilder.withKafka(this.mdsClusterId).withSR("mdsSR" + TestIndependenceUtil.getUniqueInteger()).build());
        this.scopeMap.put(MDS_KSQL_KEY, ScopeBuilder.withKafka(this.mdsClusterId).withKSQL("mdsKsql" + TestIndependenceUtil.getUniqueInteger()).build());
        String str = "managedKafka" + TestIndependenceUtil.getUniqueInteger();
        this.scopeMap.put(MANAGED_KAFKA_KEY, new MdsScope(Scope.kafkaClusterScope(str)));
        this.scopeMap.put(MANAGED_CONNECT_KEY, ScopeBuilder.withKafka(str).withConnect("managedConnect" + TestIndependenceUtil.getUniqueInteger()).build());
        V1RbacRestApi build = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, "kafka", "kafka");
        Awaitility.given().ignoreException(ConnectException.class).await().atMost(30L, TimeUnit.SECONDS).until(() -> {
            return Boolean.valueOf(build.getRoleNames().execute().isSuccessful());
        });
        Iterator<MdsScope> it = this.scopeMap.values().iterator();
        while (it.hasNext()) {
            Assert.assertEquals(204L, build.addClusterRoleForPrincipal("User:cross_cluster_user_admin", "UserAdmin", it.next()).execute().code());
        }
        this.userAdminClient = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, USER_ADMIN, USER_ADMIN);
    }

    @AfterClass
    public void tearDown() {
        this.ldapServer.stop();
        this.rbacClusters.shutdown();
        MdsTestUtil.releasePort(this.actualMdsPort);
    }

    @Test
    public void sanityTest_RetroFitBasicAuth() throws IOException {
        Assert.assertNotNull(this.userAdminClient.getRoles().execute());
        Assert.assertEquals(200L, r0.code());
        Response execute = this.userAdminClient.getRoleNamesForPrincipal("User:cross_cluster_user_admin", this.mdsKafkaClusterScope).execute();
        Assert.assertNotNull(execute);
        Assert.assertEquals(200L, execute.code());
        Assert.assertTrue(((List) execute.body()).contains("UserAdmin"));
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] clusterRoleTestData() {
        return new Object[]{new Object[]{MDS_KAFKA_KEY, MANAGED_KAFKA_KEY, "SystemAdmin", "Topic"}, new Object[]{MDS_KAFKA_KEY, MANAGED_KAFKA_KEY, "ClusterAdmin", "Topic"}, new Object[]{MANAGED_KAFKA_KEY, MDS_KAFKA_KEY, "SystemAdmin", "Topic"}, new Object[]{MANAGED_KAFKA_KEY, MDS_KAFKA_KEY, "ClusterAdmin", "Topic"}, new Object[]{MDS_CONNECT_KEY, MANAGED_CONNECT_KEY, "SystemAdmin", "Connector"}, new Object[]{MDS_CONNECT_KEY, MANAGED_CONNECT_KEY, "ClusterAdmin", "Connector"}, new Object[]{MANAGED_CONNECT_KEY, MDS_CONNECT_KEY, "SystemAdmin", "Connector"}, new Object[]{MANAGED_CONNECT_KEY, MDS_CONNECT_KEY, "ClusterAdmin", "Connector"}};
    }

