package integration.rbacapi.api.v1;

import com.google.common.collect.ImmutableMap;
import io.confluent.rbacapi.entities.ManagedRoleBindings;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.entities.ResourcesRequest;
import io.confluent.rbacapi.retrofit.v1.V1RbacRestApi;
import io.confluent.rbacapi.retrofit.v1.V1RbacRetrofitFactory;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.test.utils.RbacClusters;
import io.confluent.testing.TestIndependenceUtil;
import io.confluent.testing.ldap.client.ExampleComLdapCrud;
import io.confluent.testing.ldap.client.LdapCrud;
import io.confluent.testing.ldap.server.LdapServer;
import java.io.IOException;
import java.net.ConnectException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.awaitility.Awaitility;
import org.junit.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import retrofit2.Response;
import utils.KafkaConfigTool;
import utils.KafkaPrincipalUtil;
import utils.MdsTestUtil;
import utils.RoleCrudUtil;
import utils.ScopeBuilder;

@Test(groups = {"classParallelTests"})
/* loaded from: input_file:integration/rbacapi/api/v1/ManagedResourceLookupTest.class */
public class ManagedResourceLookupTest {
    private static final String BROKER_USER = "kafka";
    private RbacClusters rbacClusters;
    private LdapServer ldapServer;
    private LdapCrud ldapCrud;
    private static int actualMdsPort;
    private static V1RbacRestApi brokerUserClient;
    private static final KafkaPrincipal USER_ADMIN = KafkaPrincipalUtil.userPrincipal("cross_cluster_user_admin");
    private static final MdsScope KAFKA_CLUSTER = ScopeBuilder.withKafka("kafka1").build();

    private static V1RbacRestApi buildRestApi(KafkaPrincipal kafkaPrincipal) {
        return V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, kafkaPrincipal.getName(), kafkaPrincipal.getName());
    }

    @BeforeClass
    public void setUp() throws Exception {
        this.ldapServer = LdapServer.defaultServerNoUsers().start();
        int actualPort = this.ldapServer.actualPort();
        this.ldapCrud = new ExampleComLdapCrud(actualPort);
        this.ldapCrud.createUsers(Arrays.asList("kafka", USER_ADMIN.getName()));
        this.rbacClusters = new RbacClusters(KafkaConfigTool.justLDAPv1(actualPort, "kafka"));
        actualMdsPort = MdsTestUtil.lookupActualMdsPort(this.rbacClusters);
        brokerUserClient = V1RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, actualMdsPort, "kafka", "kafka");
        Awaitility.given().ignoreException(ConnectException.class).await().atMost(30L, TimeUnit.SECONDS).until(() -> {
            return Boolean.valueOf(brokerUserClient.getRoleNames().execute().isSuccessful());
        });
    }

    @AfterClass
    public void teardownClass() {
        this.ldapServer.stop();
        this.rbacClusters.shutdown();
        MdsTestUtil.releasePort(actualMdsPort);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] clusterRolesWithDescribeAccessListManagedClusterBindings() {
        return new Object[]{new Object[]{"SystemAdmin", true}, new Object[]{"UserAdmin", true}, new Object[]{"SecurityAdmin", false}};
    }

    @Test(dataProvider = "clusterRolesWithDescribeAccessListManagedClusterBindings")
    public void test_clusterRolesWithDescribeAccessListManagedClusterBindings(String str, boolean z) throws IOException {
        KafkaPrincipal userPrincipal = KafkaPrincipalUtil.userPrincipal("testUser-" + TestIndependenceUtil.getUniqueInteger());
        MdsScope build = ScopeBuilder.withKafka("kafka-" + TestIndependenceUtil.getUniqueInteger()).build();
        this.ldapCrud.createUser(userPrincipal.getName());
        RoleCrudUtil.assignClusterRole(brokerUserClient, build, USER_ADMIN, "UserAdmin");
        RoleCrudUtil.assignClusterRole(brokerUserClient, build, userPrincipal, str);
        Response execute = buildRestApi(userPrincipal).getManagedResourcesForPrincipal(userPrincipal, null, build).execute();
        Assert.assertEquals(200L, execute.code());
        Map clusterRoleBindings = ((ManagedRoleBindings) execute.body()).getClusterRoleBindings();
        Assert.assertEquals(2L, clusterRoleBindings.size());
        List list = (List) clusterRoleBindings.get(USER_ADMIN);
        Assert.assertEquals(1L, list.size());
        Assert.assertEquals(new ManagedRoleBindings.ManagedClusterBinding("UserAdmin", z), list.get(0));
        List list2 = (List) clusterRoleBindings.get(userPrincipal);
        Assert.assertEquals(1L, list2.size());
        Assert.assertEquals(new ManagedRoleBindings.ManagedClusterBinding(str, z), list2.get(0));
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public static Object[][] clusterRolesWithoutDescribeAccessDoNotListAnyManagedClusterBinding() {
        return new Object[]{new Object[]{"ClusterAdmin"}, new Object[]{"Operator"}};
    }

