package com.floragunn.searchguard.enterprise.auditlog.integration;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Format;
import com.floragunn.searchguard.auditlog.AuditLog;
import com.floragunn.searchguard.enterprise.auditlog.impl.AuditMessage;
import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.cluster.BearerAuthorization;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import com.floragunn.searchsupport.junit.AsyncAssert;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.http.Header;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/auditlog/integration/AuditlogIntegrationTest.class */
public class AuditlogIntegrationTest {
    static final TestSgConfig.User AUDIT_IGNORED_USER = new TestSgConfig.User("audit_ignored_user").roles(new TestSgConfig.Role[]{new TestSgConfig.Role("all_access").indexPermissions(new String[]{"*"}).on(new String[]{"*"}).clusterPermissions(new String[]{"*"})});
    static final TestSgConfig.User USER = new TestSgConfig.User("user").roles(new TestSgConfig.Role[]{new TestSgConfig.Role("all_access").indexPermissions(new String[]{"*"}).on(new String[]{"*"}).clusterPermissions(new String[]{"*"})});
    static TestSgConfig.Authc AUTHC = new TestSgConfig.Authc(new TestSgConfig.Authc.Domain[]{new TestSgConfig.Authc.Domain("basic/internal_users_db")});

    @ClassRule
    public static LocalCluster.Embedded cluster = new LocalCluster.Builder().users(new TestSgConfig.User[]{AUDIT_IGNORED_USER, USER}).authc(AUTHC).sslEnabled().enterpriseModulesEnabled().nodeSettings(new Object[]{"action.destructive_requires_name", false, "searchguard.audit.type", TestAuditlogImpl.class.getName(), "searchguard.audit.enable_transport", true, "searchguard.audit.enable_rest", true, "searchguard.audit.threadpool.size", 0, "searchguard.audit.ignore_users", Collections.singletonList(AUDIT_IGNORED_USER.getName())}).embedded().build();

    @Test
    public void testAuditLog_kibanaLogin() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(new Header[0]);
        try {
            TestAuditlogImpl.clear();
            DocNode of = DocNode.of("user", USER.getName(), "password", USER.getPassword());
            GenericRestClient.HttpResponse postJson = restClient.postJson("/_searchguard/auth/session", of, new Header[0]);
            MatcherAssert.assertThat(postJson.getBody(), Integer.valueOf(postJson.getStatusCode()), Matchers.equalTo(201));
            AsyncAssert.awaitAssert("Messages arrived", () -> {
                return getMessagesByCategory(AuditMessage.Category.KIBANA_LOGIN).size() == 1;
            }, Duration.ofSeconds(2L));
            DocNode from = DocNode.parse(Format.JSON).from(getMessagesByCategory(AuditMessage.Category.KIBANA_LOGIN).get(0).toJson());
            MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_category"), Matchers.equalTo(AuditMessage.Category.KIBANA_LOGIN.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_node_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_request_origin"), Matchers.equalTo(AuditLog.Origin.REST.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_node_id"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_request_layer"), Matchers.equalTo(AuditLog.Origin.REST.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.getAsString("@timestamp"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_request_remote_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_node_host_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_request_effective_user"), Matchers.equalTo(of.getAsString("user")));
            MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_request_effective_user_auth_domain"), Matchers.equalTo("basic/internal_users_db"));
            MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_node_elasticsearch_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_node_host_name"), Matchers.notNullValue());
            TestAuditlogImpl.clear();
            GenericRestClient.HttpResponse postJson2 = restClient.postJson("/_searchguard/auth/session/with_header", DocNode.EMPTY, new Header[]{cluster.getBasicAuthHeader(USER.getName(), USER.getPassword())});
            MatcherAssert.assertThat(postJson2.getBody(), Integer.valueOf(postJson2.getStatusCode()), Matchers.equalTo(200));
            AsyncAssert.awaitAssert("Messages arrived", () -> {
                return getMessagesByCategory(AuditMessage.Category.KIBANA_LOGIN).size() == 1;
            }, Duration.ofSeconds(2L));
            DocNode from2 = DocNode.parse(Format.JSON).from(getMessagesByCategory(AuditMessage.Category.KIBANA_LOGIN).get(0).toJson());
            MatcherAssert.assertThat(from2.toJsonString(), from2.getAsString("audit_category"), Matchers.equalTo(AuditMessage.Category.KIBANA_LOGIN.name()));
            MatcherAssert.assertThat(from2.toJsonString(), from2.getAsString("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.getAsString("audit_node_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.getAsString("audit_request_origin"), Matchers.equalTo(AuditLog.Origin.REST.name()));
            MatcherAssert.assertThat(from2.toJsonString(), from2.getAsString("audit_node_id"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.getAsString("audit_request_layer"), Matchers.equalTo(AuditLog.Origin.REST.name()));
            MatcherAssert.assertThat(from2.toJsonString(), from2.getAsString("@timestamp"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.getAsString("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.getAsString("audit_request_remote_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.getAsString("audit_node_host_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.getAsString("audit_request_effective_user"), Matchers.equalTo(of.getAsString("user")));
            MatcherAssert.assertThat(from2.toJsonString(), from2.getAsString("audit_request_effective_user_auth_domain"), Matchers.equalTo("basic/internal_users_db"));
            MatcherAssert.assertThat(from2.toJsonString(), from2.getAsString("audit_node_elasticsearch_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.getAsString("audit_node_host_name"), Matchers.notNullValue());
            if (restClient != null) {
                restClient.close();
            }
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuditLog_kibanaLogout() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(new Header[0]);
        try {
            GenericRestClient.HttpResponse postJson = restClient.postJson("/_searchguard/auth/session/with_header", DocNode.EMPTY, new Header[]{cluster.getBasicAuthHeader(USER.getName(), USER.getPassword())});
            MatcherAssert.assertThat(postJson.getBody(), Integer.valueOf(postJson.getStatusCode()), Matchers.equalTo(200));
            String asString = postJson.getBodyAsDocNode().getAsString("token");
