package integration.rbacdb.orm;

import io.confluent.rbacdb.orm.UpdatedRoleBindings;
import io.confluent.rbacdb.orm.WhiteBoxRbacOrmDbService;
import io.confluent.security.authorizer.ResourcePattern;
import io.confluent.security.authorizer.Scope;
import io.confluent.security.rbac.RbacRoles;
import io.confluent.security.rbac.RoleBinding;
import io.confluent.testing.TestIndependenceUtil;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.management.MalformedObjectNameException;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.testng.AssertJUnit;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import utils.PostgresDbTestBed;

@Test
/* loaded from: input_file:integration/rbacdb/orm/FullOrgRefreshQueryTest.class */
public class FullOrgRefreshQueryTest {
    private PostgresDbTestBed postgresDbTestBed;
    private WhiteBoxRbacOrmDbService rbacOrmDbService;
    private RbacRoles rbacRoles;

    @BeforeClass
    public void setup() throws MalformedObjectNameException {
        this.postgresDbTestBed = new PostgresDbTestBed();
        this.postgresDbTestBed.setupDb();
        this.rbacRoles = RbacRoles.loadDefaultPolicy(true);
        this.rbacOrmDbService = new WhiteBoxRbacOrmDbService(this.rbacRoles, this.postgresDbTestBed.getDbUrl(), this.postgresDbTestBed.getDbUser(), this.postgresDbTestBed.getDbPass(), false, 3);
    }

    /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public Object[][] roleScopeForNonResourceBinding() {
        return new Object[]{new Object[]{"OrganizationAdmin", new ArrayList()}, new Object[]{"EnvironmentAdmin", Arrays.asList("environment=env-1")}, new Object[]{"CloudClusterAdmin", Arrays.asList("environment=env-1", "cloud-cluster=lkc-123")}};
    }

    @Test(dataProvider = "roleScopeForNonResourceBinding")
    public void testFullOrgRefreshOnNonResourceRoles(String str, List<String> list) {
        KafkaPrincipal kafkaPrincipal = new KafkaPrincipal("User", TestIndependenceUtil.uniquify("calling"));
        KafkaPrincipal kafkaPrincipal2 = new KafkaPrincipal("User", TestIndependenceUtil.uniquify("target"));
        String str2 = "" + UUID.randomUUID();
        String str3 = "organization=" + str2;
        String str4 = "organization=" + ("" + UUID.randomUUID());
        ArrayList arrayList = new ArrayList();
        arrayList.add(str3);
        arrayList.addAll(list);
        Scope build = new Scope.Builder(arrayList).build();
        this.rbacOrmDbService.addRoleBinding(kafkaPrincipal, kafkaPrincipal2, str, build);
        UpdatedRoleBindings fetchRoleBindings = this.rbacOrmDbService.fetchRoleBindings(str2, this.rbacOrmDbService.maxRoleBindingLastChangeId());
        AssertJUnit.assertEquals(fetchRoleBindings.roleBindings.size(), 1);
        AssertJUnit.assertEquals(fetchRoleBindings.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, str, build, Collections.emptySet())));
        AssertJUnit.assertEquals(fetchRoleBindings.deleted, Arrays.asList(false));
        this.rbacOrmDbService.removeRoleBinding(kafkaPrincipal, kafkaPrincipal2, str, build);
        UpdatedRoleBindings fetchRoleBindings2 = this.rbacOrmDbService.fetchRoleBindings(str2, this.rbacOrmDbService.maxRoleBindingLastChangeId());
        AssertJUnit.assertEquals(fetchRoleBindings2.roleBindings.size(), 1);
        AssertJUnit.assertEquals(fetchRoleBindings2.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, str, build, Collections.emptySet())));
        AssertJUnit.assertEquals(fetchRoleBindings2.deleted, Arrays.asList(true));
        this.rbacOrmDbService.addRoleBinding(kafkaPrincipal, kafkaPrincipal2, str, build);