    @Test(dataProvider = "clusterRolesWithoutDescribeAccessDoNotListAnyManagedClusterBinding")
    public void test_clusterRolesWithoutDescribeAccessDoNotListAnyManagedClusterBinding(String str) throws IOException {
        KafkaPrincipal userPrincipal = KafkaPrincipalUtil.userPrincipal("testUser-" + TestIndependenceUtil.getUniqueInteger());
        MdsScope build = ScopeBuilder.withKafka("kafka-" + TestIndependenceUtil.getUniqueInteger()).build();
        this.ldapCrud.createUser(userPrincipal.getName());
        RoleCrudUtil.assignClusterRole(brokerUserClient, build, USER_ADMIN, "UserAdmin");
        RoleCrudUtil.assignClusterRole(brokerUserClient, build, userPrincipal, str);
        Response execute = buildRestApi(userPrincipal).getManagedResourcesForPrincipal(userPrincipal, null, build).execute();
        Assert.assertEquals(200L, execute.code());
        Assert.assertEquals(0L, ((ManagedRoleBindings) execute.body()).getClusterRoleBindings().size());
    }

    @Test
    public void test_resourceOwnerRoleOnClusterTypeShouldNotListClusterRoleBindings() throws IOException {
        KafkaPrincipal userPrincipal = KafkaPrincipalUtil.userPrincipal("testUser-" + TestIndependenceUtil.getUniqueInteger());
        MdsScope build = ScopeBuilder.withKafka("kafka-" + TestIndependenceUtil.getUniqueInteger()).build();
        this.ldapCrud.createUser(userPrincipal.getName());
        RoleCrudUtil.assignClusterRole(brokerUserClient, build, USER_ADMIN, "UserAdmin");
        assignUserResourceRole(build, userPrincipal, "ResourceOwner", Arrays.asList(new ResourcePattern("Cluster", "kafka-cluster", PatternType.LITERAL)));
        Response execute = buildRestApi(userPrincipal).getManagedResourcesForPrincipal(userPrincipal, null, build).execute();
        Assert.assertEquals(200L, execute.code());
        Assert.assertEquals(0L, ((ManagedRoleBindings) execute.body()).getClusterRoleBindings().size());
    }

    @Test
    public void test_resourceOwnerRoleOnClusterTypeListShouldNotManagedOtherResourceBindings() throws IOException {
        KafkaPrincipal userPrincipal = KafkaPrincipalUtil.userPrincipal("testUser-" + TestIndependenceUtil.getUniqueInteger());
        MdsScope build = ScopeBuilder.withKafka("kafka-" + TestIndependenceUtil.getUniqueInteger()).build();
        this.ldapCrud.createUser(userPrincipal.getName());
        ResourcePattern resourcePattern = new ResourcePattern("Cluster", "kafka-cluster", PatternType.LITERAL);
        assignUserResourceRole(build, userPrincipal, "ResourceOwner", Collections.singletonList(resourcePattern));
        assignUserResourceRole(build, userPrincipal, "DeveloperRead", Arrays.asList(new ResourcePattern("Topic", "t2", PatternType.LITERAL), new ResourcePattern("Topic", "t1", PatternType.LITERAL)));
        assignUserResourceRole(build, USER_ADMIN, "DeveloperRead", Arrays.asList(new ResourcePattern("Topic", "t4", PatternType.LITERAL), new ResourcePattern("Topic", "t3", PatternType.LITERAL)));
        Response execute = buildRestApi(userPrincipal).getManagedResourcesForPrincipal(userPrincipal, null, build).execute();
        Assert.assertEquals(200L, execute.code());
        Map resourceRoleBindings = ((ManagedRoleBindings) execute.body()).getResourceRoleBindings();
        Assert.assertEquals(1L, resourceRoleBindings.size());
        Assert.assertEquals(1L, ((List) resourceRoleBindings.get(userPrincipal)).size());
        Assert.assertEquals(new ManagedRoleBindings.ManagedResourceBinding("ResourceOwner", resourcePattern, true), ((List) resourceRoleBindings.get(userPrincipal)).get(0));
    }