            Assert.assertNotNull(postJson.getBody(), asString);
            if (restClient != null) {
                restClient.close();
            }
            restClient = cluster.getRestClient(new Header[]{new BearerAuthorization(asString)});
            try {
                TestAuditlogImpl.clear();
                GenericRestClient.HttpResponse delete = restClient.delete("/_searchguard/auth/session", new Header[0]);
                MatcherAssert.assertThat(delete.getBody(), Integer.valueOf(delete.getStatusCode()), Matchers.equalTo(200));
                AsyncAssert.awaitAssert("Messages arrived", () -> {
                    return getMessagesByCategory(AuditMessage.Category.KIBANA_LOGOUT).size() == 1;
                }, Duration.ofSeconds(2L));
                DocNode from = DocNode.parse(Format.JSON).from(getMessagesByCategory(AuditMessage.Category.KIBANA_LOGOUT).get(0).toJson());
                MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_category"), Matchers.equalTo(AuditMessage.Category.KIBANA_LOGOUT.name()));
                MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_cluster_name"), Matchers.notNullValue());
                MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_node_name"), Matchers.notNullValue());
                MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_request_origin"), Matchers.equalTo(AuditLog.Origin.REST.name()));
                MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_node_id"), Matchers.notNullValue());
                MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_request_layer"), Matchers.equalTo(AuditLog.Origin.REST.name()));
                MatcherAssert.assertThat(from.toJsonString(), from.getAsString("@timestamp"), Matchers.notNullValue());
                MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_format_version"), Matchers.notNullValue());
                MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_request_remote_address"), Matchers.notNullValue());
                MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_node_host_address"), Matchers.notNullValue());
                MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_request_effective_user"), Matchers.equalTo(USER.getName()));
                MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_request_effective_user_auth_domain"), Matchers.nullValue());
                MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_node_elasticsearch_version"), Matchers.notNullValue());
                MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_node_host_name"), Matchers.notNullValue());
                if (restClient != null) {
                    restClient.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testAuditLog_composableIndexTemplateWriteHistory() throws Exception {
        GenericRestClient trackResources = cluster.getRestClient(USER, new Header[0]).trackResources();
        try {
            TestAuditlogImpl.clear();
            DocNode of = DocNode.of("index_patterns", Collections.singletonList("test-composable"));
            GenericRestClient.HttpResponse putJson = trackResources.putJson("/_index_template/" + "test-composable-template", of);
            MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(200));
            AsyncAssert.awaitAssert("Messages arrived", () -> {
                return getMessagesByCategory(AuditMessage.Category.INDEX_TEMPLATE_WRITE).size() == 1;
            }, Duration.ofSeconds(2L));
            DocNode from = DocNode.parse(Format.JSON).from(getMessagesByCategory(AuditMessage.Category.INDEX_TEMPLATE_WRITE).get(0).toJson());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_category"), Matchers.equalTo(AuditMessage.Category.INDEX_TEMPLATE_WRITE.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_compliance_operation"), Matchers.equalTo(AuditLog.Operation.CREATE.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.getAsListOfStrings("audit_trace_index_templates"), Matchers.hasSize(1));
            MatcherAssert.assertThat(from.toJsonString(), (String) from.getAsListOfStrings("audit_trace_index_templates").get(0), Matchers.equalTo("test-composable-template"));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_origin"), Matchers.equalTo(AuditLog.Origin.REST.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_layer"), Matchers.equalTo(AuditLog.Origin.TRANSPORT.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_body"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_id"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("@timestamp"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_remote_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_host_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_effective_user"), Matchers.equalTo(USER.getName()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_effective_user_auth_domain"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_host_name"), Matchers.notNullValue());
            TestAuditlogImpl.clear();
            GenericRestClient.HttpResponse putJson2 = trackResources.putJson("/_index_template/" + "test-composable-template", of.with("index_patterns", Collections.singletonList("composable-new-pattern")));
            MatcherAssert.assertThat(putJson2.getBody(), Integer.valueOf(putJson2.getStatusCode()), Matchers.equalTo(200));
            AsyncAssert.awaitAssert("Messages arrived", () -> {
                return getMessagesByCategory(AuditMessage.Category.INDEX_TEMPLATE_WRITE).size() == 1;
            }, Duration.ofSeconds(2L));
            DocNode from2 = DocNode.parse(Format.JSON).from(getMessagesByCategory(AuditMessage.Category.INDEX_TEMPLATE_WRITE).get(0).toJson());
            MatcherAssert.assertThat(from2.toJsonString(), from2.getAsString("audit_category"), Matchers.equalTo(AuditMessage.Category.INDEX_TEMPLATE_WRITE.name()));
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_compliance_operation"), Matchers.equalTo(AuditLog.Operation.UPDATE.name()));
            MatcherAssert.assertThat(from2.toJsonString(), from2.getAsListOfStrings("audit_trace_index_templates"), Matchers.hasSize(1));
            MatcherAssert.assertThat(from2.toJsonString(), (String) from2.getAsListOfStrings("audit_trace_index_templates").get(0), Matchers.equalTo("test-composable-template"));
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_node_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_request_origin"), Matchers.equalTo(AuditLog.Origin.REST.name()));
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_request_layer"), Matchers.equalTo(AuditLog.Origin.TRANSPORT.name()));
