package com.linkedin.venice.controller;

import com.linkedin.venice.authorization.AceEntry;
import com.linkedin.venice.authorization.AclBinding;
import com.linkedin.venice.authorization.Method;
import com.linkedin.venice.authorization.Permission;
import com.linkedin.venice.authorization.Principal;
import com.linkedin.venice.authorization.Resource;
import com.linkedin.venice.exceptions.VeniceException;
import com.linkedin.venice.exceptions.VeniceNoStoreException;
import com.linkedin.venice.kafka.protocol.state.PartitionState;
import com.linkedin.venice.meta.Store;
import com.linkedin.venice.offsets.OffsetRecord;
import com.linkedin.venice.pubsub.adapter.SimplePubSubProduceResultImpl;
import com.linkedin.venice.serialization.avro.AvroProtocolDefinition;
import com.linkedin.venice.serialization.avro.InternalAvroSpecificSerializer;
import com.linkedin.venice.utils.TestUtils;
import com.linkedin.venice.writer.VeniceWriter;
import java.util.Collection;
import java.util.Iterator;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import org.apache.zookeeper.data.Stat;
import org.mockito.Mockito;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:com/linkedin/venice/controller/TestVeniceParentHelixAdminWithAcl.class */
public class TestVeniceParentHelixAdminWithAcl extends AbstractTestVeniceParentHelixAdmin {
    private static final InternalAvroSpecificSerializer<PartitionState> partitionStateSerializer = AvroProtocolDefinition.PARTITION_STATE.getSerializer();
    MockVeniceAuthorizer authorizerService;

    @BeforeMethod
    public void setUp() throws Exception {
        this.authorizerService = new MockVeniceAuthorizer();
        setupInternalMocks();
    }

    @Override // com.linkedin.venice.controller.AbstractTestVeniceParentHelixAdmin
    @AfterMethod
    public void cleanupTestCase() {
        super.cleanupTestCase();
    }

    @Test
    public void testStoreCreationWithAuthorization() {
        AclBinding aclBinding = new AclBinding(new Resource("test-store-authorizer"));
        for (Principal principal : new Principal[]{new Principal("user:user1"), new Principal("group:group1"), new Principal("service:app1")}) {
            AceEntry aceEntry = new AceEntry(principal, Method.Read, Permission.ALLOW);
            AceEntry aceEntry2 = new AceEntry(principal, Method.Write, Permission.ALLOW);
            aclBinding.addAceEntry(aceEntry);
            aclBinding.addAceEntry(aceEntry2);
        }
        ((VeniceWriter) Mockito.doReturn(CompletableFuture.completedFuture(new SimplePubSubProduceResultImpl(topicName, 0, 1L, -1))).when(this.veniceWriter)).put(Mockito.any(), Mockito.any(), Mockito.anyInt());
        initializeParentAdmin(Optional.of(this.authorizerService));
        this.parentAdmin.initStorageCluster("test-cluster");
        this.parentAdmin.createStore("test-cluster", "test-store-authorizer", "dev", "\"string\"", "\"string\"", false, Optional.of("{\"AccessPermissions\":{\"Read\":[\"user:user1\",\"group:group1\",\"service:app1\"],\"Write\":[\"user:user1\",\"group:group1\",\"service:app1\"]}}"));
        Assert.assertEquals(1, this.authorizerService.setAclsCounter);
        Assert.assertTrue(isAclBindingSame(aclBinding, this.authorizerService.describeAcls(new Resource("test-store-authorizer"))));
    }

    @Test
    public void testStoreCreationWithAuthorizationException() {
        String str = "test-store-authorizer";
        String str2 = "{\"AccessPermissions\":{\"Read\":[\"user:user1\",\"group:group1\",\"service:app1\"],\"Write\":[\"user:user1\",\"group:group1\",\"service:app1\"],}}";
        ((VeniceWriter) Mockito.doReturn(CompletableFuture.completedFuture(new SimplePubSubProduceResultImpl(topicName, 0, 1L, -1))).when(this.veniceWriter)).put(Mockito.any(), Mockito.any(), Mockito.anyInt());
        String str3 = "\"string\"";
        String str4 = "\"string\"";
        initializeParentAdmin(Optional.of(this.authorizerService));
        this.parentAdmin.initStorageCluster("test-cluster");
        Assert.assertThrows(VeniceException.class, () -> {
            this.parentAdmin.createStore("test-cluster", str, "dev", str3, str4, false, Optional.of(str2));
        });
        Assert.assertEquals(0, this.authorizerService.setAclsCounter);
    }

    @Test
    public void testDeleteStoreWithAuthorization() {
        Store createTestStore = TestUtils.createTestStore("test-store-authorizer-delete", "unittest", System.currentTimeMillis());
        ((VeniceHelixAdmin) Mockito.doReturn(createTestStore).when(this.internalAdmin)).getStore((String) Mockito.eq("test-cluster"), (String) Mockito.eq("test-store-authorizer-delete"));
        ((VeniceHelixAdmin) Mockito.doReturn(createTestStore).when(this.internalAdmin)).checkPreConditionForDeletion((String) Mockito.eq("test-cluster"), (String) Mockito.eq("test-store-authorizer-delete"));
        ((VeniceWriter) Mockito.doReturn(CompletableFuture.completedFuture(new SimplePubSubProduceResultImpl(topicName, 0, 1L, -1))).when(this.veniceWriter)).put(Mockito.any(), Mockito.any(), Mockito.anyInt());
        Mockito.when(this.zkClient.readData(zkMetadataNodePath, (Stat) null)).thenReturn((Object) null).thenReturn(AdminTopicMetadataAccessor.generateMetadataMap(1L, -1L, 1L));
        initializeParentAdmin(Optional.of(this.authorizerService));
        this.parentAdmin.initStorageCluster("test-cluster");
        this.parentAdmin.deleteStore("test-cluster", "test-store-authorizer-delete", 0, true);
        Assert.assertEquals(1, this.authorizerService.clearAclCounter);
        Assert.assertTrue(isAclBindingSame(new AclBinding(new Resource("test-store-authorizer-delete")), this.authorizerService.describeAcls(new Resource("test-store-authorizer-delete"))));
    }