        UpdatedRoleBindings fetchRoleBindings3 = this.rbacOrmDbService.fetchRoleBindings(str2, this.rbacOrmDbService.maxRoleBindingLastChangeId());
        AssertJUnit.assertEquals(fetchRoleBindings3.roleBindings.size(), 1);
        AssertJUnit.assertEquals(fetchRoleBindings3.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, str, build, Collections.emptySet())));
        AssertJUnit.assertEquals(fetchRoleBindings3.deleted, Arrays.asList(false));
        this.rbacOrmDbService.removeRoleBinding(kafkaPrincipal, kafkaPrincipal2, str, build);
        UpdatedRoleBindings fetchRoleBindings4 = this.rbacOrmDbService.fetchRoleBindings(str2, this.rbacOrmDbService.maxRoleBindingLastChangeId());
        AssertJUnit.assertEquals(fetchRoleBindings4.roleBindings.size(), 1);
        AssertJUnit.assertEquals(fetchRoleBindings4.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, str, build, Collections.emptySet())));
        AssertJUnit.assertEquals(fetchRoleBindings4.deleted, Arrays.asList(true));
        this.rbacOrmDbService.addRoleBinding(kafkaPrincipal, kafkaPrincipal2, str, build);
        long maxRoleBindingLastChangeId = this.rbacOrmDbService.maxRoleBindingLastChangeId();
        UpdatedRoleBindings fetchRoleBindings5 = this.rbacOrmDbService.fetchRoleBindings(str2, maxRoleBindingLastChangeId);
        AssertJUnit.assertEquals(fetchRoleBindings5.roleBindings.size(), 1);
        AssertJUnit.assertEquals(fetchRoleBindings5.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, str, build, Collections.emptySet())));
        AssertJUnit.assertEquals(fetchRoleBindings5.deleted, Arrays.asList(false));
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(str4);
        arrayList2.addAll(list);
        this.rbacOrmDbService.addRoleBinding(kafkaPrincipal, kafkaPrincipal2, str, new Scope.Builder(arrayList2).build());
        this.rbacOrmDbService.recentlyUpdatedRoleBindings(0L);
        AssertJUnit.assertTrue(this.rbacOrmDbService.maxRoleBindingLastChangeId() > maxRoleBindingLastChangeId);
        UpdatedRoleBindings fetchRoleBindings6 = this.rbacOrmDbService.fetchRoleBindings(str2, maxRoleBindingLastChangeId);
        AssertJUnit.assertEquals(fetchRoleBindings6.roleBindings.size(), 1);
        AssertJUnit.assertEquals(fetchRoleBindings6.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, str, build, Collections.emptySet())));
        AssertJUnit.assertEquals(fetchRoleBindings6.deleted, Arrays.asList(false));
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider
    public Object[][] roleResourceTypesForResourcesBinding() {
        return new Object[]{new Object[]{"ResourceOwner", new String[]{"Topic", "Group", "TransactionalId", "Cluster"}}, new Object[]{"DeveloperRead", new String[]{"Topic", "Group", "TransactionalId"}}, new Object[]{"DeveloperWrite", new String[]{"Topic", "TransactionalId", "Cluster"}}, new Object[]{"DeveloperManage", new String[]{"Topic", "Group", "TransactionalId", "Cluster"}}};
    }

    @Test(dataProvider = "roleResourceTypesForResourcesBinding")
    public void testFullOrgRefreshOnResourceRoles(String str, String[] strArr) {
        KafkaPrincipal kafkaPrincipal = new KafkaPrincipal("User", TestIndependenceUtil.uniquify("calling"));
        KafkaPrincipal kafkaPrincipal2 = new KafkaPrincipal("User", TestIndependenceUtil.uniquify("target"));
        String str2 = "" + UUID.randomUUID();
        String str3 = "organization=" + str2;
        String str4 = "organization=" + ("" + UUID.randomUUID());
        Scope build = new Scope.Builder(new String[]{str3, "environment=env-1", "cloud-cluster=lkc-123"}).withKafkaCluster("lkc-123").build();
        for (String str5 : strArr) {