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_request_body"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_node_id"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("@timestamp"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_request_remote_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_node_host_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_request_effective_user"), Matchers.equalTo(USER.getName()));
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_request_effective_user_auth_domain"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_node_host_name"), Matchers.notNullValue());
            TestAuditlogImpl.clear();
            GenericRestClient.HttpResponse delete = trackResources.delete("/_index_template/" + "test-composable-template", new Header[0]);
            MatcherAssert.assertThat(delete.getBody(), Integer.valueOf(delete.getStatusCode()), Matchers.equalTo(200));
            AsyncAssert.awaitAssert("Messages arrived", () -> {
                return getMessagesByCategory(AuditMessage.Category.INDEX_TEMPLATE_WRITE).size() == 1;
            }, Duration.ofSeconds(2L));
            DocNode from3 = DocNode.parse(Format.JSON).from(getMessagesByCategory(AuditMessage.Category.INDEX_TEMPLATE_WRITE).get(0).toJson());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_category"), Matchers.equalTo(AuditMessage.Category.INDEX_TEMPLATE_WRITE.name()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_compliance_operation"), Matchers.equalTo(AuditLog.Operation.DELETE.name()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.getAsListOfStrings("audit_trace_index_templates"), Matchers.hasSize(1));
            MatcherAssert.assertThat(from3.toJsonString(), (String) from3.getAsListOfStrings("audit_trace_index_templates").get(0), Matchers.equalTo("test-composable-template"));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_origin"), Matchers.equalTo(AuditLog.Origin.REST.name()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_layer"), Matchers.equalTo(AuditLog.Origin.TRANSPORT.name()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_id"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("@timestamp"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_remote_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_host_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_effective_user"), Matchers.equalTo(USER.getName()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_effective_user_auth_domain"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_host_name"), Matchers.notNullValue());
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuditLog_legacyIndexTemplateWriteHistory() throws Exception {
        GenericRestClient trackResources = cluster.getRestClient(USER, new Header[0]).trackResources();
        try {
            TestAuditlogImpl.clear();
            DocNode of = DocNode.of("index_patterns", Collections.singletonList("test-legacy"));
            GenericRestClient.HttpResponse putJson = trackResources.putJson("/_template/" + "test-legacy-template", of);
            MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(200));
            AsyncAssert.awaitAssert("Messages arrived", () -> {
                return getMessagesByCategory(AuditMessage.Category.INDEX_TEMPLATE_WRITE).size() == 1;
            }, Duration.ofSeconds(2L));
            DocNode from = DocNode.parse(Format.JSON).from(getMessagesByCategory(AuditMessage.Category.INDEX_TEMPLATE_WRITE).get(0).toJson());
            MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_category"), Matchers.equalTo(AuditMessage.Category.INDEX_TEMPLATE_WRITE.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_compliance_operation"), Matchers.equalTo(AuditLog.Operation.CREATE.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.getAsListOfStrings("audit_trace_index_templates"), Matchers.hasSize(1));
            MatcherAssert.assertThat(from.toJsonString(), (String) from.getAsListOfStrings("audit_trace_index_templates").get(0), Matchers.equalTo("test-legacy-template"));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_origin"), Matchers.equalTo(AuditLog.Origin.REST.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_layer"), Matchers.equalTo(AuditLog.Origin.TRANSPORT.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_body"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_id"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("@timestamp"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_remote_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_host_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_effective_user"), Matchers.equalTo(USER.getName()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_effective_user_auth_domain"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_host_name"), Matchers.notNullValue());
            TestAuditlogImpl.clear();
            GenericRestClient.HttpResponse putJson2 = trackResources.putJson("/_template/" + "test-legacy-template", of.with("index_patterns", Collections.singletonList("legacy-new-pattern")));
            MatcherAssert.assertThat(putJson2.getBody(), Integer.valueOf(putJson2.getStatusCode()), Matchers.equalTo(200));
            AsyncAssert.awaitAssert("Messages arrived", () -> {
                return getMessagesByCategory(AuditMessage.Category.INDEX_TEMPLATE_WRITE).size() == 1;
            }, Duration.ofSeconds(2L));
            DocNode from2 = DocNode.parse(Format.JSON).from(getMessagesByCategory(AuditMessage.Category.INDEX_TEMPLATE_WRITE).get(0).toJson());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_category"), Matchers.equalTo(AuditMessage.Category.INDEX_TEMPLATE_WRITE.name()));
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_compliance_operation"), Matchers.equalTo(AuditLog.Operation.UPDATE.name()));
            MatcherAssert.assertThat(from2.toJsonString(), from2.getAsListOfStrings("audit_trace_index_templates"), Matchers.hasSize(1));
            MatcherAssert.assertThat(from2.toJsonString(), (String) from2.getAsListOfStrings("audit_trace_index_templates").get(0), Matchers.equalTo("test-legacy-template"));
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_node_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_request_origin"), Matchers.equalTo(AuditLog.Origin.REST.name()));
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_request_layer"), Matchers.equalTo(AuditLog.Origin.TRANSPORT.name()));
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_request_body"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_node_id"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("@timestamp"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_request_remote_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_node_host_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_request_effective_user"), Matchers.equalTo(USER.getName()));
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_request_effective_user_auth_domain"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from2.toJsonString(), from2.get("audit_node_host_name"), Matchers.notNullValue());
