package org.jclouds.vcloud.director.v1_5.features;

import com.google.common.base.Joiner;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.jclouds.vcloud.director.v1_5.AbstractVAppApiLiveTest;
import org.jclouds.vcloud.director.v1_5.VCloudDirectorLiveTestConstants;
import org.jclouds.vcloud.director.v1_5.domain.Checks;
import org.jclouds.vcloud.director.v1_5.domain.Reference;
import org.jclouds.vcloud.director.v1_5.domain.Vm;
import org.jclouds.vcloud.director.v1_5.domain.network.FirewallRule;
import org.jclouds.vcloud.director.v1_5.domain.network.FirewallRuleProtocols;
import org.jclouds.vcloud.director.v1_5.domain.network.FirewallService;
import org.jclouds.vcloud.director.v1_5.domain.network.IpRange;
import org.jclouds.vcloud.director.v1_5.domain.network.IpRanges;
import org.jclouds.vcloud.director.v1_5.domain.network.IpScope;
import org.jclouds.vcloud.director.v1_5.domain.network.NatService;
import org.jclouds.vcloud.director.v1_5.domain.network.Network;
import org.jclouds.vcloud.director.v1_5.domain.network.NetworkConfiguration;
import org.jclouds.vcloud.director.v1_5.domain.network.NetworkConnection;
import org.jclouds.vcloud.director.v1_5.domain.network.NetworkFeatures;
import org.jclouds.vcloud.director.v1_5.domain.network.NetworkServiceType;
import org.jclouds.vcloud.director.v1_5.domain.network.VAppNetworkConfiguration;
import org.jclouds.vcloud.director.v1_5.domain.section.NetworkConfigSection;
import org.jclouds.vcloud.director.v1_5.domain.section.NetworkConnectionSection;
import org.jclouds.vcloud.director.v1_5.user.VCloudDirectorApi;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

@Test(groups = {"live", "user"}, singleThreaded = true, testName = "VAppNetworksLiveTest")
/* loaded from: input_file:org/jclouds/vcloud/director/v1_5/features/VAppNetworksLiveTest.class */
public class VAppNetworksLiveTest extends AbstractVAppApiLiveTest {
    private static final String HTTP_SECURITY_GROUP = "http";
    private static final String DEFAULT_SECURITY_GROUP = "default";
    private String key;
    private Map<String, NetworkConfiguration> securityGroupToNetworkConfig;
    private Network network;

    @AfterClass(alwaysRun = true, dependsOnMethods = {"cleanUpEnvironment"})
    protected void tidyUp() {
        if (this.key != null) {
            try {
                taskDoneEventually(((VCloudDirectorApi) this.context.getApi()).getMetadataApi(this.vAppTemplateUrn).remove(this.key));
            } catch (Exception e) {
                this.logger.warn(e, "Error when deleting metadata entry '%s'", new Object[]{this.key});
            }
        }
    }

    @BeforeClass
    void setUp() {
        this.network = lazyGetNetwork();
        this.securityGroupToNetworkConfig = addSecurityGroupToNetworkConfiguration(Reference.builder().fromEntity(this.network).build());
    }

    @AfterMethod
    void cleanUpVmNetworks() {
        disconnectVmFromVAppNetwork(this.vm);
    }

    @Test(description = "Create a vApp Network based on an org network with `default` firewall rules applied")
    public void testAddVAppNetworkWithDefaultSecurityGroup() {
        addVAppNetworkWithSecurityGroupOnVApp(ImmutableList.of(DEFAULT_SECURITY_GROUP), this.vAppUrn);
        Checks.checkNetworkConfigSection(this.vAppApi.getNetworkConfigSection(this.vAppUrn));
    }

    @Test(description = "Create a vApp Network based on an org network with `http` firewall rules applied")
    public void testAddVAppNetworkWithHttpSecurityGroup() {
        addVAppNetworkWithSecurityGroupOnVApp(ImmutableList.of(HTTP_SECURITY_GROUP), this.vAppUrn);
        Checks.checkNetworkConfigSection(this.vAppApi.getNetworkConfigSection(this.vAppUrn));
    }

    @Test(description = "Create a vApp Network based on an org network with both `defautl` and `http` firewall rules applied")
    public void testAddVAppNetworkWithDefaultAndHttpSecurityGroup() {
        addVAppNetworkWithSecurityGroupOnVApp(ImmutableList.of(DEFAULT_SECURITY_GROUP, HTTP_SECURITY_GROUP), this.vAppUrn);
        Checks.checkNetworkConfigSection(this.vAppApi.getNetworkConfigSection(this.vAppUrn));
    }

    private void addVAppNetworkWithSecurityGroupOnVApp(ImmutableList<String> immutableList, String str) {
        String generateVAppNetworkName = generateVAppNetworkName(this.network.getName(), immutableList);
        Assert.assertTrue(this.retryTaskSuccess.apply(this.vAppApi.editNetworkConfigSection(str, generateNetworkConfigSection(immutableList, generateVAppNetworkName))), String.format(VCloudDirectorLiveTestConstants.TASK_COMPLETE_TIMELY, "editNetworkConfigSection"));
        attachVmToVAppNetwork(this.vm, generateVAppNetworkName);
    }