    @Test(dataProvider = "clusterRoleTestData")
    public void clusterRoleTests(String str, String str2, String str3, String str4) throws IOException {
        MdsScope mdsScope = this.scopeMap.get(str);
        String str5 = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        this.ldapCrud.createUser(str5);
        assignUserClusterRole(mdsScope, str5, str3);
        assignUserResourceRole(mdsScope, str5, "ResourceOwner", Collections.singletonList(new ResourcePattern(str4, "clicks", PatternType.LITERAL)));
        for (V1RbacRestApi v1RbacRestApi : Arrays.asList(this.userAdminClient, V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, str5, str5))) {
            RoleBindingProcessing.OperationGuidelines operationGuidelines = (RoleBindingProcessing.OperationGuidelines) v1RbacRestApi.getGuidelines(str4, "User:" + str5, CREATE, mdsScope).execute().body();
            Assert.assertNotNull(operationGuidelines);
            Assert.assertThat(operationGuidelines.operationsResult, Is.is(RoleBindingProcessing.OperationsResult.ANY));
            Assert.assertEquals(0L, operationGuidelines.resourcePatterns.size());
            verifyAuthrorizeForCreate(v1RbacRestApi, mdsScope, str5, str4, "PANTS!", AuthorizeResult.ALLOWED);
            MdsScope mdsScope2 = this.scopeMap.get(str2);
            RoleBindingProcessing.OperationGuidelines operationGuidelines2 = (RoleBindingProcessing.OperationGuidelines) v1RbacRestApi.getGuidelines(str4, "User:" + str5, CREATE, mdsScope2).execute().body();
            Assert.assertNotNull(operationGuidelines2);
            Assert.assertThat(operationGuidelines2.operationsResult, Is.is(RoleBindingProcessing.OperationsResult.NONE));
            Assert.assertEquals(0L, operationGuidelines2.resourcePatterns.size());
            verifyAuthrorizeForCreate(v1RbacRestApi, mdsScope2, str5, str4, "PANTS!", AuthorizeResult.DENIED);
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] resourceRoleTestData() {
        return new Object[]{new Object[]{MDS_KAFKA_KEY, MANAGED_KAFKA_KEY, "DeveloperManage", "Topic"}, new Object[]{MDS_KAFKA_KEY, MANAGED_KAFKA_KEY, "ResourceOwner", "Topic"}, new Object[]{MANAGED_KAFKA_KEY, MDS_KAFKA_KEY, "DeveloperManage", "Topic"}, new Object[]{MANAGED_KAFKA_KEY, MDS_KAFKA_KEY, "ResourceOwner", "Topic"}, new Object[]{MDS_CONNECT_KEY, MANAGED_CONNECT_KEY, "DeveloperManage", "Connector"}, new Object[]{MDS_CONNECT_KEY, MANAGED_CONNECT_KEY, "ResourceOwner", "Connector"}, new Object[]{MANAGED_CONNECT_KEY, MDS_CONNECT_KEY, "DeveloperManage", "Connector"}, new Object[]{MANAGED_CONNECT_KEY, MDS_CONNECT_KEY, "ResourceOwner", "Connector"}};
    }

    @Test(dataProvider = "resourceRoleTestData")
    public void wildcardResourceRoleTests(String str, String str2, String str3, String str4) throws IOException {
        MdsScope mdsScope = this.scopeMap.get(str);
        String str5 = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        this.ldapCrud.createUser(str5);
        assignUserResourceRole(mdsScope, str5, str3, Arrays.asList(new ResourcePattern(str4, "*", PatternType.LITERAL), new ResourcePattern(str4, "sushi", PatternType.PREFIXED), new ResourcePattern(str4, "clicks", PatternType.LITERAL)));
        for (V1RbacRestApi v1RbacRestApi : Arrays.asList(this.userAdminClient, V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, str5, str5))) {
            RoleBindingProcessing.OperationGuidelines operationGuidelines = (RoleBindingProcessing.OperationGuidelines) v1RbacRestApi.getGuidelines(str4, "User:" + str5, CREATE, mdsScope).execute().body();
            Assert.assertNotNull(operationGuidelines);
            Assert.assertThat(operationGuidelines.operationsResult, Is.is(RoleBindingProcessing.OperationsResult.ANY));
            Assert.assertEquals(0L, operationGuidelines.resourcePatterns.size());
            verifyAuthrorizeForCreate(v1RbacRestApi, mdsScope, str5, str4, "PANTS!", AuthorizeResult.ALLOWED);
            MdsScope mdsScope2 = this.scopeMap.get(str2);
            RoleBindingProcessing.OperationGuidelines operationGuidelines2 = (RoleBindingProcessing.OperationGuidelines) v1RbacRestApi.getGuidelines(str4, "User:" + str5, CREATE, mdsScope2).execute().body();
            Assert.assertNotNull(operationGuidelines2);
            Assert.assertThat(operationGuidelines2.operationsResult, Is.is(RoleBindingProcessing.OperationsResult.NONE));
            Assert.assertEquals(0L, operationGuidelines2.resourcePatterns.size());
            verifyAuthrorizeForCreate(v1RbacRestApi, mdsScope2, str5, str4, "PANTS!", AuthorizeResult.DENIED);
        }
    }

