package com.floragunn.searchguard.enterprise.dlsfls;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.fluent.collections.ImmutableMap;
import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.RestMatchers;
import com.floragunn.searchguard.test.TestData;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import org.apache.http.Header;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:com/floragunn/searchguard/enterprise/dlsfls/DlsWriteIntTest.class */
public class DlsWriteIntTest {
    public static final String LOGSDB_INDEX_POSTFIX = "logsdb";
    private final String indexNamePostfix;
    static final TestSgConfig.User ADMIN = new TestSgConfig.User("admin").roles(new TestSgConfig.Role[]{new TestSgConfig.Role("all_access").indexPermissions(new String[]{"*"}).on(new String[]{"*"}).clusterPermissions(new String[]{"*"})});
    static final String INDEX_PATTERN = "dls_*";
    static final TestSgConfig.User DLS_USER = new TestSgConfig.User("dls_user").roles(new TestSgConfig.Role[]{new TestSgConfig.Role("role").indexPermissions(new String[]{"SGS_MANAGE", "SGS_CRUD"}).dls(DocNode.of("term.dept.value", "dept_d")).on(new String[]{INDEX_PATTERN}).clusterPermissions(new String[]{"*"})});
    static final TestSgConfig.Authc AUTHC = new TestSgConfig.Authc(new TestSgConfig.Authc.Domain[]{new TestSgConfig.Authc.Domain("basic/internal_users_db")});
    static final TestSgConfig.DlsFls DLSFLS = new TestSgConfig.DlsFls().useImpl("flx").metrics("detailed");

    @ClassRule
    public static LocalCluster cluster = new LocalCluster.Builder().sslEnabled().enterpriseModulesEnabled().authc(AUTHC).dlsFls(DLSFLS).users(new TestSgConfig.User[]{ADMIN, DLS_USER}).resources("dlsfls").build();

    @BeforeClass
    public static void beforeClass() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            MatcherAssert.assertThat(adminCertRestClient.putJson("/_index_template/logsdb", DocNode.of("index_patterns", ImmutableList.of("*logsdb"), "template.settings", ImmutableMap.of("index.mode", LOGSDB_INDEX_POSTFIX))), RestMatchers.isOk());
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public DlsWriteIntTest(String str) {
        this.indexNamePostfix = str;
    }

    @Parameterized.Parameters(name = "{0}")
    public static Object[] parameters() {
        return new Object[]{"_mode_normal", "_mode_logsdb"};
    }

    @Test
    public void newIndex_allowedRead() throws Exception {
        String str = "dls_new_index_allowed_read" + this.indexNamePostfix;
        String str2 = "/" + str + "/_doc/1";
        GenericRestClient restClient = cluster.getRestClient(DLS_USER, new Header[0]);
        try {
            Assert.assertEquals(restClient.putJson(str2 + "?refresh=true", DocNode.of("payload", "foo", "dept", "dept_d", "@timestamp", "2022-01-01T00:00:00Z")).getBody(), 201L, r0.getStatusCode());
            Assert.assertEquals(restClient.get(str2, new Header[0]).getBody(), 200L, r0.getStatusCode());
            if (restClient != null) {
                restClient.close();
            }
            restClient = cluster.getRestClient(ADMIN, new Header[0]);
            try {
                Assert.assertEquals(restClient.get(str2, new Header[0]).getBody(), 200L, r0.getStatusCode());
                if (str.endsWith(LOGSDB_INDEX_POSTFIX)) {
                    MatcherAssert.assertThat(TestData.getIndexMode(restClient, str), Matchers.equalTo(LOGSDB_INDEX_POSTFIX));
                } else {
                    MatcherAssert.assertThat(TestData.getIndexMode(restClient, str), Matchers.anyOf(Matchers.equalTo("normal"), Matchers.nullValue()));
                }
                if (restClient != null) {
                    restClient.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void newIndex_disallowedRead() throws Exception {
        String str = "dls_new_index_disallowed_read" + this.indexNamePostfix;
        String str2 = "/" + str + "/_doc/1";
        GenericRestClient restClient = cluster.getRestClient(DLS_USER, new Header[0]);
        try {
            Assert.assertEquals(restClient.putJson(str2 + "?refresh=true", DocNode.of("payload", "foo", "dept", "dept_e", "@timestamp", "2022-01-01T00:00:00Z")).getBody(), 201L, r0.getStatusCode());
            Assert.assertEquals(restClient.get(str2, new Header[0]).getBody(), 404L, r0.getStatusCode());
            if (restClient != null) {
                restClient.close();
            }
            restClient = cluster.getRestClient(ADMIN, new Header[0]);
            try {
                Assert.assertEquals(restClient.get(str2, new Header[0]).getBody(), 200L, r0.getStatusCode());
                if (str.endsWith(LOGSDB_INDEX_POSTFIX)) {
                    MatcherAssert.assertThat(TestData.getIndexMode(restClient, str), Matchers.equalTo(LOGSDB_INDEX_POSTFIX));
                } else {
                    MatcherAssert.assertThat(TestData.getIndexMode(restClient, str), Matchers.anyOf(Matchers.equalTo("normal"), Matchers.nullValue()));
                }
                if (restClient != null) {
                    restClient.close();
                }
            } finally {
            }
        } finally {
        }
    }
}
