package parity.coop;

import io.confluent.rbacapi.entities.AuthorizeRequest;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.retrofit.v2.V2RbacRestApi;
import io.confluent.rbacapi.retrofit.v2.V2RbacRetrofitFactory;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import io.confluent.testing.TestIndependenceUtil;
import io.confluent.testing.ldap.client.ExampleComLdapCrud;
import io.confluent.testing.ldap.client.LdapCrud;
import java.io.IOException;
import java.time.Duration;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.kafka.clients.consumer.ConsumerRecord;
import org.apache.kafka.clients.consumer.KafkaConsumer;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import retrofit2.Response;
import utils.MdsTestUtil;

@Test
/* loaded from: input_file:parity/coop/V2CloudAuthorizeAuditTest.class */
public class V2CloudAuthorizeAuditTest extends ParityTestBase {
    private final Map<String, V2RbacRestApi> retrofitClients = new HashMap();
    private final String flowServiceAdminUserId = ParitySuite.U_FLOW_SERVICE_ADMIN;
    private final String org1AdminUserId = TestIndependenceUtil.uniquify("org-admin-user");
    private final String org1Name = TestIndependenceUtil.uniquify("org1");
    private final String org1PathElement = "organization=" + this.org1Name;
    private final MdsScope org1MdsScope = MdsScope.of(new Scope.Builder(new String[]{this.org1PathElement}).build());
    private LdapCrud ldapCrud;
    private int actualMdsPort;

    @BeforeClass
    public void setup() throws Exception {
        this.ldapCrud = new ExampleComLdapCrud(Integer.parseInt(ParitySuite.DEFAULT_PARITY_LDAP_PORT));
        this.actualMdsPort = Integer.parseInt(ParitySuite.DEFAULT_PARITY_MDS_PORT);
        List asList = Arrays.asList(ParitySuite.U_FLOW_SERVICE_ADMIN, this.org1AdminUserId);
        this.ldapCrud.createUsers(asList);
        asList.forEach(str -> {
            this.retrofitClients.put(str, V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, str));
        });
        Assert.assertTrue(this.retrofitClients.get(ParitySuite.U_FLOW_SERVICE_ADMIN).addClusterRoleForPrincipal("User:" + this.org1AdminUserId, "OrganizationAdmin", this.org1MdsScope).execute().isSuccessful());
    }

    @Test
    public void testRequestIdInAuditLogs() throws IOException {
        Response execute = this.retrofitClients.get(this.org1AdminUserId).authorize("request-id-test", new AuthorizeRequest("User:" + this.org1AdminUserId, Collections.singletonList(new Action(this.org1MdsScope.scope(), new ResourceType("Topic"), "test-topic", new Operation("Describe"))))).execute();
        Assert.assertTrue(execute.isSuccessful());
        Assert.assertEquals(execute.code(), 200);
        KafkaConsumer buildConsumer = ParitySuite.getClientBuilder().buildConsumer("test-group");
        buildConsumer.subscribe(Collections.singleton("confluent-audit-log-events"));
        boolean z = false;
        try {
            long currentTimeMillis = System.currentTimeMillis() + 10000;
            while (!z) {
                if (System.currentTimeMillis() >= currentTimeMillis) {
                    break;
                }
                Iterator it = buildConsumer.poll(Duration.ofMillis(500L)).records("confluent-audit-log-events").iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    } else if (((String) ((ConsumerRecord) it.next()).value()).contains("request-id-test")) {
                        z = true;
                        break;
                    }
                }
            }
            Assert.assertTrue(z);
        } finally {
            buildConsumer.close();
        }
    }
}