    @Test(dataProvider = "resourceRoleTestData")
    public void limitedResourceRoleTests(String str, String str2, String str3, String str4) throws IOException {
        MdsScope mdsScope = this.scopeMap.get(str);
        String str5 = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        this.ldapCrud.createUser(str5);
        ResourcePattern resourcePattern = new ResourcePattern(str4, "salmon", PatternType.LITERAL);
        ResourcePattern resourcePattern2 = new ResourcePattern(str4, "sushi", PatternType.PREFIXED);
        assignUserResourceRole(mdsScope, str5, str3, Arrays.asList(resourcePattern, resourcePattern2));
        for (V1RbacRestApi v1RbacRestApi : Arrays.asList(this.userAdminClient, V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, str5, str5))) {
            RoleBindingProcessing.OperationGuidelines operationGuidelines = (RoleBindingProcessing.OperationGuidelines) v1RbacRestApi.getGuidelines(str4, "User:" + str5, CREATE, mdsScope).execute().body();
            Assert.assertNotNull(operationGuidelines);
            Assert.assertThat(operationGuidelines.operationsResult, Is.is(RoleBindingProcessing.OperationsResult.SOME));
            Assert.assertTrue(operationGuidelines.resourcePatterns.contains(resourcePattern));
            Assert.assertTrue(operationGuidelines.resourcePatterns.contains(resourcePattern2));
            verifyAuthrorizeForCreate(v1RbacRestApi, mdsScope, str5, str4, "salmon", AuthorizeResult.ALLOWED);
            verifyAuthrorizeForCreate(v1RbacRestApi, mdsScope, str5, str4, "sushi", AuthorizeResult.ALLOWED);
            verifyAuthrorizeForCreate(v1RbacRestApi, mdsScope, str5, str4, "sushi-2020", AuthorizeResult.ALLOWED);
            verifyAuthrorizeForCreate(v1RbacRestApi, mdsScope, str5, str4, "PANTS!", AuthorizeResult.DENIED);
            MdsScope mdsScope2 = this.scopeMap.get(str2);
            RoleBindingProcessing.OperationGuidelines operationGuidelines2 = (RoleBindingProcessing.OperationGuidelines) v1RbacRestApi.getGuidelines(str4, "User:" + str5, CREATE, mdsScope2).execute().body();
            Assert.assertNotNull(operationGuidelines2);
            Assert.assertThat(operationGuidelines2.operationsResult, Is.is(RoleBindingProcessing.OperationsResult.NONE));
            Assert.assertEquals(0L, operationGuidelines2.resourcePatterns.size());
            verifyAuthrorizeForCreate(v1RbacRestApi, mdsScope2, str5, str4, "salmon", AuthorizeResult.DENIED);
            verifyAuthrorizeForCreate(v1RbacRestApi, mdsScope2, str5, str4, "sushi", AuthorizeResult.DENIED);
            verifyAuthrorizeForCreate(v1RbacRestApi, mdsScope2, str5, str4, "sushi-2020", AuthorizeResult.DENIED);
            verifyAuthrorizeForCreate(v1RbacRestApi, mdsScope2, str5, str4, "PANTS!", AuthorizeResult.DENIED);
        }
    }

