package com.hortonworks.smm.kafka.services.lineage;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.hortonworks.smm.kafka.common.entities.LineageForTopic;
import com.hortonworks.smm.kafka.services.clients.ClientState;
import com.hortonworks.smm.kafka.services.clients.ConsumerGroupManagementService;
import com.hortonworks.smm.kafka.services.clients.ProducerMetricsService;
import com.hortonworks.smm.kafka.services.clients.dtos.ConsumerGroupInfo;
import com.hortonworks.smm.kafka.services.clients.dtos.PartitionAssignment;
import com.hortonworks.smm.kafka.services.common.errors.InvalidConfigException;
import com.hortonworks.smm.kafka.services.common.errors.InvalidKafkaMetricsApiResponse;
import com.hortonworks.smm.kafka.services.management.TopicManagementService;
import com.hortonworks.smm.kafka.services.metric.TimeSpan;
import com.hortonworks.smm.kafka.services.security.AuthenticationContext;
import com.hortonworks.smm.kafka.services.security.AuthorizationException;
import com.hortonworks.smm.kafka.services.security.AuthorizedGroupService;
import com.hortonworks.smm.kafka.services.security.Permission;
import com.hortonworks.smm.kafka.services.security.ResourceType;
import com.hortonworks.smm.kafka.services.security.SMMAuthorizer;
import java.security.Principal;
import java.util.Collections;
import java.util.Iterator;
import javax.ws.rs.core.SecurityContext;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:com/hortonworks/smm/kafka/services/lineage/LineageServiceAuthTest.class */
class LineageServiceAuthTest {
    private LineageService lineageService;
    private AuthorizedGroupService authorizedGroupService;
    private ProducerLineageService producerLineageService;
    private ProducerMetricsService producerMetricsService;
    private TopicManagementService topicManagementService;
    private ConsumerGroupManagementService consumerGroupManagementService;
    private SecurityContext securityContext;
    private SMMAuthorizer authorizer;
    private Principal principal;
    private static final String TOPIC_NAME = "topic-1";
    private static final String GROUP_ID = "group-id";
    private static final String CLIENT = "client-1";
    private static final Integer PARTITION = 1;

    LineageServiceAuthTest() {
    }

    @BeforeEach
    void setUp() {
        this.producerLineageService = (ProducerLineageService) Mockito.mock(ProducerLineageService.class);
        this.producerMetricsService = (ProducerMetricsService) Mockito.mock(ProducerMetricsService.class);
        this.topicManagementService = (TopicManagementService) Mockito.mock(TopicManagementService.class);
        this.securityContext = (SecurityContext) Mockito.mock(SecurityContext.class);
        this.authorizer = (SMMAuthorizer) Mockito.mock(SMMAuthorizer.class);
        this.consumerGroupManagementService = (ConsumerGroupManagementService) Mockito.mock(ConsumerGroupManagementService.class);
        this.principal = (Principal) Mockito.mock(Principal.class);
        this.authorizedGroupService = new AuthorizedGroupService(this.consumerGroupManagementService, this.authorizer);
        this.lineageService = new LineageService(this.authorizedGroupService, this.producerLineageService, this.producerMetricsService, this.topicManagementService, this.authorizer);
        Mockito.when(this.producerMetricsService.getAllProducerMetrics((ClientState) ArgumentMatchers.any(), (TimeSpan) ArgumentMatchers.any())).thenReturn(LineageServiceTest.producerMetrics(ImmutableMap.of(CLIENT, ImmutableList.of(TOPIC_NAME, "topic-2"), "client-2", ImmutableList.of("topic-2"), "client-3", ImmutableList.of(TOPIC_NAME, "topic-3"))));
        Mockito.when(this.securityContext.getUserPrincipal()).thenReturn(this.principal);
    }

    @Test
    void testUserIsNotAuthorizedForTopicDescribe() {
        Mockito.when(this.consumerGroupManagementService.consumerGroups((ClientState) ArgumentMatchers.any())).thenReturn(Collections.singleton(new ConsumerGroupInfo(GROUP_ID, "ACTIVE")));
        Mockito.when(Boolean.valueOf(this.authorizer.authorize((AuthenticationContext) ArgumentMatchers.any(), (ResourceType) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (Permission) ArgumentMatchers.any()))).thenReturn(false);
        Assertions.assertThrows(AuthorizationException.class, () -> {
            this.lineageService.getLineageForTopicPartition(TOPIC_NAME, PARTITION, this.securityContext);
        });
    }

    @Test
    void testUserIsNotAuthorizedForGroupDescribe() throws InvalidKafkaMetricsApiResponse, InvalidConfigException {
        Mockito.when(this.consumerGroupManagementService.consumerGroups((ClientState) ArgumentMatchers.any())).thenReturn(Collections.singleton(new ConsumerGroupInfo(GROUP_ID, "ACTIVE")));
        Mockito.when(Boolean.valueOf(this.authorizer.authorize((AuthenticationContext) ArgumentMatchers.any(), (ResourceType) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (Permission) ArgumentMatchers.any()))).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.authorizer.authorize((AuthenticationContext) ArgumentMatchers.any(), (ResourceType) ArgumentMatchers.argThat(resourceType -> {
            return resourceType.equals(ResourceType.GROUP);
        }), (String) ArgumentMatchers.any(), (Permission) ArgumentMatchers.any()))).thenReturn(false);
        Iterator it = this.lineageService.getLineageForProducer(CLIENT, new TimeSpan(TimeSpan.TimePeriod.LAST_SIX_HOURS), this.securityContext).getLineagesForTopics().iterator();
        while (it.hasNext()) {
            Assertions.assertTrue(((LineageForTopic) it.next()).getGroupIds().isEmpty());
        }
        Assertions.assertTrue(this.lineageService.getLineageForTopicPartition(TOPIC_NAME, PARTITION, this.securityContext).getConsumerGroups().isEmpty());
    }

    @Test
    void testUserisAuthorizedForGroupDescribe() throws InvalidKafkaMetricsApiResponse, InvalidConfigException {
        Mockito.when(this.consumerGroupManagementService.consumerGroups((ClientState) ArgumentMatchers.any())).thenReturn(Collections.singleton(new ConsumerGroupInfo(GROUP_ID, "ACTIVE", ImmutableMap.of(TOPIC_NAME, ImmutableMap.of(1, new PartitionAssignment(0L, 1L, 1L, "consumerId", "clientId", "host", 1L))), true)));
        Mockito.when(Boolean.valueOf(this.authorizer.authorize((AuthenticationContext) ArgumentMatchers.any(), (ResourceType) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (Permission) ArgumentMatchers.any()))).thenReturn(true);
        Iterator it = this.lineageService.getLineageForProducer(CLIENT, new TimeSpan(TimeSpan.TimePeriod.LAST_SIX_HOURS), this.securityContext).getLineagesForTopics().iterator();
        while (it.hasNext()) {
            Assertions.assertFalse(((LineageForTopic) it.next()).getGroupIds().isEmpty());
        }
        Assertions.assertFalse(this.lineageService.getLineageForTopicPartition(TOPIC_NAME, PARTITION, this.securityContext).getConsumerGroups().isEmpty());
    }
}