    @Test
    public void test_resourceOwnerRoleOnLiteralTopicListOtherUsersBindingsOnThatTopic() throws IOException {
        KafkaPrincipal userPrincipal = KafkaPrincipalUtil.userPrincipal("testUser-" + TestIndependenceUtil.getUniqueInteger());
        MdsScope build = ScopeBuilder.withKafka("kafka-" + TestIndependenceUtil.getUniqueInteger()).build();
        this.ldapCrud.createUser(userPrincipal.getName());
        ImmutableMap of = ImmutableMap.of(userPrincipal, ImmutableMap.of("ResourceOwner", Arrays.asList(new ResourcePattern("Topic", "t1", PatternType.LITERAL))), USER_ADMIN, ImmutableMap.of("DeveloperRead", Arrays.asList(new ResourcePattern("Topic", "t1", PatternType.LITERAL), new ResourcePattern("Topic", "t2", PatternType.LITERAL), new ResourcePattern("Topic", "t3", PatternType.LITERAL))));
        for (KafkaPrincipal kafkaPrincipal : of.keySet()) {
            for (String str : ((Map) of.get(kafkaPrincipal)).keySet()) {
                assignUserResourceRole(build, kafkaPrincipal, str, (List) ((Map) of.get(kafkaPrincipal)).get(str));
            }
        }
        ImmutableMap of2 = ImmutableMap.of(userPrincipal, ImmutableMap.of("ResourceOwner", Arrays.asList(new ResourcePattern("Topic", "t1", PatternType.LITERAL))), USER_ADMIN, ImmutableMap.of("DeveloperRead", Arrays.asList(new ResourcePattern("Topic", "t1", PatternType.LITERAL))));
        Response execute = buildRestApi(userPrincipal).getManagedResourcesForPrincipal(userPrincipal, null, build).execute();
        Assert.assertEquals(200L, execute.code());
        Map resourceRoleBindings = ((ManagedRoleBindings) execute.body()).getResourceRoleBindings();
        Assert.assertEquals(of2.keySet().size(), resourceRoleBindings.size());
        for (KafkaPrincipal kafkaPrincipal2 : of2.keySet()) {
            Map map = (Map) of2.get(kafkaPrincipal2);
            ArrayList arrayList = new ArrayList();
            for (String str2 : map.keySet()) {
                ((List) map.get(str2)).forEach(resourcePattern -> {
                    arrayList.add(new ManagedRoleBindings.ManagedResourceBinding(str2, resourcePattern, true));
                });
            }
            Assert.assertTrue(String.format("Expected: %s, \nbut got: %s ", arrayList, resourceRoleBindings.get(kafkaPrincipal2)), arrayList.containsAll((Collection) resourceRoleBindings.get(kafkaPrincipal2)));
        }
    }