    @Test
    public void groupInheritance() throws IOException {
        MdsScope mdsScope = this.mdsKafkaClusterScope;
        String str = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        this.ldapCrud.createUser(str);
        ResourcePattern resourcePattern = new ResourcePattern("Topic", "salmon", PatternType.LITERAL);
        ResourcePattern resourcePattern2 = new ResourcePattern("Topic", "sushi", PatternType.PREFIXED);
        assignUserResourceRole(mdsScope, str, "ResourceOwner", Arrays.asList(resourcePattern, resourcePattern2));
        RoleBindingProcessing.OperationGuidelines operationGuidelines = (RoleBindingProcessing.OperationGuidelines) this.userAdminClient.getGuidelines("Topic", "User:" + str, CREATE, mdsScope).execute().body();
        Assert.assertNotNull(operationGuidelines);
        Assert.assertThat(operationGuidelines.operationsResult, Is.is(RoleBindingProcessing.OperationsResult.SOME));
        Assert.assertTrue(operationGuidelines.resourcePatterns.contains(resourcePattern));
        Assert.assertTrue(operationGuidelines.resourcePatterns.contains(resourcePattern2));
        String str2 = "testAdmins-" + TestIndependenceUtil.getUniqueInteger();
        this.ldapCrud.createGroup(str2);
        Assert.assertEquals(204L, this.userAdminClient.addClusterRoleForPrincipal("Group:" + str2, "ClusterAdmin", mdsScope).execute().code());
        this.ldapCrud.addUserToGroup(str, str2);
        Awaitility.await().atMost(30L, TimeUnit.SECONDS).untilAsserted(() -> {
            Assert.assertEquals("Adding a user to a group to grant new access timeout", RoleBindingProcessing.OperationsResult.ANY, ((RoleBindingProcessing.OperationGuidelines) this.userAdminClient.getGuidelines("Topic", "User:" + str, CREATE, mdsScope).execute().body()).operationsResult);
        });
    }

    @Test
    public void resourceRoleGrantsMergeAndDedup() throws IOException {
        MdsScope mdsScope = this.mdsKafkaClusterScope;
        String str = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        this.ldapCrud.createUser(str);
        ResourcePattern resourcePattern = new ResourcePattern("Topic", "salmon", PatternType.LITERAL);
        ResourcePattern resourcePattern2 = new ResourcePattern("Topic", "sushi", PatternType.PREFIXED);
        assignUserResourceRole(mdsScope, str, "ResourceOwner", Collections.singletonList(resourcePattern));
        RoleBindingProcessing.OperationGuidelines operationGuidelines = (RoleBindingProcessing.OperationGuidelines) this.userAdminClient.getGuidelines("Topic", "User:" + str, CREATE, mdsScope).execute().body();
        Assert.assertNotNull(operationGuidelines);
        Assert.assertThat(operationGuidelines.operationsResult, Is.is(RoleBindingProcessing.OperationsResult.SOME));
        Assert.assertThat(Integer.valueOf(operationGuidelines.resourcePatterns.size()), Is.is(1));
        Assert.assertTrue(operationGuidelines.resourcePatterns.contains(resourcePattern));
        assignUserResourceRole(mdsScope, str, "DeveloperManage", Collections.singletonList(resourcePattern2));
        RoleBindingProcessing.OperationGuidelines operationGuidelines2 = (RoleBindingProcessing.OperationGuidelines) this.userAdminClient.getGuidelines("Topic", "User:" + str, CREATE, mdsScope).execute().body();
        Assert.assertNotNull(operationGuidelines2);
        Assert.assertThat(operationGuidelines2.operationsResult, Is.is(RoleBindingProcessing.OperationsResult.SOME));
        Assert.assertThat(Integer.valueOf(operationGuidelines2.resourcePatterns.size()), Is.is(2));
        Assert.assertTrue(operationGuidelines2.resourcePatterns.contains(resourcePattern));
        Assert.assertTrue(operationGuidelines2.resourcePatterns.contains(resourcePattern2));
        assignUserResourceRole(mdsScope, str, "DeveloperManage", Collections.singletonList(resourcePattern));
        RoleBindingProcessing.OperationGuidelines operationGuidelines3 = (RoleBindingProcessing.OperationGuidelines) this.userAdminClient.getGuidelines("Topic", "User:" + str, CREATE, mdsScope).execute().body();
        Assert.assertNotNull(operationGuidelines3);
        Assert.assertThat(operationGuidelines3.operationsResult, Is.is(RoleBindingProcessing.OperationsResult.SOME));
        Assert.assertThat(Integer.valueOf(operationGuidelines3.resourcePatterns.size()), Is.is(2));
        Assert.assertTrue(operationGuidelines3.resourcePatterns.contains(resourcePattern));
        Assert.assertTrue(operationGuidelines3.resourcePatterns.contains(resourcePattern2));
    }