    private NetworkConfigSection generateNetworkConfigSection(List<String> list, String str) {
        LinkedHashSet newLinkedHashSet = Sets.newLinkedHashSet();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            newLinkedHashSet.addAll(retrieveAllFirewallRules(this.securityGroupToNetworkConfig.get(it.next()).getNetworkFeatures()));
        }
        FirewallService addFirewallService = addFirewallService(newLinkedHashSet);
        NatService addNatService = addNatService();
        return NetworkConfigSection.builder().info("modified").networkConfigs(ImmutableSet.of(VAppNetworkConfiguration.builder().networkName(str).configuration(NetworkConfiguration.builder().ipScope(addNewIpScope()).parentNetwork(Reference.builder().fromEntity(this.network).build()).fenceMode(Network.FenceMode.NAT_ROUTED).retainNetInfoAcrossDeployments(false).features(toNetworkFeatures(ImmutableSet.of(addFirewallService, addNatService))).build()).build())).build();
    }

    private IpScope addNewIpScope() {
        return IpScope.builder().isInherited(false).gateway("192.168.2.1").netmask("255.255.0.0").ipRanges(IpRanges.builder().ipRange(addIpRange()).build()).build();
    }

    private IpRange addIpRange() {
        return IpRange.builder().startAddress("192.168.2.100").endAddress("192.168.2.199").build();
    }

    private Set<FirewallRule> retrieveAllFirewallRules(NetworkFeatures networkFeatures) {
        LinkedHashSet newLinkedHashSet = Sets.newLinkedHashSet();
        for (FirewallService firewallService : networkFeatures.getNetworkServices()) {
            if (firewallService instanceof FirewallService) {
                newLinkedHashSet.addAll(firewallService.getFirewallRules());
            }
        }
        return newLinkedHashSet;
    }

    private NetworkFeatures toNetworkFeatures(Set<? extends NetworkServiceType<?>> set) {
        return NetworkFeatures.builder().services(set).build();
    }

    private Set<FirewallRule> defaultFirewallRules() {
        return ImmutableSet.of(addFirewallRule(FirewallRuleProtocols.builder().tcp(true).build(), "allow ssh ingoing traffic", -1, 22, "in"), addFirewallRule(FirewallRuleProtocols.builder().any(true).build(), "allow all outgoing traffic", -1, -1, "out"));
    }

    private Set<FirewallRule> httpIngressFirewallRules() {
        FirewallRuleProtocols build = FirewallRuleProtocols.builder().tcp(true).build();
        return ImmutableSet.of(addFirewallRule(build, "allow http ingoing traffic", 80, 80, "in"), addFirewallRule(build, "allow https ingoing traffic", 443, 443, "in"));
    }

    private FirewallRule addFirewallRule(FirewallRuleProtocols firewallRuleProtocols, String str, int i, int i2, String str2) {
        return FirewallRule.builder().isEnabled(true).description(str).policy("allow").protocols(firewallRuleProtocols).port(i2).destinationIp("Any").sourcePort(i).sourceIp("Any").direction(str2).enableLogging(false).build();
    }

    private FirewallService addFirewallService(Set<FirewallRule> set) {
        return FirewallService.builder().enabled(true).defaultAction("drop").logDefaultAction(false).firewallRules(set).build();
    }

    private NatService addNatService() {
        return NatService.builder().enabled(true).natType("ipTranslation").policy("allowTraffic").build();
    }

    private Map<String, NetworkConfiguration> addSecurityGroupToNetworkConfiguration(Reference reference) {
        Set<FirewallRule> defaultFirewallRules = defaultFirewallRules();
        Set<FirewallRule> httpIngressFirewallRules = httpIngressFirewallRules();
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(DEFAULT_SECURITY_GROUP, addNetworkConfiguration(reference, defaultFirewallRules));
        newHashMap.put(HTTP_SECURITY_GROUP, addNetworkConfiguration(reference, httpIngressFirewallRules));
        return newHashMap;
    }

    private NetworkConfiguration addNetworkConfiguration(Reference reference, Set<FirewallRule> set) {
        FirewallService addFirewallService = addFirewallService(set);
        return NetworkConfiguration.builder().ipScope(addNewIpScope()).parentNetwork(reference).fenceMode(Network.FenceMode.NAT_ROUTED).retainNetInfoAcrossDeployments(false).features(toNetworkFeatures(ImmutableSet.of(addFirewallService))).build();
    }

    private static String generateVAppNetworkName(String str, List<String> list) {
        return str + "-" + Joiner.on("+").join(list);
    }

    private void disconnectVmFromVAppNetwork(Vm vm) {
        Set networkConnections = this.vmApi.getNetworkConnectionSection(vm.getId()).getNetworkConnections();
        NetworkConnectionSection build = NetworkConnectionSection.builder().info("info").primaryNetworkConnectionIndex(0).build();
        Iterator it = networkConnections.iterator();
        while (it.hasNext()) {
            build = build.toBuilder().networkConnection(((NetworkConnection) it.next()).toBuilder().network("none").ipAddressAllocationMode(NetworkConnection.IpAddressAllocationMode.NONE).build()).build();
        }
        assertTaskSucceedsLong(this.vmApi.editNetworkConnectionSection(vm.getId(), build));
    }
}
