package kafka.zk.migration;

import java.util.Collection;
import java.util.List;
import java.util.Map;
import kafka.security.authorizer.AclAuthorizer;
import kafka.security.authorizer.AclEntry;
import kafka.security.authorizer.AclEntry$;
import kafka.utils.TestUtils$;
import org.apache.kafka.common.Uuid;
import org.apache.kafka.common.acl.AccessControlEntry;
import org.apache.kafka.common.acl.AclBinding;
import org.apache.kafka.common.acl.AclBindingFilter;
import org.apache.kafka.common.acl.AclOperation;
import org.apache.kafka.common.acl.AclPermissionType;
import org.apache.kafka.common.metadata.AccessControlEntryRecord;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.resource.ResourcePattern;
import org.apache.kafka.common.resource.ResourcePatternFilter;
import org.apache.kafka.common.resource.ResourceType;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.utils.SecurityUtils;
import org.apache.kafka.image.MetadataDelta;
import org.apache.kafka.image.MetadataImage;
import org.apache.kafka.image.MetadataProvenance;
import org.apache.kafka.metadata.migration.KRaftMigrationZkWriter;
import org.apache.kafka.server.authorizer.AuthorizableRequestContext;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import scala.Function1;
import scala.MatchError;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Tuple2;
import scala.collection.Seq;
import scala.collection.TraversableOnce;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.Set;
import scala.collection.mutable.ArrayBuffer;
import scala.collection.mutable.ArrayBuffer$;
import scala.collection.mutable.Buffer;
import scala.jdk.CollectionConverters$;
import scala.reflect.ScalaSignature;
import scala.runtime.BoxesRunTime;
import scala.runtime.RichLong$;