    @Test
    public void resourceSquashLogic() throws IOException {
        MdsScope mdsScope = this.mdsKafkaClusterScope;
        String str = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        this.ldapCrud.createUser(str);
        ResourcePattern resourcePattern = new ResourcePattern("Topic", "sushi", PatternType.PREFIXED);
        ResourcePattern resourcePattern2 = new ResourcePattern("Topic", "sushi-roll", PatternType.PREFIXED);
        ResourcePattern resourcePattern3 = new ResourcePattern("Topic", "sushi", PatternType.LITERAL);
        ResourcePattern resourcePattern4 = new ResourcePattern("Topic", "sushi-2020", PatternType.LITERAL);
        ResourcePattern resourcePattern5 = new ResourcePattern("Topic", "ramen", PatternType.LITERAL);
        ResourcePattern resourcePattern6 = new ResourcePattern("Topic", "suuushi", PatternType.LITERAL);
        ResourcePattern resourcePattern7 = new ResourcePattern("Topic", "tuna", PatternType.LITERAL);
        assignUserResourceRole(mdsScope, str, "ResourceOwner", Arrays.asList(resourcePattern, resourcePattern2, resourcePattern3, resourcePattern4, resourcePattern5, resourcePattern6, resourcePattern7));
        RoleBindingProcessing.OperationGuidelines operationGuidelines = (RoleBindingProcessing.OperationGuidelines) this.userAdminClient.getGuidelines("Topic", "User:" + str, CREATE, mdsScope).execute().body();
        Assert.assertNotNull(operationGuidelines);
        Assert.assertThat(operationGuidelines.operationsResult, Is.is(RoleBindingProcessing.OperationsResult.SOME));
        Assert.assertThat(Integer.valueOf(operationGuidelines.resourcePatterns.size()), Is.is(4));
        Assert.assertTrue(operationGuidelines.resourcePatterns.contains(resourcePattern));
        Assert.assertTrue(operationGuidelines.resourcePatterns.contains(resourcePattern5));
        Assert.assertTrue(operationGuidelines.resourcePatterns.contains(resourcePattern6));
        Assert.assertTrue(operationGuidelines.resourcePatterns.contains(resourcePattern7));
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] weakClusterScopedRoles() {
        return new Object[]{new Object[]{MDS_KAFKA_KEY, "UserAdmin", "Topic"}, new Object[]{MDS_KAFKA_KEY, "Operator", "Topic"}, new Object[]{MDS_KAFKA_KEY, "SecurityAdmin", "Topic"}, new Object[]{MDS_CONNECT_KEY, "UserAdmin", "Connector"}, new Object[]{MDS_CONNECT_KEY, "Operator", "Connector"}, new Object[]{MDS_CONNECT_KEY, "SecurityAdmin", "Connector"}};
    }

