package cloud.coop;

import io.confluent.crn.ConfluentCloudCrnAuthority;
import io.confluent.crn.ConfluentResourceName;
import io.confluent.crn.CrnSyntaxException;
import io.confluent.rbacapi.entities.DuplicateRequest;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.retrofit.v2.V2RbacRestApi;
import io.confluent.rbacapi.retrofit.v2.V2RbacRetrofitFactory;
import io.confluent.security.authorizer.Scope;
import io.confluent.testing.TestIndependenceUtil;
import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import parity.coop.ParityTestBase;
import retrofit2.Response;
import utils.MdsTestUtil;
import utils.RoleCrudUtil;

@Test
/* loaded from: input_file:cloud/coop/V2CloudLifecycleTest.class */
public class V2CloudLifecycleTest extends ParityTestBase {
    private final String USER = TestIndependenceUtil.uniquify("u-lifecycle");
    private V2RbacRestApi userClient;
    private static final ConfluentCloudCrnAuthority authority = new ConfluentCloudCrnAuthority(10);

    @BeforeClass
    public void setup() throws IOException {
        this.ldapCrud.createUsers(new String[]{this.USER});
        this.userClient = V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, this.USER);
    }

    private void setAllRolesForHierarchy(ConfluentResourceName confluentResourceName) throws CrnSyntaxException, IOException {
        Assert.assertEquals(confluentResourceName.resourceType(), "cloud-cluster");
        Scope scope = authority.resolveScopePattern(confluentResourceName).scope();
        Assert.assertTrue(this.suClient.addClusterRoleForPrincipal(RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify("u-org")), "OrganizationAdmin", new MdsScope(scope.ancestorWithBindingScope("organization"))).execute().isSuccessful());
        Assert.assertTrue(this.suClient.addClusterRoleForPrincipal(RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify("u-env")), "EnvironmentAdmin", new MdsScope(scope.ancestorWithBindingScope("environment"))).execute().isSuccessful());
        Assert.assertTrue(this.suClient.addClusterRoleForPrincipal(RoleCrudUtil.kafkaPrincipalString(TestIndependenceUtil.uniquify("u-cluster")), "CloudClusterAdmin", new MdsScope(scope)).execute().isSuccessful());
    }

    private Map<String, Set<String>> checkRolesForHierarchy(ConfluentResourceName confluentResourceName, int i, int i2, int i3, int i4) throws CrnSyntaxException, IOException {
        Scope scope = authority.resolveScopePattern(confluentResourceName).scope();
        HashMap hashMap = new HashMap();
        List list = (List) this.suClient.getPrincipalsWithRole("OrganizationAdmin", new MdsScope(scope.ancestorWithBindingScope("organization"))).execute().body();
        Assert.assertEquals(list.stream().filter(str -> {
            return !str.equals(principalStr(this.USER));
        }).count(), i, String.join(", ", list));
        hashMap.put("organization", new HashSet(list));
        List list2 = (List) this.suClient.getPrincipalsWithRole("EnvironmentAdmin", new MdsScope(scope.ancestorWithBindingScope("environment"))).execute().body();
        Assert.assertEquals(list2.stream().filter(str2 -> {
            return !str2.equals(principalStr(this.USER));
        }).count(), i2, String.join(", ", list2));
        hashMap.put("environment", new HashSet(list2));
        List list3 = (List) this.suClient.getPrincipalsWithRole("CloudClusterAdmin", new MdsScope(scope)).execute().body();
        Assert.assertEquals(list3.stream().filter(str3 -> {
            return !str3.equals(principalStr(this.USER));
        }).count(), i3, String.join(", ", list3));
        hashMap.put("cloud-cluster", new HashSet(list3));
        return hashMap;
    }

    private String principalStr(String str) {
        return new KafkaPrincipal("User", str).toString();
    }

    private void addRoleBindingForUser(String str, Scope scope) throws IOException {
        Assert.assertTrue(this.suClient.addClusterRoleForPrincipal(principalStr(this.USER), str, new MdsScope(scope)).execute().isSuccessful());
    }