/* compiled from: ZkAclMigrationClientTest.scala */
@ScalaSignature(bytes = "\u0006\u0001=4Aa\u0002\u0005\u0001\u001f!)A\u0003\u0001C\u0001+!)q\u0003\u0001C\u00011!)1\t\u0001C\u0001\t\")A\f\u0001C\u0001;\")\u0001\r\u0001C\u0001C\")Q\u000e\u0001C\u0001C\nA\"l[!dY6KwM]1uS>t7\t\\5f]R$Vm\u001d;\u000b\u0005%Q\u0011!C7jOJ\fG/[8o\u0015\tYA\"\u0001\u0002{W*\tQ\"A\u0003lC\u001a\\\u0017m\u0001\u0001\u0014\u0005\u0001\u0001\u0002CA\t\u0013\u001b\u0005A\u0011BA\n\t\u0005YQ6.T5he\u0006$\u0018n\u001c8UKN$\b*\u0019:oKN\u001c\u0018A\u0002\u001fj]&$h\bF\u0001\u0017!\t\t\u0002!\u0001\u000bnS\u001e\u0014\u0018\r^3BG2\u001c\u0018I\u001c3WKJLg-\u001f\u000b\u00043}A\u0003C\u0001\u000e\u001e\u001b\u0005Y\"\"\u0001\u000f\u0002\u000bM\u001c\u0017\r\\1\n\u0005yY\"\u0001B+oSRDQ\u0001\t\u0002A\u0002\u0005\n!\"Y;uQ>\u0014\u0018N_3s!\t\u0011c%D\u0001$\u0015\t\u0001CE\u0003\u0002&\u0019\u0005A1/Z2ve&$\u00180\u0003\u0002(G\ti\u0011i\u00197BkRDwN]5{KJDQ!\u000b\u0002A\u0002)\nA!Y2mgB\u00191f\r\u001c\u000f\u00051\ndBA\u00171\u001b\u0005q#BA\u0018\u000f\u0003\u0019a$o\\8u}%\tA$\u0003\u000237\u00059\u0001/Y2lC\u001e,\u0017B\u0001\u001b6\u0005\r\u0019V-\u001d\u0006\u0003em\u0001\"aN!\u000e\u0003aR!!\u000f\u001e\u0002\u0007\u0005\u001cGN\u0003\u0002<y\u000511m\\7n_:T!!D\u001f\u000b\u0005yz\u0014AB1qC\u000eDWMC\u0001A\u0003\ry'oZ\u0005\u0003\u0005b\u0012!\"Q2m\u0005&tG-\u001b8h\u0003\u0001\u0012X\r\u001d7bG\u0016\f5\r\\:B]\u0012\u0014V-\u00193XSRD\u0017)\u001e;i_JL'0\u001a:\u0015\u000b)*eI\u0014+\t\u000b\u0001\u001a\u0001\u0019A\u0011\t\u000b\u001d\u001b\u0001\u0019\u0001%\u0002\u001fI,7o\\;sG\u0016\u0004\u0016\r\u001e;fe:\u0004\"!\u0013'\u000e\u0003)S!a\u0013\u001e\u0002\u0011I,7o\\;sG\u0016L!!\u0014&\u0003\u001fI+7o\\;sG\u0016\u0004\u0016\r\u001e;fe:DQaT\u0002A\u0002A\u000bA!Y2fgB\u00191fM)\u0011\u0005]\u0012\u0016BA*9\u0005I\t5mY3tg\u000e{g\u000e\u001e:pY\u0016sGO]=\t\u000bU\u001b\u0001\u0019\u0001,\u0002\tA\u0014X\r\u001a\t\u00055]S\u0013,\u0003\u0002Y7\tIa)\u001e8di&|g.\r\t\u00035iK!aW\u000e\u0003\u000f\t{w\u000e\\3b]\u0006\u0019C-\u001a7fi\u0016\u0014Vm]8ve\u000e,\u0017I\u001c3SK\u0006$w+\u001b;i\u0003V$\bn\u001c:ju\u0016\u0014HcA\r_?\")\u0001\u0005\u0002a\u0001C!)q\t\u0002a\u0001\u0011\u0006YB/Z:u\u0003\u000ed7/T5he\u0006$X-\u00118e\tV\fGn\u0016:ji\u0016$\u0012!\u0007\u0015\u0003\u000b\r\u0004\"\u0001Z6\u000e\u0003\u0015T!AZ4\u0002\u0007\u0005\u0004\u0018N\u0003\u0002iS\u00069!.\u001e9ji\u0016\u0014(B\u00016@\u0003\u0015QWO\\5u\u0013\taWM\u0001\u0003UKN$\u0018!\u0007;fgR\f5\r\\:DQ\u0006tw-Z:J]Ns\u0017\r]:i_RD#AB2")
/* loaded from: input_file:kafka/zk/migration/ZkAclMigrationClientTest.class */
public class ZkAclMigrationClientTest extends ZkMigrationTestHarness {
    public void migrateAclsAndVerify(AclAuthorizer aclAuthorizer, Seq<AclBinding> seq) {
        aclAuthorizer.createAcls((AuthorizableRequestContext) null, (List) CollectionConverters$.MODULE$.seqAsJavaListConverter(seq).asJava());
        ArrayBuffer arrayBuffer = new ArrayBuffer();
        migrationClient().migrateAcls(list -> {
            arrayBuffer.append(Predef$.MODULE$.wrapRefArray(new Buffer[]{(Buffer) CollectionConverters$.MODULE$.asScalaBufferConverter(list).asScala()}));
        });
        Assertions.assertEquals(seq.size(), ((ArrayBuffer) arrayBuffer.flatten(Predef$.MODULE$.$conforms()).map(apiMessageAndVersion -> {
            return apiMessageAndVersion.message();
        }, ArrayBuffer$.MODULE$.canBuildFrom())).size(), "Expected one record for each ACLBinding");
    }