    @Test
    public void testUpdateAndGetAndDeleteAcl() {
        initializeParentAdmin(Optional.of(this.authorizerService));
        this.parentAdmin.updateAclForStore("test-cluster", "test-store-authorizer", "{\"AccessPermissions\":{\"Read\":[\"user:user2\",\"group:group2\",\"service:app2\"],\"Write\":[\"user:user2\",\"group:group2\",\"service:app2\"]}}");
        Assert.assertEquals(1, this.authorizerService.setAclsCounter);
        Assert.assertEquals("{\"AccessPermissions\":{\"Read\":[\"user:user2\",\"group:group2\",\"service:app2\"],\"Write\":[\"user:user2\",\"group:group2\",\"service:app2\"]}}", this.parentAdmin.getAclForStore("test-cluster", "test-store-authorizer"));
        this.authorizerService.addAce(new Resource("test-store-authorizer"), new AceEntry(new Principal("user:denyuser1"), Method.Read, Permission.DENY));
        Assert.assertEquals("{\"AccessPermissions\":{\"Read\":[\"user:user2\",\"group:group2\",\"service:app2\"],\"Write\":[\"user:user2\",\"group:group2\",\"service:app2\"]}}", this.parentAdmin.getAclForStore("test-cluster", "test-store-authorizer"));
        this.parentAdmin.deleteAclForStore("test-cluster", "test-store-authorizer");
        Assert.assertEquals(1, this.authorizerService.clearAclCounter);
        Assert.assertTrue(isAclBindingSame(new AclBinding(new Resource("test-store-authorizer")), this.authorizerService.describeAcls(new Resource("test-store-authorizer"))));
        Assert.assertEquals(this.parentAdmin.getAclForStore("test-cluster", "test-store-authorizer"), "");
    }

    @Test
    public void testUpdateAclException() {
        String str = "test-store-authorizer";
        String str2 = "{\"AccessPermissions\":{\"Read\":[\"user:user2\",\"group:group2\",\"service:app2\"],\"Write\":[\"user:user2\",\"group:group2\",\"service:app2\"]}}";
        ((VeniceHelixAdmin) Mockito.doThrow(new Throwable[]{new VeniceNoStoreException("test-store-authorizer")}).when(this.internalAdmin)).checkPreConditionForAclOp("test-cluster", "test-store-authorizer");
        Mockito.when(this.zkClient.readData(zkMetadataNodePath, (Stat) null)).thenReturn(new OffsetRecord(partitionStateSerializer)).thenReturn(AdminTopicMetadataAccessor.generateMetadataMap(1L, -1L, 1L));
        initializeParentAdmin(Optional.of(this.authorizerService));
        Assert.assertThrows(VeniceNoStoreException.class, () -> {
            this.parentAdmin.updateAclForStore("test-cluster", str, str2);
        });
        Assert.assertEquals(0, this.authorizerService.setAclsCounter);
    }

    @Test
    public void testGetAclException() {
        String str = "test-store-authorizer";
        ((VeniceHelixAdmin) Mockito.doThrow(new Throwable[]{new VeniceNoStoreException("test-store-authorizer")}).when(this.internalAdmin)).checkPreConditionForAclOp("test-cluster", "test-store-authorizer");
        Mockito.when(this.zkClient.readData(zkMetadataNodePath, (Stat) null)).thenReturn(new OffsetRecord(partitionStateSerializer)).thenReturn(AdminTopicMetadataAccessor.generateMetadataMap(1L, -1L, 1L));
        initializeParentAdmin(Optional.of(this.authorizerService));
        Assert.assertThrows(VeniceNoStoreException.class, () -> {
            this.parentAdmin.getAclForStore("test-cluster", str);
        });
    }

    @Test
    public void testDeleteAclException() {
        String str = "test-store-authorizer";
        ((VeniceHelixAdmin) Mockito.doThrow(new Throwable[]{new VeniceNoStoreException("test-store-authorizer")}).when(this.internalAdmin)).checkPreConditionForAclOp("test-cluster", "test-store-authorizer");
        Mockito.when(this.zkClient.readData(zkMetadataNodePath, (Stat) null)).thenReturn(new OffsetRecord(partitionStateSerializer)).thenReturn(AdminTopicMetadataAccessor.generateMetadataMap(1L, -1L, 1L));
        initializeParentAdmin(Optional.of(this.authorizerService));
        Assert.assertThrows(VeniceNoStoreException.class, () -> {
            this.parentAdmin.deleteAclForStore("test-cluster", str);
        });
        Assert.assertEquals(0, this.authorizerService.clearAclCounter);
    }

    private boolean isAclBindingSame(AclBinding aclBinding, AclBinding aclBinding2) {
        if (!aclBinding.getResource().equals(aclBinding2.getResource())) {
            return false;
        }
        Collection<AceEntry> aceEntries = aclBinding.getAceEntries();
        Collection aceEntries2 = aclBinding2.getAceEntries();
        if (aceEntries.size() != aceEntries2.size()) {
            return false;
        }
        for (AceEntry aceEntry : aceEntries) {
            boolean z = false;
            Iterator it = aceEntries2.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (aceEntry.equals((AceEntry) it.next())) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                return false;
            }
        }
        return true;
    }
}