            TestAuditlogImpl.clear();
            GenericRestClient.HttpResponse delete = trackResources.delete("/_template/" + "test-legacy-template", new Header[0]);
            MatcherAssert.assertThat(delete.getBody(), Integer.valueOf(delete.getStatusCode()), Matchers.equalTo(200));
            AsyncAssert.awaitAssert("Messages arrived", () -> {
                return getMessagesByCategory(AuditMessage.Category.INDEX_TEMPLATE_WRITE).size() == 1;
            }, Duration.ofSeconds(2L));
            DocNode from3 = DocNode.parse(Format.JSON).from(getMessagesByCategory(AuditMessage.Category.INDEX_TEMPLATE_WRITE).get(0).toJson());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_category"), Matchers.equalTo(AuditMessage.Category.INDEX_TEMPLATE_WRITE.name()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_compliance_operation"), Matchers.equalTo(AuditLog.Operation.DELETE.name()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.getAsListOfStrings("audit_trace_index_templates"), Matchers.hasSize(1));
            MatcherAssert.assertThat(from3.toJsonString(), (String) from3.getAsListOfStrings("audit_trace_index_templates").get(0), Matchers.equalTo("test-legacy-template"));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_origin"), Matchers.equalTo(AuditLog.Origin.REST.name()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_layer"), Matchers.equalTo(AuditLog.Origin.TRANSPORT.name()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_id"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("@timestamp"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_remote_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_host_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_effective_user"), Matchers.equalTo(USER.getName()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_effective_user_auth_domain"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_host_name"), Matchers.notNullValue());
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuditLog_composableIndexTemplateWriteHistory_noLogWhenActionFails() throws Exception {
        GenericRestClient trackResources = cluster.getRestClient(USER, new Header[0]).trackResources();
        try {
            TestAuditlogImpl.clear();
            GenericRestClient.HttpResponse putJson = trackResources.putJson("/_index_template/" + "test-composable-template", DocNode.of("index_patterns", Collections.singletonList("test-composable"), "template", DocNode.of("settings", DocNode.of("number_of_shards", 0))));
            MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(400));
            GenericRestClient.HttpResponse delete = trackResources.delete("/_index_template/1" + "test-composable-template", new Header[0]);
            MatcherAssert.assertThat(delete.getBody(), Integer.valueOf(delete.getStatusCode()), Matchers.equalTo(404));
            Thread.sleep(1000L);
            MatcherAssert.assertThat(TestAuditlogImpl.sb.toString(), getMessagesByCategory(AuditMessage.Category.INDEX_TEMPLATE_WRITE), Matchers.hasSize(0));
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuditLog_legacyIndexTemplateWriteHistory_noLogWhenActionFails() throws Exception {
        GenericRestClient trackResources = cluster.getRestClient(USER, new Header[0]).trackResources();
        try {
            TestAuditlogImpl.clear();
            GenericRestClient.HttpResponse putJson = trackResources.putJson("/_template/" + "test-legacy-template", DocNode.of("index_patterns", Collections.singletonList("test-legacy"), "settings", DocNode.of("number_of_shards", 0)));
            MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(400));
            GenericRestClient.HttpResponse delete = trackResources.delete("/_template/1" + "test-legacy-template", new Header[0]);
            MatcherAssert.assertThat(delete.getBody(), Integer.valueOf(delete.getStatusCode()), Matchers.equalTo(404));
            Thread.sleep(1000L);
            MatcherAssert.assertThat(TestAuditlogImpl.sb.toString(), getMessagesByCategory(AuditMessage.Category.INDEX_TEMPLATE_WRITE), Matchers.hasSize(0));
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuditLog_composableIndexTemplateWriteHistory_noLogWhenUserIsIgnored() throws Exception {
        GenericRestClient trackResources = cluster.getRestClient(AUDIT_IGNORED_USER, new Header[0]).trackResources();
        try {
            TestAuditlogImpl.clear();
            DocNode of = DocNode.of("index_patterns", Collections.singletonList("test-composable"));
            GenericRestClient.HttpResponse putJson = trackResources.putJson("/_index_template/" + "test-composable-template", of);
            MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(200));
            GenericRestClient.HttpResponse putJson2 = trackResources.putJson("/_index_template/" + "test-composable-template", of);
            MatcherAssert.assertThat(putJson2.getBody(), Integer.valueOf(putJson2.getStatusCode()), Matchers.equalTo(200));
            GenericRestClient.HttpResponse delete = trackResources.delete("/_index_template/" + "test-composable-template", new Header[0]);
            MatcherAssert.assertThat(delete.getBody(), Integer.valueOf(delete.getStatusCode()), Matchers.equalTo(200));
            Thread.sleep(1000L);
            MatcherAssert.assertThat(TestAuditlogImpl.sb.toString(), getMessagesByCategory(AuditMessage.Category.INDEX_TEMPLATE_WRITE), Matchers.hasSize(0));
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuditLog_legacyIndexTemplateWriteHistory_noLogWhenUserIsIgnored() throws Exception {
        GenericRestClient trackResources = cluster.getRestClient(AUDIT_IGNORED_USER, new Header[0]).trackResources();
        try {
            TestAuditlogImpl.clear();
            DocNode of = DocNode.of("index_patterns", Collections.singletonList("test-legacy"));
            GenericRestClient.HttpResponse putJson = trackResources.putJson("/_template/" + "test-legacy-template", of);
            MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(200));
            GenericRestClient.HttpResponse putJson2 = trackResources.putJson("/_template/" + "test-legacy-template", of);
            MatcherAssert.assertThat(putJson2.getBody(), Integer.valueOf(putJson2.getStatusCode()), Matchers.equalTo(200));
            GenericRestClient.HttpResponse delete = trackResources.delete("/_template/" + "test-legacy-template", new Header[0]);
            MatcherAssert.assertThat(delete.getBody(), Integer.valueOf(delete.getStatusCode()), Matchers.equalTo(200));
            Thread.sleep(1000L);
            MatcherAssert.assertThat(TestAuditlogImpl.sb.toString(), getMessagesByCategory(AuditMessage.Category.INDEX_TEMPLATE_WRITE), Matchers.hasSize(0));