    public Seq<AclBinding> replaceAclsAndReadWithAuthorizer(AclAuthorizer aclAuthorizer, ResourcePattern resourcePattern, Seq<AccessControlEntry> seq, Function1<Seq<AclBinding>, Object> function1) {
        Tuple2 $minus$greater$extension;
        AclBindingFilter aclBindingFilter = new AclBindingFilter(new ResourcePatternFilter(resourcePattern.resourceType(), resourcePattern.name(), resourcePattern.patternType()), AclBindingFilter.ANY.entryFilter());
        migrationState_$eq(migrationClient().aclClient().writeResourceAcls(resourcePattern, (Collection) CollectionConverters$.MODULE$.seqAsJavaListConverter(seq).asJava(), migrationState()));
        TestUtils$ testUtils$ = TestUtils$.MODULE$;
        long computeUntilTrue$default$2 = TestUtils$.MODULE$.computeUntilTrue$default$2();
        long computeUntilTrue$default$3 = TestUtils$.MODULE$.computeUntilTrue$default$3();
        if (testUtils$ == null) {
            throw null;
        }
        long currentTimeMillis = System.currentTimeMillis();
        while (true) {
            Seq $anonfun$replaceAclsAndReadWithAuthorizer$1 = $anonfun$replaceAclsAndReadWithAuthorizer$1(aclAuthorizer, aclBindingFilter);
            if (BoxesRunTime.unboxToBoolean(function1.apply($anonfun$replaceAclsAndReadWithAuthorizer$1))) {
                $minus$greater$extension = Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc($anonfun$replaceAclsAndReadWithAuthorizer$1), BoxesRunTime.boxToBoolean(true));
                break;
            }
            if (System.currentTimeMillis() > currentTimeMillis + computeUntilTrue$default$2) {
                $minus$greater$extension = Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc($anonfun$replaceAclsAndReadWithAuthorizer$1), BoxesRunTime.boxToBoolean(false));
                break;
            }
            Thread.sleep(RichLong$.MODULE$.min$extension(Predef$.MODULE$.longWrapper(computeUntilTrue$default$2), computeUntilTrue$default$3));
        }
        if ($minus$greater$extension == null) {
            throw new MatchError((Object) null);
        }
        Seq<AclBinding> seq2 = (Seq) $minus$greater$extension._1();
        Assertions.assertTrue($minus$greater$extension._2$mcZ$sp());
        return seq2;
    }

    public void deleteResourceAndReadWithAuthorizer(AclAuthorizer aclAuthorizer, ResourcePattern resourcePattern) {
        Tuple2 $minus$greater$extension;
        AclBindingFilter aclBindingFilter = new AclBindingFilter(new ResourcePatternFilter(resourcePattern.resourceType(), resourcePattern.name(), resourcePattern.patternType()), AclBindingFilter.ANY.entryFilter());
        migrationState_$eq(migrationClient().aclClient().deleteResource(resourcePattern, migrationState()));
        TestUtils$ testUtils$ = TestUtils$.MODULE$;
        long computeUntilTrue$default$2 = TestUtils$.MODULE$.computeUntilTrue$default$2();
        long computeUntilTrue$default$3 = TestUtils$.MODULE$.computeUntilTrue$default$3();
        if (testUtils$ == null) {
            throw null;
        }
        long currentTimeMillis = System.currentTimeMillis();
        while (true) {
            Seq $anonfun$deleteResourceAndReadWithAuthorizer$1 = $anonfun$deleteResourceAndReadWithAuthorizer$1(aclAuthorizer, aclBindingFilter);
            if ($anonfun$deleteResourceAndReadWithAuthorizer$1.isEmpty()) {
                $minus$greater$extension = Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc($anonfun$deleteResourceAndReadWithAuthorizer$1), BoxesRunTime.boxToBoolean(true));
                break;
            } else {
                if (System.currentTimeMillis() > currentTimeMillis + computeUntilTrue$default$2) {
                    $minus$greater$extension = Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc($anonfun$deleteResourceAndReadWithAuthorizer$1), BoxesRunTime.boxToBoolean(false));
                    break;
                }
                Thread.sleep(RichLong$.MODULE$.min$extension(Predef$.MODULE$.longWrapper(computeUntilTrue$default$2), computeUntilTrue$default$3));
            }
        }
        if ($minus$greater$extension == null) {
            throw new MatchError((Object) null);
        }
        Assertions.assertTrue($minus$greater$extension._2$mcZ$sp());
    }