            List asList = Arrays.asList(new ResourcePattern(str5, str5 + 1, PatternType.LITERAL));
            this.rbacOrmDbService.addResourceRoleBindings(kafkaPrincipal, kafkaPrincipal2, str, build, asList);
            UpdatedRoleBindings fetchRoleBindings = this.rbacOrmDbService.fetchRoleBindings(str2, this.rbacOrmDbService.maxRoleBindingLastChangeId());
            AssertJUnit.assertEquals(fetchRoleBindings.roleBindings.size(), 1);
            AssertJUnit.assertEquals(fetchRoleBindings.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, str, build, asList)));
            AssertJUnit.assertEquals(fetchRoleBindings.deleted, Arrays.asList(false));
            List asList2 = Arrays.asList(new ResourcePattern(str5, str5 + 2, PatternType.LITERAL));
            this.rbacOrmDbService.addResourceRoleBindings(kafkaPrincipal, kafkaPrincipal2, str, build, asList2);
            UpdatedRoleBindings fetchRoleBindings2 = this.rbacOrmDbService.fetchRoleBindings(str2, this.rbacOrmDbService.maxRoleBindingLastChangeId());
            AssertJUnit.assertEquals(fetchRoleBindings2.roleBindings.size(), 1);
            AssertJUnit.assertEquals(fetchRoleBindings2.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, str, build, Arrays.asList((ResourcePattern) asList.get(0), (ResourcePattern) asList2.get(0)))));
            AssertJUnit.assertEquals(fetchRoleBindings2.deleted, Arrays.asList(false));
            this.rbacOrmDbService.removeResourceRoleBindings(kafkaPrincipal, kafkaPrincipal2, str, build, (Collection) asList.stream().map((v0) -> {
                return v0.toFilter();
            }).collect(Collectors.toList()));
            UpdatedRoleBindings fetchRoleBindings3 = this.rbacOrmDbService.fetchRoleBindings(str2, this.rbacOrmDbService.maxRoleBindingLastChangeId());
            AssertJUnit.assertEquals(fetchRoleBindings3.roleBindings.size(), 1);
            AssertJUnit.assertEquals(fetchRoleBindings3.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, str, build, asList2)));
            AssertJUnit.assertEquals(fetchRoleBindings3.deleted, Arrays.asList(false));
            this.rbacOrmDbService.removeResourceRoleBindings(kafkaPrincipal, kafkaPrincipal2, str, build, (Collection) asList2.stream().map((v0) -> {
                return v0.toFilter();
            }).collect(Collectors.toList()));
            UpdatedRoleBindings fetchRoleBindings4 = this.rbacOrmDbService.fetchRoleBindings(str2, this.rbacOrmDbService.maxRoleBindingLastChangeId());
            AssertJUnit.assertEquals(fetchRoleBindings4.roleBindings.size(), 1);
            AssertJUnit.assertEquals(fetchRoleBindings4.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, str, build, Collections.emptySet())));
            AssertJUnit.assertEquals(fetchRoleBindings4.deleted, Arrays.asList(true));
            this.rbacOrmDbService.addResourceRoleBindings(kafkaPrincipal, kafkaPrincipal2, str, build, asList);
            UpdatedRoleBindings fetchRoleBindings5 = this.rbacOrmDbService.fetchRoleBindings(str2, this.rbacOrmDbService.maxRoleBindingLastChangeId());
            AssertJUnit.assertEquals(fetchRoleBindings5.roleBindings.size(), 1);
            AssertJUnit.assertEquals(fetchRoleBindings5.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, str, build, asList)));
            AssertJUnit.assertEquals(fetchRoleBindings5.deleted, Arrays.asList(false));
            this.rbacOrmDbService.removeResourceRoleBindings(kafkaPrincipal, kafkaPrincipal2, str, build, (Collection) asList.stream().map((v0) -> {
                return v0.toFilter();
            }).collect(Collectors.toList()));