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuditLog_indexWriteHistory_createOperation_simpleIndexName() throws Exception {
        GenericRestClient trackResources = cluster.getRestClient(USER, new Header[0]).trackResources();
        try {
            TestAuditlogImpl.clear();
            String str = "test-index-simple-name" + "-1";
            GenericRestClient.HttpResponse putJson = trackResources.putJson("/" + str, DocNode.of("settings", DocNode.of("index", DocNode.of("number_of_shards", 3, "number_of_replicas", 2)), "aliases", DocNode.of("alias1", DocNode.EMPTY, "alias2", DocNode.of("filter", DocNode.of("term", DocNode.of("doc", "1")), "index_routing", "shard1")), "mappings", DocNode.of("properties", DocNode.of("field1", DocNode.of("type", "text")))));
            MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(200));
            AsyncAssert.awaitAssert("Messages arrived", () -> {
                return getMessagesByCategory(AuditMessage.Category.INDEX_WRITE).size() == 1;
            }, Duration.ofSeconds(2L));
            DocNode from = DocNode.parse(Format.JSON).from(getMessagesByCategory(AuditMessage.Category.INDEX_WRITE).get(0).toJson());
            MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_category"), Matchers.equalTo(AuditMessage.Category.INDEX_WRITE.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_compliance_operation"), Matchers.equalTo(AuditLog.Operation.CREATE.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.getAsListOfStrings("audit_trace_indices"), Matchers.hasSize(1));
            MatcherAssert.assertThat(from.toJsonString(), (String) from.getAsListOfStrings("audit_trace_indices").get(0), Matchers.equalTo(str));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_trace_resolved_indices"), Matchers.nullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_body"), Matchers.notNullValue());
            DocNode from2 = DocNode.parse(Format.JSON).from(from.getAsString("audit_request_body"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("index"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("settings"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("mappings"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("aliases"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("cause"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("origin"));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_origin"), Matchers.equalTo(AuditLog.Origin.REST.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_layer"), Matchers.equalTo(AuditLog.Origin.TRANSPORT.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_id"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("@timestamp"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_remote_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_host_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_effective_user"), Matchers.equalTo(USER.getName()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_effective_user_auth_domain"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_host_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_elasticsearch_version"), Matchers.notNullValue());
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuditLog_indexWriteHistory_createOperation_indexNameWithDateMath() throws Exception {
        GenericRestClient trackResources = cluster.getRestClient(USER, new Header[0]).trackResources();
        try {
            TestAuditlogImpl.clear();
            String str = "<" + "test-index-date-math-name" + "{now{yyyy|UTC}}>";
            GenericRestClient.HttpResponse putJson = trackResources.putJson("/" + URLEncoder.encode(str, StandardCharsets.UTF_8.toString()), DocNode.of("settings", DocNode.of("index", DocNode.of("number_of_shards", 3, "number_of_replicas", 2))));
            MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(200));
            AsyncAssert.awaitAssert("Messages arrived", () -> {
                return getMessagesByCategory(AuditMessage.Category.INDEX_WRITE).size() == 1;
            }, Duration.ofSeconds(2L));
            DocNode from = DocNode.parse(Format.JSON).from(getMessagesByCategory(AuditMessage.Category.INDEX_WRITE).get(0).toJson());
            MatcherAssert.assertThat(from.toJsonString(), from.getAsString("audit_category"), Matchers.equalTo(AuditMessage.Category.INDEX_WRITE.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_compliance_operation"), Matchers.equalTo(AuditLog.Operation.CREATE.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.getAsListOfStrings("audit_trace_indices"), Matchers.hasSize(1));
            MatcherAssert.assertThat(from.toJsonString(), (String) from.getAsListOfStrings("audit_trace_indices").get(0), Matchers.equalTo(str));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_trace_resolved_indices"), Matchers.nullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_body"), Matchers.notNullValue());
            DocNode from2 = DocNode.parse(Format.JSON).from(from.getAsString("audit_request_body"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("index"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("settings"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("mappings"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("aliases"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("cause"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("origin"));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_origin"), Matchers.equalTo(AuditLog.Origin.REST.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_layer"), Matchers.equalTo(AuditLog.Origin.TRANSPORT.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_id"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("@timestamp"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_remote_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_host_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_effective_user"), Matchers.equalTo(USER.getName()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_effective_user_auth_domain"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_host_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_elasticsearch_version"), Matchers.notNullValue());
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuditLog_indexWriteHistory_createOperation_noLogWhenUserIsIgnored() throws Exception {
        GenericRestClient trackResources = cluster.getRestClient(AUDIT_IGNORED_USER, new Header[0]).trackResources();
        try {
            TestAuditlogImpl.clear();
            GenericRestClient.HttpResponse put = trackResources.put("/" + "test-created-by-ignored-user");
            MatcherAssert.assertThat(put.getBody(), Integer.valueOf(put.getStatusCode()), Matchers.equalTo(200));
            Thread.sleep(1000L);
            MatcherAssert.assertThat(TestAuditlogImpl.sb.toString(), getMessagesByCategory(AuditMessage.Category.INDEX_WRITE), Matchers.hasSize(0));