    @Test
    public void testAclsMigrateAndDualWrite() {
        ResourcePattern resourcePattern = new ResourcePattern(ResourceType.TOPIC, new StringBuilder(4).append("foo-").append(Uuid.randomUuid()).toString(), PatternType.LITERAL);
        ResourcePattern resourcePattern2 = new ResourcePattern(ResourceType.TOPIC, new StringBuilder(4).append("bar-").append(Uuid.randomUuid()).toString(), PatternType.LITERAL);
        ResourcePattern resourcePattern3 = new ResourcePattern(ResourceType.TOPIC, new StringBuilder(4).append("bar-").append(Uuid.randomUuid()).toString(), PatternType.PREFIXED);
        KafkaPrincipal kafkaPrincipal = new KafkaPrincipal("User", "alice");
        KafkaPrincipal parseKafkaPrincipal = SecurityUtils.parseKafkaPrincipal(AclEntry$.MODULE$.WildcardPrincipalString());
        AccessControlEntry accessControlEntry = new AccessControlEntry(kafkaPrincipal.toString(), AclEntry$.MODULE$.WildcardHost(), AclOperation.READ, AclPermissionType.ALLOW);
        AclBinding aclBinding = new AclBinding(resourcePattern, accessControlEntry);
        AclBinding aclBinding2 = new AclBinding(resourcePattern, new AccessControlEntry(kafkaPrincipal.toString(), "192.168.0.1", AclOperation.WRITE, AclPermissionType.ALLOW));
        AclBinding aclBinding3 = new AclBinding(resourcePattern2, new AccessControlEntry(kafkaPrincipal.toString(), AclEntry$.MODULE$.WildcardHost(), AclOperation.DESCRIBE, AclPermissionType.ALLOW));
        AclBinding aclBinding4 = new AclBinding(resourcePattern3, new AccessControlEntry(parseKafkaPrincipal.toString(), AclEntry$.MODULE$.WildcardHost(), AclOperation.READ, AclPermissionType.ALLOW));
        AclAuthorizer aclAuthorizer = new AclAuthorizer();
        try {
            aclAuthorizer.configure((Map) CollectionConverters$.MODULE$.mapAsJavaMapConverter(Predef$.MODULE$.Map().apply(Predef$.MODULE$.wrapRefArray(new Tuple2[]{Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc("zookeeper.connect"), zkConnect())}))).asJava());
            migrateAclsAndVerify(aclAuthorizer, new $colon.colon(aclBinding, new $colon.colon(aclBinding2, new $colon.colon(aclBinding3, new $colon.colon(aclBinding4, Nil$.MODULE$)))));
            Assertions.assertEquals(aclBinding, replaceAclsAndReadWithAuthorizer(aclAuthorizer, resourcePattern, new $colon.colon(accessControlEntry, Nil$.MODULE$), seq -> {
                return BoxesRunTime.boxToBoolean($anonfun$testAclsMigrateAndDualWrite$1(seq));
            }).head());
            deleteResourceAndReadWithAuthorizer(aclAuthorizer, resourcePattern);
            AccessControlEntry accessControlEntry2 = new AccessControlEntry(kafkaPrincipal.toString(), "10.0.0.1", AclOperation.WRITE, AclPermissionType.ALLOW);
            Assertions.assertEquals(accessControlEntry2, ((AclBinding) replaceAclsAndReadWithAuthorizer(aclAuthorizer, resourcePattern, new $colon.colon(accessControlEntry2, Nil$.MODULE$), seq2 -> {
                return BoxesRunTime.boxToBoolean($anonfun$testAclsMigrateAndDualWrite$2(seq2));
            }).head()).entry());
            AccessControlEntry accessControlEntry3 = new AccessControlEntry(kafkaPrincipal.toString(), "10.0.0.1", AclOperation.WRITE, AclPermissionType.ALLOW);
            Seq<AclBinding> replaceAclsAndReadWithAuthorizer = replaceAclsAndReadWithAuthorizer(aclAuthorizer, resourcePattern2, new $colon.colon(aclBinding3.entry(), new $colon.colon(accessControlEntry3, Nil$.MODULE$)), seq3 -> {
                return BoxesRunTime.boxToBoolean($anonfun$testAclsMigrateAndDualWrite$3(seq3));
            });
            Assertions.assertEquals(aclBinding3, replaceAclsAndReadWithAuthorizer.head());
            Assertions.assertEquals(accessControlEntry3, ((AclBinding) replaceAclsAndReadWithAuthorizer.last()).entry());
        } finally {
            aclAuthorizer.close();
        }
    }

