package io.stargate.it.cql;

import com.datastax.oss.driver.api.core.CqlSession;
import com.datastax.oss.driver.api.core.CqlSessionBuilder;
import io.stargate.it.BaseOsgiIntegrationTest;
import io.stargate.it.driver.CqlSessionExtension;
import io.stargate.it.driver.CqlSessionSpec;
import io.stargate.it.storage.ClusterConnectionInfo;
import io.stargate.it.storage.LogCollector;
import io.stargate.it.storage.StargateLogExtension;
import io.stargate.it.storage.StargateParameters;
import io.stargate.it.storage.StargateSpec;
import java.util.List;
import java.util.regex.Pattern;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.junit.jupiter.api.extension.Extensions;

@CqlSessionSpec(createKeyspace = false, dropKeyspace = false, initQueries = {"CREATE ROLE IF NOT EXISTS 'auth_user1'", "CREATE KEYSPACE IF NOT EXISTS auth_keyspace2 WITH REPLICATION = {'class':'SimpleStrategy', 'replication_factor':'1'}", "CREATE TABLE IF NOT EXISTS auth_keyspace2.table3 (userid text, PRIMARY KEY (userid))"})
@StargateSpec(parametersCustomizer = "buildParameters")
@Extensions({@ExtendWith({CqlSessionExtension.class}), @ExtendWith({StargateLogExtension.class})})
/* loaded from: input_file:io/stargate/it/cql/AuthorizationCommandInterceptorTest.class */
public class AuthorizationCommandInterceptorTest extends BaseOsgiIntegrationTest {
    private static CqlSession session;
    private LogCollector log;

    @BeforeAll
    public static void buildSession(CqlSessionBuilder cqlSessionBuilder) {
        session = (CqlSession) cqlSessionBuilder.withKeyspace("auth_keyspace2").build();
    }

    public static void buildParameters(StargateParameters.Builder builder) {
        builder.enableAuth(true);
        builder.putSystemProperties("stargate.authorization.processor.id", "LoggingAuthzProcessor");
    }

    @BeforeEach
    public void setupLogInterceptor(LogCollector logCollector) {
        this.log = logCollector;
    }

    private List<String> addedMsgs(String str) {
        session.execute(str);
        return this.log.filter(0, Pattern.compile(".+testing: addPermissions: (.+)"), 1, 1);
    }

    private List<String> removedMsgs(String str) {
        session.execute(str);
        return this.log.filter(0, Pattern.compile(".+testing: removePermissions: (.+)"), 1, 1);
    }

    @Test
    public void grantSelect() {
        Assertions.assertThat(addedMsgs("GRANT SELECT on auth_keyspace2.table3 TO 'auth_user1'")).containsExactly(new String[]{"cassandra, ALLOW, ACCESS, [SELECT], AuthorizedResource{kind=TABLE, keyspace=auth_keyspace2, element=table3}, auth_user1"});
    }

    @Test
    public void revokeSelect() {
        Assertions.assertThat(removedMsgs("REVOKE SELECT on table3 FROM 'auth_user1'")).containsExactly(new String[]{"cassandra, ALLOW, ACCESS, [SELECT], AuthorizedResource{kind=TABLE, keyspace=auth_keyspace2, element=table3}, auth_user1"});
    }

    @Test
    public void grantDescribeAllKeyspaces() {
        Assumptions.assumeTrue(this.backend.isDse());
        Assertions.assertThat(addedMsgs("GRANT DESCRIBE ON ALL KEYSPACES TO 'auth_user1'")).containsExactly(new String[]{"cassandra, ALLOW, ACCESS, [DESCRIBE], AuthorizedResource{kind=KEYSPACE, keyspace=*, element=*}, auth_user1"});
    }

    @Test
    public void revokeDescribeKeyspace() {
        Assumptions.assumeTrue(this.backend.isDse());
        Assertions.assertThat(removedMsgs("REVOKE DESCRIBE ON KEYSPACE auth_keyspace2 FROM 'auth_user1'")).containsExactly(new String[]{"cassandra, ALLOW, ACCESS, [DESCRIBE], AuthorizedResource{kind=KEYSPACE, keyspace=auth_keyspace2, element=*}, auth_user1"});
    }

    @Test
    public void grantTruncateAllTables() {
        Assumptions.assumeTrue(this.backend.isDse());
        Assertions.assertThat(addedMsgs("GRANT TRUNCATE ON ALL TABLES IN KEYSPACE auth_keyspace2 TO 'auth_user1'")).containsExactly(new String[]{"cassandra, ALLOW, ACCESS, [TRUNCATE], AuthorizedResource{kind=TABLE, keyspace=auth_keyspace2, element=*}, auth_user1"});
    }

    @Test
    public void grantModifyAllKeyspaces() {
        Assertions.assertThat(addedMsgs("GRANT MODIFY ON ALL KEYSPACES TO 'auth_user1'")).containsExactly(new String[]{"cassandra, ALLOW, ACCESS, [MODIFY], AuthorizedResource{kind=KEYSPACE, keyspace=*, element=*}, auth_user1"});
    }