    @Test(dataProvider = "weakClusterScopedRoles")
    public void weakClusterRoleTests(String str, String str2, String str3) throws IOException {
        MdsScope mdsScope = this.scopeMap.get(str);
        String str4 = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        this.ldapCrud.createUser(str4);
        assignUserClusterRole(mdsScope, str4, str2);
        for (V1RbacRestApi v1RbacRestApi : Arrays.asList(this.userAdminClient, V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, str4, str4))) {
            RoleBindingProcessing.OperationGuidelines operationGuidelines = (RoleBindingProcessing.OperationGuidelines) v1RbacRestApi.getGuidelines(str3, "User:" + str4, CREATE, mdsScope).execute().body();
            Assert.assertNotNull(operationGuidelines);
            Assert.assertThat(operationGuidelines.operationsResult, Is.is(RoleBindingProcessing.OperationsResult.NONE));
            Assert.assertEquals(0L, operationGuidelines.resourcePatterns.size());
            verifyAuthrorizeForCreate(v1RbacRestApi, mdsScope, str4, str3, "PANTS!", AuthorizeResult.DENIED);
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] weakResourceScopedRoles() {
        return new Object[]{new Object[]{MDS_KAFKA_KEY, "DeveloperRead", "Topic", "Topic"}, new Object[]{MDS_KAFKA_KEY, "DeveloperWrite", "Topic", "Topic"}, new Object[]{MDS_CONNECT_KEY, "DeveloperRead", "Connector", "Connector"}, new Object[]{MDS_CONNECT_KEY, "DeveloperWrite", "Connector", "Connector"}, new Object[]{MDS_KAFKA_KEY, "DeveloperManage", LookupTest.GROUP_TYPE, "Topic"}, new Object[]{MDS_KAFKA_KEY, "ResourceOwner", LookupTest.GROUP_TYPE, "Topic"}};
    }

    @Test(dataProvider = "weakResourceScopedRoles")
    public void weakResourceRoleTests(String str, String str2, String str3, String str4) throws IOException {
        MdsScope mdsScope = this.scopeMap.get(str);
        String str5 = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        this.ldapCrud.createUser(str5);
        assignUserResourceRole(mdsScope, str5, str2, Arrays.asList(new ResourcePattern(str3, "salmon", PatternType.LITERAL), new ResourcePattern(str3, "sushi", PatternType.PREFIXED)));
        for (V1RbacRestApi v1RbacRestApi : Arrays.asList(this.userAdminClient, V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, str5, str5))) {
            RoleBindingProcessing.OperationGuidelines operationGuidelines = (RoleBindingProcessing.OperationGuidelines) v1RbacRestApi.getGuidelines(str4, "User:" + str5, CREATE, mdsScope).execute().body();
            Assert.assertNotNull(operationGuidelines);
            Assert.assertThat(operationGuidelines.operationsResult, Is.is(RoleBindingProcessing.OperationsResult.NONE));
            Assert.assertEquals(0L, operationGuidelines.resourcePatterns.size());
            verifyAuthrorizeForCreate(v1RbacRestApi, mdsScope, str5, str4, "salmon", AuthorizeResult.DENIED);
        }
    }