    @Test
    public void testAclsChangesInSnapshot() {
        ResourcePattern resourcePattern = new ResourcePattern(ResourceType.TOPIC, new StringBuilder(4).append("foo-").append(Uuid.randomUuid()).toString(), PatternType.LITERAL);
        ResourcePattern resourcePattern2 = new ResourcePattern(ResourceType.TOPIC, new StringBuilder(4).append("bar-").append(Uuid.randomUuid()).toString(), PatternType.LITERAL);
        ResourcePattern resourcePattern3 = new ResourcePattern(ResourceType.TOPIC, new StringBuilder(4).append("baz-").append(Uuid.randomUuid()).toString(), PatternType.LITERAL);
        KafkaPrincipal kafkaPrincipal = new KafkaPrincipal("User", "alice");
        KafkaPrincipal kafkaPrincipal2 = new KafkaPrincipal("User", "blah");
        AclEntry aclEntry = new AclEntry(new AccessControlEntry(kafkaPrincipal.toString(), AclEntry$.MODULE$.WildcardHost(), AclOperation.WRITE, AclPermissionType.ALLOW));
        AclEntry aclEntry2 = new AclEntry(new AccessControlEntry(kafkaPrincipal2.toString(), AclEntry$.MODULE$.WildcardHost(), AclOperation.READ, AclPermissionType.ALLOW));
        zkClient().createAclPaths();
        zkClient().createAclsForResourceIfNotExists(resourcePattern, Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new AclEntry[]{aclEntry})));
        zkClient().createAclsForResourceIfNotExists(resourcePattern2, Predef$.MODULE$.Set().apply(Predef$.MODULE$.wrapRefArray(new AclEntry[]{aclEntry2})));
        MetadataDelta metadataDelta = new MetadataDelta(MetadataImage.EMPTY);
        AccessControlEntryRecord resourceType = new AccessControlEntryRecord().setId(Uuid.randomUuid()).setHost("192.168.10.1").setOperation(AclOperation.READ.code()).setPrincipal(AclEntry$.MODULE$.WildcardPrincipalString()).setPermissionType(AclPermissionType.ALLOW.code()).setPatternType(resourcePattern3.patternType().code()).setResourceName(resourcePattern3.name()).setResourceType(resourcePattern3.resourceType().code());
        metadataDelta.replay(resourceType);
        AccessControlEntryRecord resourceType2 = new AccessControlEntryRecord().setId(Uuid.randomUuid()).setHost("192.168.15.1").setOperation(AclOperation.WRITE.code()).setPrincipal(kafkaPrincipal.toString()).setPermissionType(AclPermissionType.ALLOW.code()).setPatternType(resourcePattern.patternType().code()).setResourceName(resourcePattern.name()).setResourceType(resourcePattern.resourceType().code());
        metadataDelta.replay(resourceType2);
        new KRaftMigrationZkWriter(migrationClient()).handleSnapshot(metadataDelta.apply(MetadataProvenance.EMPTY), (str, str2, kRaftMigrationOperation) -> {
            this.migrationState_$eq(kRaftMigrationOperation.apply(this.migrationState()));
        });
        Set acls = zkClient().getVersionedAclsForResource(resourcePattern).acls();
        Assertions.assertEquals(1, acls.size());
        Assertions.assertEquals(new AccessControlEntry(resourceType2.principal(), resourceType2.host(), AclOperation.fromCode(resourceType2.operation()), AclPermissionType.fromCode(resourceType2.permissionType())), ((AclEntry) acls.head()).ace());
        Assertions.assertTrue(zkClient().getVersionedAclsForResource(resourcePattern2).acls().isEmpty());
        Assertions.assertEquals(new AccessControlEntry(resourceType.principal(), resourceType.host(), AclOperation.fromCode(resourceType.operation()), AclPermissionType.fromCode(resourceType.permissionType())), ((AclEntry) zkClient().getVersionedAclsForResource(resourcePattern3).acls().head()).ace());
    }

    public static final /* synthetic */ Seq $anonfun$replaceAclsAndReadWithAuthorizer$1(AclAuthorizer aclAuthorizer, AclBindingFilter aclBindingFilter) {
        return ((TraversableOnce) CollectionConverters$.MODULE$.iterableAsScalaIterableConverter(aclAuthorizer.acls(aclBindingFilter)).asScala()).toSeq();
    }

    public static final /* synthetic */ Seq $anonfun$deleteResourceAndReadWithAuthorizer$1(AclAuthorizer aclAuthorizer, AclBindingFilter aclBindingFilter) {
        return ((TraversableOnce) CollectionConverters$.MODULE$.iterableAsScalaIterableConverter(aclAuthorizer.acls(aclBindingFilter)).asScala()).toSeq();
    }

    public static final /* synthetic */ boolean $anonfun$testAclsMigrateAndDualWrite$1(Seq seq) {
        return seq.size() == 1;
    }

    public static final /* synthetic */ boolean $anonfun$testAclsMigrateAndDualWrite$2(Seq seq) {
        return seq.size() == 1;
    }

    public static final /* synthetic */ boolean $anonfun$testAclsMigrateAndDualWrite$3(Seq seq) {
        return seq.size() == 2;
    }
}