    @Test
    public void grantModifyTablesInOneKeyspace() {
        Assertions.assertThat(addedMsgs("GRANT MODIFY ON KEYSPACE auth_keyspace2 TO 'auth_user1'")).containsExactly(new String[]{"cassandra, ALLOW, ACCESS, [MODIFY], AuthorizedResource{kind=KEYSPACE, keyspace=auth_keyspace2, element=*}, auth_user1"});
    }

    @Test
    public void grantExecuteAllFunctions() {
        Assertions.assertThat(addedMsgs("GRANT EXECUTE ON ALL FUNCTIONS TO auth_user1")).containsExactly(new String[]{"cassandra, ALLOW, ACCESS, [EXECUTE], AuthorizedResource{kind=FUNCTION, keyspace=*, element=*}, auth_user1"});
    }

    @Test
    public void grantExecuteAllFunctionsInKeyspace() {
        Assertions.assertThat(addedMsgs("GRANT EXECUTE ON ALL FUNCTIONS IN KEYSPACE auth_keyspace2 TO auth_user1")).containsExactly(new String[]{"cassandra, ALLOW, ACCESS, [EXECUTE], AuthorizedResource{kind=FUNCTION, keyspace=auth_keyspace2, element=*}, auth_user1"});
    }

    @Test
    public void restrictUpdate() {
        Assumptions.assumeTrue(this.backend.isDse());
        Assertions.assertThat(addedMsgs("RESTRICT UPDATE on table3 TO 'auth_user1'")).containsExactly(new String[]{"cassandra, DENY, ACCESS, [UPDATE], AuthorizedResource{kind=TABLE, keyspace=auth_keyspace2, element=table3}, auth_user1"});
    }

    @Test
    public void unrestrictUpdate() {
        Assumptions.assumeTrue(this.backend.isDse());
        Assertions.assertThat(removedMsgs("UNRESTRICT UPDATE on auth_keyspace2.table3 FROM 'auth_user1'")).containsExactly(new String[]{"cassandra, DENY, ACCESS, [UPDATE], AuthorizedResource{kind=TABLE, keyspace=auth_keyspace2, element=table3}, auth_user1"});
    }

    @Test
    public void grantModify() {
        Assertions.assertThat(addedMsgs("GRANT MODIFY on table3 TO 'auth_user1'")).containsExactly(new String[]{"cassandra, ALLOW, ACCESS, [MODIFY], AuthorizedResource{kind=TABLE, keyspace=auth_keyspace2, element=table3}, auth_user1"});
    }

    @Test
    public void revokeModify() {
        Assertions.assertThat(removedMsgs("REVOKE MODIFY on table3 FROM 'auth_user1'")).containsExactly(new String[]{"cassandra, ALLOW, ACCESS, [MODIFY], AuthorizedResource{kind=TABLE, keyspace=auth_keyspace2, element=table3}, auth_user1"});
    }

    @Test
    public void grantAuthorizeTruncate(ClusterConnectionInfo clusterConnectionInfo) {
        Assumptions.assumeTrue(clusterConnectionInfo.isDse());
        Assertions.assertThat(addedMsgs("GRANT AUTHORIZE FOR SELECT, TRUNCATE on table3 TO 'auth_user1'")).containsExactly(new String[]{"cassandra, ALLOW, AUTHORITY, [SELECT, TRUNCATE], AuthorizedResource{kind=TABLE, keyspace=auth_keyspace2, element=table3}, auth_user1"});
    }

    @Test
    public void revokeAuthorizeTruncate() {
        Assumptions.assumeTrue(this.backend.isDse());
        Assertions.assertThat(removedMsgs("REVOKE AUTHORIZE FOR SELECT, TRUNCATE on table3 FROM 'auth_user1'")).containsExactly(new String[]{"cassandra, ALLOW, AUTHORITY, [SELECT, TRUNCATE], AuthorizedResource{kind=TABLE, keyspace=auth_keyspace2, element=table3}, auth_user1"});
    }

    @Test
    public void grantAuthorize(ClusterConnectionInfo clusterConnectionInfo) {
        Assertions.assertThat(addedMsgs("GRANT AUTHORIZE on table3 TO 'auth_user1'")).containsExactly(new String[]{"cassandra, ALLOW, ACCESS, [AUTHORIZE], AuthorizedResource{kind=TABLE, keyspace=auth_keyspace2, element=table3}, auth_user1"});
    }

    @Test
    public void revokeAuthorize(ClusterConnectionInfo clusterConnectionInfo) {
        Assertions.assertThat(removedMsgs("REVOKE AUTHORIZE on table3 FROM 'auth_user1'")).containsExactly(new String[]{"cassandra, ALLOW, ACCESS, [AUTHORIZE], AuthorizedResource{kind=TABLE, keyspace=auth_keyspace2, element=table3}, auth_user1"});
    }

    @Test
    public void grantDescribeAllMBeans(ClusterConnectionInfo clusterConnectionInfo) {
        Assertions.assertThatThrownBy(() -> {
            addedMsgs("GRANT DESCRIBE ON ALL MBEANS TO 'auth_user1'");
        }).hasMessageContaining("Unsupported resource type");
    }
}