    @Test
    public void resourcesWithCreateOperation() throws IOException {
        MdsScope mdsScope = this.mdsKafkaClusterScope;
        MdsScope mdsScope2 = this.scopeMap.get(MDS_CONNECT_KEY);
        String str = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        this.ldapCrud.createUser(str);
        assignUserResourceRole(mdsScope, str, "DeveloperManage", Arrays.asList(new ResourcePattern("Topic", "t1", PatternType.LITERAL)));
        assignUserResourceRole(mdsScope2, str, "DeveloperManage", Arrays.asList(new ResourcePattern("Connector", "c1", PatternType.LITERAL)));
        assignUserResourceRole(mdsScope, str, "ResourceOwner", Arrays.asList(new ResourcePattern("Cluster", "kafka-cluster", PatternType.LITERAL)));
        assignUserResourceRole(mdsScope, str, "DeveloperRead", Arrays.asList(new ResourcePattern("Topic", "r1", PatternType.LITERAL), new ResourcePattern("Cluster", "kafka-cluster", PatternType.LITERAL)));
        assignUserResourceRole(mdsScope2, str, "DeveloperRead", Arrays.asList(new ResourcePattern("Connector", "r2", PatternType.LITERAL)));
        V1RbacRestApi build = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, str, str);
        RoleBindingProcessing.OperationGuidelines operationGuidelines = (RoleBindingProcessing.OperationGuidelines) build.getGuidelines("Connector", "User:" + str, CREATE, mdsScope2).execute().body();
        Assert.assertThat(operationGuidelines.operationsResult, Is.is(RoleBindingProcessing.OperationsResult.SOME));
        Assert.assertTrue(operationGuidelines.resourcePatterns.containsAll(ImmutableSet.of(new ResourcePattern("Connector", "c1", PatternType.LITERAL))));
        RoleBindingProcessing.OperationGuidelines operationGuidelines2 = (RoleBindingProcessing.OperationGuidelines) build.getGuidelines("Cluster", "User:" + str, CREATE, mdsScope).execute().body();
        Assert.assertThat(operationGuidelines2.operationsResult, Is.is(RoleBindingProcessing.OperationsResult.SOME));
        Assert.assertTrue(operationGuidelines2.resourcePatterns.containsAll(ImmutableSet.of(new ResourcePattern("Cluster", "kafka-cluster", PatternType.LITERAL))));
        RoleBindingProcessing.OperationGuidelines operationGuidelines3 = (RoleBindingProcessing.OperationGuidelines) build.getGuidelines("Topic", "User:" + str, CREATE, mdsScope).execute().body();
        Assert.assertThat(operationGuidelines3.operationsResult, Is.is(RoleBindingProcessing.OperationsResult.SOME));
        Assert.assertTrue(operationGuidelines3.resourcePatterns.containsAll(ImmutableSet.of(new ResourcePattern("Topic", "t1", PatternType.LITERAL))));
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] dataForResourcesWithAlterAccessOperation() {
        return new Object[]{new Object[]{MDS_KAFKA_KEY, "Topic", null}, new Object[]{MDS_KAFKA_KEY, LookupTest.GROUP_TYPE, null}, new Object[]{MDS_KAFKA_KEY, "TransactionalId", null}, new Object[]{MDS_KAFKA_KEY, "Cluster", "kafka-cluster"}, new Object[]{MDS_SR_KEY, "Subject", null}, new Object[]{MDS_CONNECT_KEY, "Connector", null}, new Object[]{MDS_KSQL_KEY, "KsqlCluster", "ksql-cluster"}};
    }

    @Test(dataProvider = "dataForResourcesWithAlterAccessOperation")
    public void resourcesWithAlterAccessOperation(String str, String str2, String str3) throws IOException {
        MdsScope mdsScope = this.scopeMap.get(str);
        String str4 = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        this.ldapCrud.createUser(str4);
        ResourcePattern resourcePattern = null;
        ResourcePattern resourcePattern2 = null;
        ResourcePattern resourcePattern3 = null;
        if (str3 != null) {
            assignUserResourceRole(mdsScope, str4, "ResourceOwner", Arrays.asList(new ResourcePattern(str2, str3, PatternType.LITERAL)));
        } else {
            resourcePattern = new ResourcePattern(str2, "t1", PatternType.LITERAL);
            resourcePattern2 = new ResourcePattern(str2, "t2", PatternType.LITERAL);
            resourcePattern3 = new ResourcePattern(str2, "pre", PatternType.PREFIXED);
            assignUserResourceRole(mdsScope, str4, "ResourceOwner", Arrays.asList(resourcePattern, resourcePattern2, resourcePattern3, new ResourcePattern(str2, "prefix", PatternType.PREFIXED)));
        }
        if (!"KsqlCluster".equals(str2)) {
            if (str3 != null) {
                assignUserResourceRole(mdsScope, str4, "DeveloperRead", Arrays.asList(new ResourcePattern(str2, str3, PatternType.LITERAL)));
            } else {
                assignUserResourceRole(mdsScope, str4, "DeveloperRead", Arrays.asList(new ResourcePattern(str2, "r1", PatternType.LITERAL), new ResourcePattern(str2, "r2", PatternType.LITERAL), new ResourcePattern(str2, "st", PatternType.PREFIXED)));
            }
        }
        RoleBindingProcessing.OperationGuidelines operationGuidelines = (RoleBindingProcessing.OperationGuidelines) V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, str4, str4).getGuidelines(str2, "User:" + str4, ALTER_ACCESS, mdsScope).execute().body();
        Assert.assertNotNull(operationGuidelines);
        Assert.assertThat(operationGuidelines.operationsResult, Is.is(RoleBindingProcessing.OperationsResult.SOME));
        if (str3 != null) {
            Assert.assertThat(Integer.valueOf(operationGuidelines.resourcePatterns.size()), Is.is(1));
        } else {
            Assert.assertThat(Integer.valueOf(operationGuidelines.resourcePatterns.size()), Is.is(3));
            Assert.assertTrue(operationGuidelines.resourcePatterns.containsAll(ImmutableSet.of(resourcePattern, resourcePattern2, resourcePattern3)));
        }
    }