    @Test
    public void testRemoveAllRoleBindingsForOrgAsCCRBA() throws Exception {
        ConfluentResourceName canonicalCrn = authority.canonicalCrn("crn://confluent.cloud/organization=" + TestIndependenceUtil.uniquify("aaa-bbb-ccc") + "/environment=env-d/cloud-cluster=lkc-ef123");
        setAllRolesForHierarchy(canonicalCrn);
        checkRolesForHierarchy(canonicalCrn, 1, 1, 1, 1);
        Assert.assertEquals(this.suClient.removeAllRoleBindingsForScope(TestIndependenceUtil.uniquify("transaction"), authority.resolveScopePattern(canonicalCrn).scope().ancestorWithBindingScope("organization")).execute().code(), 204);
        checkRolesForHierarchy(canonicalCrn, 0, 0, 0, 0);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public Object[][] removeScopePermissions() {
        return new Object[]{new Object[]{"OrganizationAdmin", "organization", "organization"}, new Object[]{"OrganizationAdmin", "organization", "environment"}, new Object[]{"OrganizationAdmin", "organization", "cloud-cluster"}, new Object[]{"EnvironmentAdmin", "environment", "organization"}, new Object[]{"EnvironmentAdmin", "environment", "environment"}, new Object[]{"EnvironmentAdmin", "environment", "cloud-cluster"}, new Object[]{"CloudClusterAdmin", "cloud-cluster", "organization"}, new Object[]{"CloudClusterAdmin", "cloud-cluster", "environment"}, new Object[]{"CloudClusterAdmin", "cloud-cluster", "cloud-cluster"}};
    }

    @Test(dataProvider = "removeScopePermissions")
    public void testRemoveAllRoleBindingsAtScopeWithRoles(String str, String str2, String str3) throws Exception {
        ConfluentResourceName canonicalCrn = authority.canonicalCrn("crn://confluent.cloud/organization=" + TestIndependenceUtil.uniquify("aaa-bbb-ccc") + "/environment=env-d/cloud-cluster=lkc-ef123");
        setAllRolesForHierarchy(canonicalCrn);
        checkRolesForHierarchy(canonicalCrn, 1, 1, 1, 1);
        addRoleBindingForUser(str, authority.resolveScopePattern(canonicalCrn).scope().ancestorWithBindingScope(str2));
        Assert.assertEquals(this.userClient.removeAllRoleBindingsForScope(TestIndependenceUtil.uniquify("transaction"), authority.resolveScopePattern(canonicalCrn).scope().ancestorWithBindingScope(str3)).execute().code(), 403);
        checkRolesForHierarchy(canonicalCrn, 1, 1, 1, 1);
    }