            long maxRoleBindingLastChangeId = this.rbacOrmDbService.maxRoleBindingLastChangeId();
            UpdatedRoleBindings fetchRoleBindings6 = this.rbacOrmDbService.fetchRoleBindings(str2, maxRoleBindingLastChangeId);
            AssertJUnit.assertEquals(fetchRoleBindings6.roleBindings.size(), 1);
            AssertJUnit.assertEquals(fetchRoleBindings6.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, str, build, Collections.emptySet())));
            AssertJUnit.assertEquals(fetchRoleBindings6.deleted, Arrays.asList(true));
            this.rbacOrmDbService.addResourceRoleBindings(kafkaPrincipal, kafkaPrincipal2, str, new Scope.Builder(new String[]{str4, "environment=env-1", "cloud-cluster=lkc-123"}).withKafkaCluster("lkc-123").build(), asList);
            this.rbacOrmDbService.recentlyUpdatedRoleBindings(0L);
            AssertJUnit.assertTrue(this.rbacOrmDbService.maxRoleBindingLastChangeId() > maxRoleBindingLastChangeId);
            UpdatedRoleBindings fetchRoleBindings7 = this.rbacOrmDbService.fetchRoleBindings(str2, maxRoleBindingLastChangeId);
            AssertJUnit.assertEquals(fetchRoleBindings7.roleBindings.size(), 1);
            AssertJUnit.assertEquals(fetchRoleBindings7.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, str, build, Collections.emptySet())));
            AssertJUnit.assertEquals(fetchRoleBindings7.deleted, Arrays.asList(true));
        }
    }

    @Test
    public void testFullOrgRefresh() {
        KafkaPrincipal kafkaPrincipal = new KafkaPrincipal("User", TestIndependenceUtil.uniquify("calling"));
        KafkaPrincipal kafkaPrincipal2 = new KafkaPrincipal("User", TestIndependenceUtil.uniquify("target"));
        String str = "" + UUID.randomUUID();
        String str2 = "organization=" + str;
        String str3 = "organization=" + ("" + UUID.randomUUID());
        Scope build = new Scope.Builder(new String[]{str2}).build();
        this.rbacOrmDbService.addRoleBinding(kafkaPrincipal, kafkaPrincipal2, "OrganizationAdmin", build);
        UpdatedRoleBindings fetchRoleBindings = this.rbacOrmDbService.fetchRoleBindings(str, this.rbacOrmDbService.maxRoleBindingLastChangeId());
        AssertJUnit.assertEquals(fetchRoleBindings.roleBindings.size(), 1);
        AssertJUnit.assertEquals(fetchRoleBindings.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, "OrganizationAdmin", build, Collections.emptySet())));
        AssertJUnit.assertEquals(fetchRoleBindings.deleted, Arrays.asList(false));
        this.rbacOrmDbService.removeRoleBinding(kafkaPrincipal, kafkaPrincipal2, "OrganizationAdmin", build);
        UpdatedRoleBindings fetchRoleBindings2 = this.rbacOrmDbService.fetchRoleBindings(str, this.rbacOrmDbService.maxRoleBindingLastChangeId());
        AssertJUnit.assertEquals(fetchRoleBindings2.roleBindings.size(), 1);
        AssertJUnit.assertEquals(fetchRoleBindings2.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, "OrganizationAdmin", build, Collections.emptySet())));
        AssertJUnit.assertEquals(fetchRoleBindings2.deleted, Arrays.asList(true));
        Scope build2 = new Scope.Builder(new String[]{str2, "environment=env-1", "cloud-cluster=lkc-123"}).withKafkaCluster("lkc-123").build();
        HashSet hashSet = new HashSet(Arrays.asList(new ResourcePattern("Topic", "topic-1", PatternType.LITERAL), new ResourcePattern("Topic", "topic-2", PatternType.LITERAL)));
        this.rbacOrmDbService.addResourceRoleBindings(kafkaPrincipal, kafkaPrincipal2, "ResourceOwner", build2, hashSet);
        UpdatedRoleBindings fetchRoleBindings3 = this.rbacOrmDbService.fetchRoleBindings(str, this.rbacOrmDbService.maxRoleBindingLastChangeId());