    @Test
    public void onlyResourceTypeAllIsNotValid() throws IOException {
        MdsScope mdsScope = this.mdsKafkaClusterScope;
        String str = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        this.ldapCrud.createUser(str);
        assignUserClusterRole(mdsScope, str, "ClusterAdmin");
        Assert.assertEquals(500L, this.userAdminClient.getGuidelines("All", "User:" + str, CREATE, mdsScope).execute().code());
    }

    @Test
    public void onlyCreateAndAlterAccessOperationsAreValid() throws IOException {
        MdsScope mdsScope = this.mdsKafkaClusterScope;
        String str = "testUser-" + TestIndependenceUtil.getUniqueInteger();
        this.ldapCrud.createUser(str);
        assignUserClusterRole(mdsScope, str, "ClusterAdmin");
        int length = new String[]{CREATE, ALTER_ACCESS}.length;
        for (int i = 0; i < length; i++) {
            Assert.assertEquals(200L, this.userAdminClient.getGuidelines("Topic", "User:" + str, r0[i], mdsScope).execute().code());
        }
        int length2 = new String[]{"Read", "Write", "Describe", "Alter", "Delete"}.length;
        for (int i2 = 0; i2 < length2; i2++) {
            Assert.assertEquals(404L, this.userAdminClient.getGuidelines("Topic", "User:" + str, r0[i2], mdsScope).execute().code());
        }
    }

    private void assignUserClusterRole(MdsScope mdsScope, String str, String str2) throws IOException {
        Assert.assertEquals(204L, this.userAdminClient.addClusterRoleForPrincipal("User:" + str, str2, mdsScope).execute().code());
    }

    private void assignUserResourceRole(MdsScope mdsScope, String str, String str2, List<ResourcePattern> list) throws IOException {
        Assert.assertEquals(204L, this.userAdminClient.addRoleResourcesForPrincipal("User:" + str, str2, new ResourcesRequest(mdsScope, list)).execute().code());
    }

    private static void verifyAuthrorizeForCreate(V1RbacRestApi v1RbacRestApi, MdsScope mdsScope, String str, String str2, String str3, AuthorizeResult authorizeResult) throws IOException {
        Response execute = v1RbacRestApi.authorize(new AuthorizeRequest("User:" + str, Collections.singletonList(new Action(mdsScope.scope(), new ResourceType(str2), str3, new Operation("Create"))))).execute();
        Assert.assertEquals(200L, execute.code());
        List list = (List) execute.body();
        Assert.assertEquals(1L, list.size());
        Assert.assertEquals(authorizeResult, list.get(0));
    }

    public String getTestName() {
        return this.testName.get();
    }

    @BeforeMethod
    public void updateDisplayName(Method method, Object[] objArr) {
        this.testName.set(method.getName() + "_" + this.quorum);
    }
}