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuditLog_indexWriteHistory_deleteOperation() throws Exception {
        GenericRestClient trackResources = cluster.getRestClient(USER, new Header[0]).trackResources();
        try {
            Iterator it = Arrays.asList("test-index-delete" + "-1", "<" + "test-index-delete" + "{now{yyyy|UTC}}>").iterator();
            while (it.hasNext()) {
                GenericRestClient.HttpResponse put = trackResources.put("/" + URLEncoder.encode((String) it.next(), StandardCharsets.UTF_8.toString()));
                MatcherAssert.assertThat(put.getBody(), Integer.valueOf(put.getStatusCode()), Matchers.equalTo(200));
            }
            TestAuditlogImpl.clear();
            String str = "test-index-delete" + "*";
            GenericRestClient.HttpResponse delete = trackResources.delete("/" + str, new Header[0]);
            MatcherAssert.assertThat(delete.getBody(), Integer.valueOf(delete.getStatusCode()), Matchers.equalTo(200));
            AsyncAssert.awaitAssert("Messages arrived", () -> {
                return getMessagesByCategory(AuditMessage.Category.INDEX_WRITE).size() == 1;
            }, Duration.ofSeconds(2L));
            DocNode from = DocNode.parse(Format.JSON).from(getMessagesByCategory(AuditMessage.Category.INDEX_WRITE).get(0).toJson());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_category"), Matchers.equalTo(AuditMessage.Category.INDEX_WRITE.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_compliance_operation"), Matchers.equalTo(AuditLog.Operation.DELETE.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.getAsListOfStrings("audit_trace_indices"), Matchers.hasSize(1));
            MatcherAssert.assertThat(from.toJsonString(), (String) from.getAsListOfStrings("audit_trace_indices").get(0), Matchers.equalTo(str));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_trace_resolved_indices"), Matchers.nullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_origin"), Matchers.equalTo(AuditLog.Origin.REST.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_layer"), Matchers.equalTo(AuditLog.Origin.TRANSPORT.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("@timestamp"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_remote_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_host_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_effective_user"), Matchers.equalTo(USER.getName()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_effective_user_auth_domain"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_elasticsearch_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_host_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_id"), Matchers.notNullValue());
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuditLog_indexWriteHistory_deleteOperation_noLogWhenUserIsIgnored() throws Exception {
        GenericRestClient trackResources = cluster.getRestClient(AUDIT_IGNORED_USER, new Header[0]).trackResources();
        try {
            GenericRestClient.HttpResponse put = trackResources.put("/" + "test-deleted-by-ignored-user");
            MatcherAssert.assertThat(put.getBody(), Integer.valueOf(put.getStatusCode()), Matchers.equalTo(200));
            TestAuditlogImpl.clear();
            GenericRestClient.HttpResponse delete = trackResources.delete("/" + "test-deleted-by-ignored-user", new Header[0]);
            MatcherAssert.assertThat(delete.getBody(), Integer.valueOf(delete.getStatusCode()), Matchers.equalTo(200));
            Thread.sleep(1000L);
            MatcherAssert.assertThat(TestAuditlogImpl.sb.toString(), getMessagesByCategory(AuditMessage.Category.INDEX_WRITE), Matchers.hasSize(0));
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuditLog_indexSettingsWriteHistory() throws Exception {
        GenericRestClient trackResources = cluster.getRestClient(USER, new Header[0]).trackResources();
        try {
            DocNode of = DocNode.of("settings", DocNode.of("index", DocNode.of("number_of_shards", 2, "number_of_replicas", 2)));
            Iterator it = Arrays.asList("test-index-settings-update" + "-1", "test-index-settings-update" + "-2", "another-test-index-settings-update").iterator();
            while (it.hasNext()) {
                GenericRestClient.HttpResponse putJson = trackResources.putJson("/" + ((String) it.next()), of);
                MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(200));
            }
            TestAuditlogImpl.clear();
            String str = "test-index-settings-update" + "*";
            GenericRestClient.HttpResponse putJson2 = trackResources.putJson("/" + str + "/_settings", DocNode.of("index", DocNode.of("number_of_replicas", Integer.valueOf(2 + 1))));
            MatcherAssert.assertThat(putJson2.getBody(), Integer.valueOf(putJson2.getStatusCode()), Matchers.equalTo(200));
            AsyncAssert.awaitAssert("Messages arrived", () -> {
                return getMessagesByCategory(AuditMessage.Category.INDEX_WRITE).size() == 1;
            }, Duration.ofSeconds(2L));
            DocNode from = DocNode.parse(Format.JSON).from(getMessagesByCategory(AuditMessage.Category.INDEX_WRITE).get(0).toJson());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_category"), Matchers.equalTo(AuditMessage.Category.INDEX_WRITE.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_compliance_operation"), Matchers.equalTo(AuditLog.Operation.UPDATE.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.getAsListOfStrings("audit_trace_indices"), Matchers.hasSize(1));
            MatcherAssert.assertThat(from.toJsonString(), (String) from.getAsListOfStrings("audit_trace_indices").get(0), Matchers.equalTo(str));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_trace_resolved_indices"), Matchers.nullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_body"), Matchers.notNullValue());
            DocNode from2 = DocNode.parse(Format.JSON).from(from.getAsString("audit_request_body"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("indices"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("settings"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("preserve_existing"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("origin"));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_origin"), Matchers.equalTo(AuditLog.Origin.REST.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_layer"), Matchers.equalTo(AuditLog.Origin.TRANSPORT.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_id"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("@timestamp"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_remote_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_host_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_effective_user"), Matchers.equalTo(USER.getName()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_effective_user_auth_domain"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_host_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_elasticsearch_version"), Matchers.notNullValue());
