package io.stargate.it.http.graphql.cqlfirst;

import com.datastax.oss.driver.api.core.CqlIdentifier;
import com.jayway.jsonpath.JsonPath;
import com.jayway.jsonpath.Predicate;
import io.stargate.it.KeycloakContainer;
import io.stargate.it.driver.CqlSessionExtension;
import io.stargate.it.driver.CqlSessionSpec;
import io.stargate.it.driver.TestKeyspace;
import io.stargate.it.http.ApiServiceConnectionInfo;
import io.stargate.it.http.graphql.BaseGraphqlV2ApiTest;
import io.stargate.it.storage.StargateParameters;
import io.stargate.it.storage.StargateSpec;
import java.io.IOException;
import java.util.Map;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.testcontainers.junit.jupiter.Testcontainers;

@ExtendWith({CqlSessionExtension.class})
@CqlSessionSpec(initQueries = {"CREATE ROLE IF NOT EXISTS 'web_user' WITH PASSWORD = 'web_user' AND LOGIN = TRUE", "CREATE TABLE \"Books\"(title text PRIMARY KEY, author text)", "CREATE TABLE \"Secret\"(k int PRIMARY KEY)", "GRANT MODIFY ON TABLE \"Books\" TO web_user", "CREATE KEYSPACE IF NOT EXISTS stargate_graphql WITH replication = {'class': 'SimpleStrategy', 'replication_factor': 1}", "GRANT SELECT ON KEYSPACE stargate_graphql TO web_user"})
@Testcontainers(disabledWithoutDocker = true)
@StargateSpec(parametersCustomizer = "buildParameters")
/* loaded from: input_file:io/stargate/it/http/graphql/cqlfirst/JwtAuthTest.class */
public class JwtAuthTest extends BaseGraphqlV2ApiTest {
    private static KeycloakContainer keycloakContainer;
    private CqlFirstClient client;

    public static void buildParameters(StargateParameters.Builder builder) throws IOException {
        keycloakContainer = new KeycloakContainer();
        keycloakContainer.initKeycloakContainer();
        builder.enableAuth(true);
        builder.putSystemProperties("stargate.auth_id", "AuthJwtService");
        builder.putSystemProperties("stargate.auth.jwt_provider_url", String.format("%s/auth/realms/stargate/protocol/openid-connect/certs", keycloakContainer.host()));
    }

    @AfterAll
    public static void teardown() {
        keycloakContainer.stop();
    }

    @BeforeEach
    public void setup(ApiServiceConnectionInfo apiServiceConnectionInfo) throws IOException {
        this.client = new CqlFirstClient(apiServiceConnectionInfo.host(), apiServiceConnectionInfo.port(), keycloakContainer.generateJWT());
    }

    @DisplayName("Should execute GraphQL mutation when authorized")
    @Test
    public void mutationTest(@TestKeyspace CqlIdentifier cqlIdentifier) {
        Assertions.assertThat((String) JsonPath.read(this.client.executeDmlQuery(cqlIdentifier, "mutation {\n  insertBooks(value: {title:\"Moby Dick\", author:\"Herman Melville\"}) {\n    value { title }\n  }\n}"), "$.insertBooks.value.title", new Predicate[0])).isEqualTo("Moby Dick");
    }

    @DisplayName("Should execute batch of GraphQL mutations when authorized")
    @Test
    public void batchTest(@TestKeyspace CqlIdentifier cqlIdentifier) {
        Map<String, Object> executeDmlQuery = this.client.executeDmlQuery(cqlIdentifier, "mutation {\n  moby: insertBooks(value: {title:\"Moby Dick\", author:\"Herman Melville\"}) {\n    value { title }\n  }\n  catch22: insertBooks(value: {title:\"Catch-22\", author:\"Joseph Heller\"}) {\n    value { title }\n  }\n}\n");
        Assertions.assertThat((String) JsonPath.read(executeDmlQuery, "$.moby.value.title", new Predicate[0])).isEqualTo("Moby Dick");
        Assertions.assertThat((String) JsonPath.read(executeDmlQuery, "$.catch22.value.title", new Predicate[0])).isEqualTo("Catch-22");
    }

    @DisplayName("Should fail to execute GraphQL when not authorized")
    @Test
    public void unauthorizedTest(@TestKeyspace CqlIdentifier cqlIdentifier) {
        Assertions.assertThat(this.client.getDmlQueryError(cqlIdentifier, "mutation { insertSecret(value: {k:1}) { value { k } } }")).contains(new CharSequence[]{"PERMISSION_DENIED"});
    }
}