    @Test
    public void test_resourceOwnerRoleOnPrefixedTopicListOtherUsersBindingsOnThosePrefixedTopics() throws IOException {
        KafkaPrincipal userPrincipal = KafkaPrincipalUtil.userPrincipal("testUser-" + TestIndependenceUtil.getUniqueInteger());
        MdsScope build = ScopeBuilder.withKafka("kafka-" + TestIndependenceUtil.getUniqueInteger()).build();
        this.ldapCrud.createUser(userPrincipal.getName());
        ImmutableMap of = ImmutableMap.of(userPrincipal, ImmutableMap.of("ResourceOwner", Arrays.asList(new ResourcePattern("Topic", "stream", PatternType.PREFIXED))), USER_ADMIN, ImmutableMap.of("DeveloperRead", Arrays.asList(new ResourcePattern("Topic", "stream1", PatternType.LITERAL)), "DeveloperWrite", Arrays.asList(new ResourcePattern("Topic", "stream2", PatternType.LITERAL)), "ResourceOwner", Arrays.asList(new ResourcePattern("Topic", "s1", PatternType.LITERAL))));
        for (KafkaPrincipal kafkaPrincipal : of.keySet()) {
            for (String str : ((Map) of.get(kafkaPrincipal)).keySet()) {
                assignUserResourceRole(build, kafkaPrincipal, str, (List) ((Map) of.get(kafkaPrincipal)).get(str));
            }
        }
        ImmutableMap of2 = ImmutableMap.of(userPrincipal, ImmutableMap.of("ResourceOwner", Arrays.asList(new ResourcePattern("Topic", "stream", PatternType.PREFIXED))), USER_ADMIN, ImmutableMap.of("DeveloperRead", Arrays.asList(new ResourcePattern("Topic", "stream1", PatternType.LITERAL)), "DeveloperWrite", Arrays.asList(new ResourcePattern("Topic", "stream2", PatternType.LITERAL))));
        Response execute = buildRestApi(userPrincipal).getManagedResourcesForPrincipal(userPrincipal, null, build).execute();
        Assert.assertEquals(200L, execute.code());
        Map resourceRoleBindings = ((ManagedRoleBindings) execute.body()).getResourceRoleBindings();
        Assert.assertEquals(of2.keySet().size(), resourceRoleBindings.size());
        for (KafkaPrincipal kafkaPrincipal2 : of2.keySet()) {
            Map map = (Map) of2.get(kafkaPrincipal2);
            ArrayList arrayList = new ArrayList();
            for (String str2 : map.keySet()) {
                ((List) map.get(str2)).forEach(resourcePattern -> {
                    arrayList.add(new ManagedRoleBindings.ManagedResourceBinding(str2, resourcePattern, true));
                });
            }
            Assert.assertTrue(String.format("Expected: %s, \nbut got: %s ", arrayList, resourceRoleBindings.get(kafkaPrincipal2)), arrayList.containsAll((Collection) resourceRoleBindings.get(kafkaPrincipal2)));
        }
    }

    @Test
    public void test_listRoleBindingsThatIncludeDifferentAlterAccess() throws IOException {
        KafkaPrincipal userPrincipal = KafkaPrincipalUtil.userPrincipal("testUserPrincipal-" + TestIndependenceUtil.getUniqueInteger());
        MdsScope build = ScopeBuilder.withKafka("kafka-" + TestIndependenceUtil.getUniqueInteger()).build();
        this.ldapCrud.createUser(userPrincipal.getName());
        ResourcePattern resourcePattern = new ResourcePattern("Topic", "t1", PatternType.LITERAL);
        ResourcePattern resourcePattern2 = new ResourcePattern("Topic", "t2", PatternType.LITERAL);
        RoleCrudUtil.assignClusterRole(brokerUserClient, build, userPrincipal, "SecurityAdmin");
        assignUserResourceRole(build, userPrincipal, "DeveloperRead", Arrays.asList(resourcePattern));
        assignUserResourceRole(build, userPrincipal, "ResourceOwner", Arrays.asList(resourcePattern2));
        Response execute = buildRestApi(userPrincipal).getManagedResourcesForPrincipal(userPrincipal, null, build).execute();
        Assert.assertEquals(200L, execute.code());
        Map clusterRoleBindings = ((ManagedRoleBindings) execute.body()).getClusterRoleBindings();
        Map resourceRoleBindings = ((ManagedRoleBindings) execute.body()).getResourceRoleBindings();
        Assert.assertEquals(1L, clusterRoleBindings.keySet().size());
        Assert.assertEquals(1L, ((List) clusterRoleBindings.get(userPrincipal)).size());
        Assert.assertEquals(new ManagedRoleBindings.ManagedClusterBinding("SecurityAdmin", false), ((List) clusterRoleBindings.get(userPrincipal)).get(0));
        Assert.assertEquals(1L, resourceRoleBindings.keySet().size());
        Assert.assertEquals(2L, ((List) resourceRoleBindings.get(userPrincipal)).size());
        Map map = (Map) ((List) resourceRoleBindings.get(userPrincipal)).stream().collect(Collectors.toMap((v0) -> {
            return v0.getRole();
        }, managedResourceBinding -> {
            return managedResourceBinding;
        }));
        Assert.assertEquals(new ManagedRoleBindings.ManagedResourceBinding("DeveloperRead", resourcePattern, false), map.get("DeveloperRead"));
        Assert.assertEquals(new ManagedRoleBindings.ManagedResourceBinding("ResourceOwner", resourcePattern2, true), map.get("ResourceOwner"));
    }