    @Test
    public void testDuplicateRoleBindingsForOrgAsCCRBA() throws Exception {
        String uuid = UUID.randomUUID().toString();
        ConfluentResourceName canonicalCrn = authority.canonicalCrn("crn://confluent.cloud/organization=" + uuid + "/environment=env-d/cloud-cluster=lkc-ef123");
        String uuid2 = UUID.randomUUID().toString();
        ConfluentResourceName canonicalCrn2 = authority.canonicalCrn("crn://confluent.cloud/organization=" + uuid2 + "/environment=env-w/cloud-cluster=lkc-vu987");
        ConfluentResourceName canonicalCrn3 = authority.canonicalCrn("crn://confluent.cloud/organization=" + uuid2 + "/environment=env-d/cloud-cluster=lkc-ef123");
        setAllRolesForHierarchy(canonicalCrn);
        Map<String, Set<String>> checkRolesForHierarchy = checkRolesForHierarchy(canonicalCrn, 1, 1, 1, 1);
        setAllRolesForHierarchy(canonicalCrn2);
        Map<String, Set<String>> checkRolesForHierarchy2 = checkRolesForHierarchy(canonicalCrn2, 1, 1, 1, 1);
        Assert.assertEquals(this.suClient.duplicateRolesForOrg(uuid, new DuplicateRequest(uuid2, TestIndependenceUtil.uniquify("transaction"))).execute().code(), 204);
        Map<String, Set<String>> checkRolesForHierarchy3 = checkRolesForHierarchy(canonicalCrn, 1, 1, 1, 1);
        Map<String, Set<String>> checkRolesForHierarchy4 = checkRolesForHierarchy(canonicalCrn2, 2, 1, 1, 1);
        Map<String, Set<String>> checkRolesForHierarchy5 = checkRolesForHierarchy(canonicalCrn3, 2, 1, 1, 1);
        Assert.assertEqualsDeep(checkRolesForHierarchy, checkRolesForHierarchy3);
        HashSet hashSet = new HashSet();
        hashSet.addAll(checkRolesForHierarchy.get("organization"));
        hashSet.addAll(checkRolesForHierarchy2.get("organization"));
        Assert.assertEquals(checkRolesForHierarchy5.get("organization"), hashSet);
        Assert.assertEquals(checkRolesForHierarchy5.get("environment"), checkRolesForHierarchy.get("environment"));
        Assert.assertEquals(checkRolesForHierarchy5.get("cloud-cluster"), checkRolesForHierarchy.get("cloud-cluster"));
        Assert.assertEquals(checkRolesForHierarchy4.get("organization"), hashSet);
        Assert.assertEquals(checkRolesForHierarchy4.get("environment"), checkRolesForHierarchy2.get("environment"));
        Assert.assertEquals(checkRolesForHierarchy4.get("cloud-cluster"), checkRolesForHierarchy2.get("cloud-cluster"));
    }

    @Test
    public void testDuplicateRoleBindingsForOrgAsOrgAdminFails() throws Exception {
        String uuid = UUID.randomUUID().toString();
        ConfluentResourceName canonicalCrn = authority.canonicalCrn("crn://confluent.cloud/organization=" + uuid + "/environment=env-d/cloud-cluster=lkc-ef123");
        String uuid2 = UUID.randomUUID().toString();
        ConfluentResourceName canonicalCrn2 = authority.canonicalCrn("crn://confluent.cloud/organization=" + uuid2 + "/environment=env-w/cloud-cluster=lkc-vu987");
        setAllRolesForHierarchy(canonicalCrn);
        addRoleBindingForUser("OrganizationAdmin", authority.resolveScopePattern(canonicalCrn).scope().ancestorWithBindingScope("organization"));
        addRoleBindingForUser("OrganizationAdmin", authority.resolveScopePattern(canonicalCrn2).scope().ancestorWithBindingScope("organization"));
        Map<String, Set<String>> checkRolesForHierarchy = checkRolesForHierarchy(canonicalCrn, 1, 1, 1, 1);
        setAllRolesForHierarchy(canonicalCrn2);
        Map<String, Set<String>> checkRolesForHierarchy2 = checkRolesForHierarchy(canonicalCrn2, 1, 1, 1, 1);
        Assert.assertEquals(this.userClient.duplicateRolesForOrg(uuid, new DuplicateRequest(uuid2, TestIndependenceUtil.uniquify("transaction"))).execute().code(), 403);
        Map<String, Set<String>> checkRolesForHierarchy3 = checkRolesForHierarchy(canonicalCrn, 1, 1, 1, 1);
        Map<String, Set<String>> checkRolesForHierarchy4 = checkRolesForHierarchy(canonicalCrn2, 1, 1, 1, 1);
        Assert.assertEqualsDeep(checkRolesForHierarchy, checkRolesForHierarchy3);
        Assert.assertEqualsDeep(checkRolesForHierarchy2, checkRolesForHierarchy4);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public Object[][] badDuplicateRequest() {
        return new Object[]{new Object[]{UUID.randomUUID().toString(), null}, new Object[]{UUID.randomUUID().toString(), ""}, new Object[]{null, "reasons"}, new Object[]{"", "reasons"}, new Object[]{"not a uuid", "reasons"}};
    }