            TestAuditlogImpl.clear();
            GenericRestClient.HttpResponse putJson3 = trackResources.putJson("/" + "another-test-index-settings-update" + "/_settings", DocNode.of("index", DocNode.of("number_of_replicas", 2)));
            MatcherAssert.assertThat(putJson3.getBody(), Integer.valueOf(putJson3.getStatusCode()), Matchers.equalTo(200));
            AsyncAssert.awaitAssert("Messages arrived", () -> {
                return getMessagesByCategory(AuditMessage.Category.INDEX_WRITE).size() == 1;
            }, Duration.ofSeconds(2L));
            DocNode from3 = DocNode.parse(Format.JSON).from(getMessagesByCategory(AuditMessage.Category.INDEX_WRITE).get(0).toJson());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_category"), Matchers.equalTo(AuditMessage.Category.INDEX_WRITE.name()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_compliance_operation"), Matchers.equalTo(AuditLog.Operation.UPDATE.name()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.getAsListOfStrings("audit_trace_indices"), Matchers.hasSize(1));
            MatcherAssert.assertThat(from3.toJsonString(), (String) from3.getAsListOfStrings("audit_trace_indices").get(0), Matchers.equalTo("another-test-index-settings-update"));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_trace_resolved_indices"), Matchers.nullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_body"), Matchers.notNullValue());
            DocNode from4 = DocNode.parse(Format.JSON).from(from3.getAsString("audit_request_body"));
            MatcherAssert.assertThat(from3.toJsonString(), from4, Matchers.hasKey("indices"));
            MatcherAssert.assertThat(from3.toJsonString(), from4, Matchers.hasKey("settings"));
            MatcherAssert.assertThat(from3.toJsonString(), from4, Matchers.hasKey("preserve_existing"));
            MatcherAssert.assertThat(from3.toJsonString(), from4, Matchers.hasKey("origin"));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_origin"), Matchers.equalTo(AuditLog.Origin.REST.name()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_layer"), Matchers.equalTo(AuditLog.Origin.TRANSPORT.name()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_id"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("@timestamp"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_remote_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_host_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_effective_user"), Matchers.equalTo(USER.getName()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_effective_user_auth_domain"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_host_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_elasticsearch_version"), Matchers.notNullValue());
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuditLog_indexSettingsWriteHistory_noLogWhenUserIsIgnored() throws Exception {
        GenericRestClient trackResources = cluster.getRestClient(AUDIT_IGNORED_USER, new Header[0]).trackResources();
        try {
            GenericRestClient.HttpResponse putJson = trackResources.putJson("/" + "test-settings-update-by-ignored-user", DocNode.of("settings", DocNode.of("index", DocNode.of("number_of_shards", 2, "number_of_replicas", 2))));
            MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(200));
            TestAuditlogImpl.clear();
            GenericRestClient.HttpResponse putJson2 = trackResources.putJson("/" + "test-settings-update-by-ignored-user" + "/_settings", DocNode.of("index", DocNode.of("number_of_replicas", Integer.valueOf(2 + 1))));
            MatcherAssert.assertThat(putJson2.getBody(), Integer.valueOf(putJson2.getStatusCode()), Matchers.equalTo(200));
            Thread.sleep(1000L);
            MatcherAssert.assertThat(TestAuditlogImpl.sb.toString(), getMessagesByCategory(AuditMessage.Category.INDEX_WRITE), Matchers.hasSize(0));
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuditLog_indexSettingsWriteHistory_noLogWhenActionFails() throws Exception {
        GenericRestClient trackResources = cluster.getRestClient(USER, new Header[0]).trackResources();
        try {
            GenericRestClient.HttpResponse putJson = trackResources.putJson("/" + "test-invalid-settings-update", DocNode.of("settings", DocNode.of("index", DocNode.of("number_of_shards", 2, "number_of_replicas", 2))));
            MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(200));
            TestAuditlogImpl.clear();
            GenericRestClient.HttpResponse putJson2 = trackResources.putJson("/" + "test-invalid-settings-update" + "/_settings", DocNode.of("index", DocNode.of("number_of_shards", 3)));
            MatcherAssert.assertThat(putJson2.getBody(), Integer.valueOf(putJson2.getStatusCode()), Matchers.equalTo(400));
            Thread.sleep(1000L);
            MatcherAssert.assertThat(TestAuditlogImpl.sb.toString(), getMessagesByCategory(AuditMessage.Category.INDEX_WRITE), Matchers.hasSize(0));
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuditLog_indexMappingsWriteHistory() throws Exception {
        GenericRestClient trackResources = cluster.getRestClient(USER, new Header[0]).trackResources();
        try {
            DocNode of = DocNode.of("mappings", DocNode.of("properties", DocNode.of("email", DocNode.of("type", "keyword"))));
            Iterator it = Arrays.asList("test-index-mappings-update" + "-1", "test-index-mappings-update" + "-2", "another-test-index-mappings-update").iterator();
            while (it.hasNext()) {
                GenericRestClient.HttpResponse putJson = trackResources.putJson("/" + ((String) it.next()), of);
                MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(200));
            }
            TestAuditlogImpl.clear();
            String str = "test-index-mappings-update" + "*";
            GenericRestClient.HttpResponse putJson2 = trackResources.putJson("/" + str + "/_mappings", DocNode.of("properties", DocNode.of("name", DocNode.of("type", "text"))));
            MatcherAssert.assertThat(putJson2.getBody(), Integer.valueOf(putJson2.getStatusCode()), Matchers.equalTo(200));
            AsyncAssert.awaitAssert("Messages arrived", () -> {
                return getMessagesByCategory(AuditMessage.Category.INDEX_WRITE).size() == 1;
            }, Duration.ofSeconds(2L));
            DocNode from = DocNode.parse(Format.JSON).from(getMessagesByCategory(AuditMessage.Category.INDEX_WRITE).get(0).toJson());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_category"), Matchers.equalTo(AuditMessage.Category.INDEX_WRITE.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_compliance_operation"), Matchers.equalTo(AuditLog.Operation.UPDATE.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.getAsListOfStrings("audit_trace_indices"), Matchers.hasSize(1));