    @Test
    public void test_listManagedResourceRoleBindingsWithResourceType() throws IOException {
        KafkaPrincipal userPrincipal = KafkaPrincipalUtil.userPrincipal("testUser-" + TestIndependenceUtil.getUniqueInteger());
        MdsScope build = ScopeBuilder.withKafka("kafka-" + TestIndependenceUtil.getUniqueInteger()).build();
        this.ldapCrud.createUser(userPrincipal.getName());
        RoleCrudUtil.assignClusterRole(brokerUserClient, KAFKA_CLUSTER, userPrincipal, "UserAdmin");
        ImmutableMap of = ImmutableMap.of(userPrincipal, ImmutableMap.of("ResourceOwner", Arrays.asList(new ResourcePattern("Topic", "stream", PatternType.PREFIXED), new ResourcePattern(LookupTest.GROUP_TYPE, "group", PatternType.PREFIXED))), USER_ADMIN, ImmutableMap.of("DeveloperRead", Arrays.asList(new ResourcePattern("Topic", "stream1", PatternType.LITERAL)), "DeveloperWrite", Arrays.asList(new ResourcePattern(LookupTest.GROUP_TYPE, "group1", PatternType.LITERAL))));
        for (KafkaPrincipal kafkaPrincipal : of.keySet()) {
            for (String str : ((Map) of.get(kafkaPrincipal)).keySet()) {
                assignUserResourceRole(build, kafkaPrincipal, str, (List) ((Map) of.get(kafkaPrincipal)).get(str));
            }
        }
        ImmutableMap of2 = ImmutableMap.of(userPrincipal, ImmutableMap.of("ResourceOwner", Arrays.asList(new ResourcePattern("Topic", "stream", PatternType.PREFIXED))), USER_ADMIN, ImmutableMap.of("DeveloperRead", Arrays.asList(new ResourcePattern("Topic", "stream1", PatternType.LITERAL))));
        Response execute = buildRestApi(userPrincipal).getManagedResourcesForPrincipal(userPrincipal, "Topic", build).execute();
        Assert.assertEquals(200L, execute.code());
        Assert.assertTrue(((ManagedRoleBindings) execute.body()).getClusterRoleBindings().isEmpty());
        Map resourceRoleBindings = ((ManagedRoleBindings) execute.body()).getResourceRoleBindings();
        Assert.assertEquals(of2.keySet().size(), resourceRoleBindings.size());
        for (KafkaPrincipal kafkaPrincipal2 : of2.keySet()) {
            Map map = (Map) of2.get(kafkaPrincipal2);
            ArrayList arrayList = new ArrayList();
            for (String str2 : map.keySet()) {
                ((List) map.get(str2)).forEach(resourcePattern -> {
                    arrayList.add(new ManagedRoleBindings.ManagedResourceBinding(str2, resourcePattern, true));
                });
            }
            Assert.assertTrue(String.format("Expected: %s, \nbut got: %s ", arrayList, resourceRoleBindings.get(kafkaPrincipal2)), arrayList.containsAll((Collection) resourceRoleBindings.get(kafkaPrincipal2)));
        }
    }

    private void assignUserResourceRole(MdsScope mdsScope, KafkaPrincipal kafkaPrincipal, String str, List<ResourcePattern> list) throws IOException {
        Assert.assertEquals(204L, brokerUserClient.addRoleResourcesForPrincipal(kafkaPrincipal.toString(), str, new ResourcesRequest(mdsScope, list)).execute().code());
    }
}