        AssertJUnit.assertEquals(fetchRoleBindings3.roleBindings.size(), 2);
        AssertJUnit.assertEquals(fetchRoleBindings3.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, "OrganizationAdmin", build, Collections.emptySet()), new RoleBinding(kafkaPrincipal2, "ResourceOwner", build2, hashSet)));
        AssertJUnit.assertEquals(fetchRoleBindings3.deleted, Arrays.asList(true, false));
        this.rbacOrmDbService.addRoleBinding(kafkaPrincipal, kafkaPrincipal2, "OrganizationAdmin", build);
        UpdatedRoleBindings fetchRoleBindings4 = this.rbacOrmDbService.fetchRoleBindings(str, this.rbacOrmDbService.maxRoleBindingLastChangeId());
        AssertJUnit.assertEquals(fetchRoleBindings4.roleBindings.size(), 2);
        AssertJUnit.assertEquals(fetchRoleBindings4.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, "ResourceOwner", build2, hashSet), new RoleBinding(kafkaPrincipal2, "OrganizationAdmin", build, Collections.emptySet())));
        AssertJUnit.assertEquals(fetchRoleBindings4.deleted, Arrays.asList(false, false));
        this.rbacOrmDbService.removeResourceRoleBindings(kafkaPrincipal, kafkaPrincipal2, "ResourceOwner", build2, (Collection) hashSet.stream().map((v0) -> {
            return v0.toFilter();
        }).collect(Collectors.toList()));
        UpdatedRoleBindings fetchRoleBindings5 = this.rbacOrmDbService.fetchRoleBindings(str, this.rbacOrmDbService.maxRoleBindingLastChangeId());
        AssertJUnit.assertEquals(fetchRoleBindings5.roleBindings.size(), 2);
        AssertJUnit.assertEquals(fetchRoleBindings5.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, "OrganizationAdmin", build, Collections.emptySet()), new RoleBinding(kafkaPrincipal2, "ResourceOwner", build2, Collections.emptySet())));
        AssertJUnit.assertEquals(fetchRoleBindings5.deleted, Arrays.asList(false, true));
        this.rbacOrmDbService.addResourceRoleBindings(kafkaPrincipal, kafkaPrincipal2, "ResourceOwner", build2, hashSet);
        UpdatedRoleBindings fetchRoleBindings6 = this.rbacOrmDbService.fetchRoleBindings(str, this.rbacOrmDbService.maxRoleBindingLastChangeId());
        AssertJUnit.assertEquals(fetchRoleBindings6.roleBindings.size(), 2);
        AssertJUnit.assertEquals(fetchRoleBindings6.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, "OrganizationAdmin", build, Collections.emptySet()), new RoleBinding(kafkaPrincipal2, "ResourceOwner", build2, hashSet)));
        AssertJUnit.assertEquals(fetchRoleBindings6.deleted, Arrays.asList(false, false));
        Scope build3 = new Scope.Builder(new String[]{str3, "environment=env-1", "cloud-cluster=lkc-123"}).withKafkaCluster("lkc-123").build();
        long maxRoleBindingLastChangeId = this.rbacOrmDbService.maxRoleBindingLastChangeId();
        this.rbacOrmDbService.addResourceRoleBindings(kafkaPrincipal, kafkaPrincipal2, "ResourceOwner", build3, hashSet);
        this.rbacOrmDbService.recentlyUpdatedRoleBindings(0L);
        AssertJUnit.assertTrue(this.rbacOrmDbService.maxRoleBindingLastChangeId() > maxRoleBindingLastChangeId);
        UpdatedRoleBindings fetchRoleBindings7 = this.rbacOrmDbService.fetchRoleBindings(str, maxRoleBindingLastChangeId);
        AssertJUnit.assertEquals(fetchRoleBindings7.roleBindings.size(), 2);
        AssertJUnit.assertEquals(fetchRoleBindings7.roleBindings, Arrays.asList(new RoleBinding(kafkaPrincipal2, "OrganizationAdmin", build, Collections.emptySet()), new RoleBinding(kafkaPrincipal2, "ResourceOwner", build2, hashSet)));
        AssertJUnit.assertEquals(fetchRoleBindings7.deleted, Arrays.asList(false, false));
    }
}