            MatcherAssert.assertThat(from.toJsonString(), (String) from.getAsListOfStrings("audit_trace_indices").get(0), Matchers.equalTo(str));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_trace_resolved_indices"), Matchers.nullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_body"), Matchers.notNullValue());
            DocNode from2 = DocNode.parse(Format.JSON).from(from.getAsString("audit_request_body"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("indices"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("source"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("write_index_only"));
            MatcherAssert.assertThat(from.toJsonString(), from2, Matchers.hasKey("origin"));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_origin"), Matchers.equalTo(AuditLog.Origin.REST.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_layer"), Matchers.equalTo(AuditLog.Origin.TRANSPORT.name()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_id"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("@timestamp"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_remote_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_host_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_effective_user"), Matchers.equalTo(USER.getName()));
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_request_effective_user_auth_domain"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_host_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from.toJsonString(), from.get("audit_node_elasticsearch_version"), Matchers.notNullValue());
            TestAuditlogImpl.clear();
            GenericRestClient.HttpResponse putJson3 = trackResources.putJson("/" + "another-test-index-mappings-update" + "/_mappings", DocNode.of("properties", DocNode.of("email", DocNode.of("type", "keyword"))));
            MatcherAssert.assertThat(putJson3.getBody(), Integer.valueOf(putJson3.getStatusCode()), Matchers.equalTo(200));
            AsyncAssert.awaitAssert("Messages arrived", () -> {
                return getMessagesByCategory(AuditMessage.Category.INDEX_WRITE).size() == 1;
            }, Duration.ofSeconds(2L));
            DocNode from3 = DocNode.parse(Format.JSON).from(getMessagesByCategory(AuditMessage.Category.INDEX_WRITE).get(0).toJson());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_category"), Matchers.equalTo(AuditMessage.Category.INDEX_WRITE.name()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_compliance_operation"), Matchers.equalTo(AuditLog.Operation.UPDATE.name()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.getAsListOfStrings("audit_trace_indices"), Matchers.hasSize(1));
            MatcherAssert.assertThat(from3.toJsonString(), (String) from3.getAsListOfStrings("audit_trace_indices").get(0), Matchers.equalTo("another-test-index-mappings-update"));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_trace_resolved_indices"), Matchers.nullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_body"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_cluster_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_origin"), Matchers.equalTo(AuditLog.Origin.REST.name()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_layer"), Matchers.equalTo(AuditLog.Origin.TRANSPORT.name()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_id"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("@timestamp"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_format_version"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_remote_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_host_address"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_effective_user"), Matchers.equalTo(USER.getName()));
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_request_effective_user_auth_domain"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_host_name"), Matchers.notNullValue());
            MatcherAssert.assertThat(from3.toJsonString(), from3.get("audit_node_elasticsearch_version"), Matchers.notNullValue());
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuditLog_indexMappingsWriteHistory_noLogWhenUserIsIgnored() throws Exception {
        GenericRestClient trackResources = cluster.getRestClient(AUDIT_IGNORED_USER, new Header[0]).trackResources();
        try {
            GenericRestClient.HttpResponse putJson = trackResources.putJson("/" + "test-mappings-update-by-ignored-user", DocNode.of("mappings", DocNode.of("properties", DocNode.of("email", DocNode.of("type", "keyword")))));
            MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(200));
            TestAuditlogImpl.clear();
            GenericRestClient.HttpResponse putJson2 = trackResources.putJson("/" + "test-mappings-update-by-ignored-user" + "/_mappings", DocNode.of("properties", DocNode.of("name", DocNode.of("type", "text"))));
            MatcherAssert.assertThat(putJson2.getBody(), Integer.valueOf(putJson2.getStatusCode()), Matchers.equalTo(200));
            Thread.sleep(1000L);
            MatcherAssert.assertThat(TestAuditlogImpl.sb.toString(), getMessagesByCategory(AuditMessage.Category.INDEX_WRITE), Matchers.hasSize(0));
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuditLog_indexMappingsWriteHistory_noLogWhenActionFails() throws Exception {
        GenericRestClient trackResources = cluster.getRestClient(USER, new Header[0]).trackResources();
        try {
            GenericRestClient.HttpResponse putJson = trackResources.putJson("/" + "test-invalid-mappings-update", DocNode.of("mappings", DocNode.of("properties", DocNode.of("email", DocNode.of("type", "keyword")))));
            MatcherAssert.assertThat(putJson.getBody(), Integer.valueOf(putJson.getStatusCode()), Matchers.equalTo(200));
            TestAuditlogImpl.clear();
            GenericRestClient.HttpResponse putJson2 = trackResources.putJson("/" + "test-invalid-mappings-update" + "/_mappings", DocNode.of("properties", DocNode.of("name", DocNode.of("type", "fake"))));
            MatcherAssert.assertThat(putJson2.getBody(), Integer.valueOf(putJson2.getStatusCode()), Matchers.equalTo(400));
            Thread.sleep(1000L);
            MatcherAssert.assertThat(TestAuditlogImpl.sb.toString(), getMessagesByCategory(AuditMessage.Category.INDEX_WRITE), Matchers.hasSize(0));
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private List<AuditMessage> getMessagesByCategory(AuditMessage.Category category) {
        return (List) TestAuditlogImpl.messages.stream().filter(auditMessage -> {
            return auditMessage.getCategory() == category;
        }).collect(Collectors.toList());
    }
}