    @Test(dataProvider = "badDuplicateRequest")
    public void testDuplicateRoleBindingsWithBadDuplicateRequestFails(String str, String str2) throws Exception {
        String uuid = UUID.randomUUID().toString();
        ConfluentResourceName canonicalCrn = authority.canonicalCrn("crn://confluent.cloud/organization=" + uuid + "/environment=env-d/cloud-cluster=lkc-ef123");
        String uuid2 = UUID.randomUUID().toString();
        ConfluentResourceName canonicalCrn2 = authority.canonicalCrn("crn://confluent.cloud/organization=" + uuid2 + "/environment=env-w/cloud-cluster=lkc-vu987");
        authority.canonicalCrn("crn://confluent.cloud/organization=" + uuid2 + "/environment=env-d/cloud-cluster=lkc-ef123");
        setAllRolesForHierarchy(canonicalCrn);
        Map<String, Set<String>> checkRolesForHierarchy = checkRolesForHierarchy(canonicalCrn, 1, 1, 1, 1);
        setAllRolesForHierarchy(canonicalCrn2);
        Map<String, Set<String>> checkRolesForHierarchy2 = checkRolesForHierarchy(canonicalCrn2, 1, 1, 1, 1);
        Assert.assertEquals(this.suClient.duplicateRolesForOrg(uuid, new DuplicateRequest(str, str2)).execute().code(), 400);
        Map<String, Set<String>> checkRolesForHierarchy3 = checkRolesForHierarchy(canonicalCrn, 1, 1, 1, 1);
        Map<String, Set<String>> checkRolesForHierarchy4 = checkRolesForHierarchy(canonicalCrn2, 1, 1, 1, 1);
        Assert.assertEqualsDeep(checkRolesForHierarchy, checkRolesForHierarchy3);
        Assert.assertEqualsDeep(checkRolesForHierarchy2, checkRolesForHierarchy4);
    }

    @Test
    public void testRemoveAllRoleBindingsWithNullTransactionIdFails() throws Exception {
        ConfluentResourceName canonicalCrn = authority.canonicalCrn("crn://confluent.cloud/organization=" + TestIndependenceUtil.uniquify("aaa-bbb-ccc") + "/environment=env-d/cloud-cluster=lkc-ef123");
        setAllRolesForHierarchy(canonicalCrn);
        checkRolesForHierarchy(canonicalCrn, 1, 1, 1, 1);
        Response execute = this.suClient.removeAllRoleBindingsForScope(null, authority.resolveScopePattern(canonicalCrn).scope().ancestorWithBindingScope("organization")).execute();
        Assert.assertFalse(execute.isSuccessful());
        Assert.assertEquals(execute.code(), 400);
        checkRolesForHierarchy(canonicalCrn, 1, 1, 1, 1);
    }

    @Test
    public void testRemoveAllRoleBindingsWithEmptyTransactionIdFails() throws Exception {
        ConfluentResourceName canonicalCrn = authority.canonicalCrn("crn://confluent.cloud/organization=" + TestIndependenceUtil.uniquify("aaa-bbb-ccc") + "/environment=env-d/cloud-cluster=lkc-ef123");
        setAllRolesForHierarchy(canonicalCrn);
        checkRolesForHierarchy(canonicalCrn, 1, 1, 1, 1);
        Response execute = this.suClient.removeAllRoleBindingsForScope("", authority.resolveScopePattern(canonicalCrn).scope().ancestorWithBindingScope("organization")).execute();
        Assert.assertFalse(execute.isSuccessful());
        Assert.assertEquals(execute.code(), 400);
        checkRolesForHierarchy(canonicalCrn, 1, 1, 1, 1);
    }
}
