package com.floragunn.searchguard.enterprise.dlsfls;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import org.apache.http.Header;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/dlsfls/DlsWriteIntTest.class */
public class DlsWriteIntTest {
    public static final String LOGSDB_INDEX_POSTFIX = "logsdb";
    static final TestSgConfig.User ADMIN = new TestSgConfig.User("admin").roles(new TestSgConfig.Role[]{new TestSgConfig.Role("all_access").indexPermissions(new String[]{"*"}).on(new String[]{"*"}).clusterPermissions(new String[]{"*"})});
    static final TestSgConfig.User DLS_USER = new TestSgConfig.User("dls_user").roles(new TestSgConfig.Role[]{new TestSgConfig.Role("role").indexPermissions(new String[]{"SGS_MANAGE", "SGS_CRUD"}).dls(DocNode.of("term.dept.value", "dept_d")).on(new String[]{"dls_*"}).clusterPermissions(new String[]{"*"})});
    static final TestSgConfig.Authc AUTHC = new TestSgConfig.Authc(new TestSgConfig.Authc.Domain[]{new TestSgConfig.Authc.Domain("basic/internal_users_db")});
    static final TestSgConfig.DlsFls DLSFLS = new TestSgConfig.DlsFls().metrics("detailed");

    @ClassRule
    public static LocalCluster cluster = new LocalCluster.Builder().sslEnabled().enterpriseModulesEnabled().authc(AUTHC).dlsFls(DLSFLS).users(new TestSgConfig.User[]{ADMIN, DLS_USER}).resources("dlsfls").build();

    @Test
    public void newIndex_allowedRead() throws Exception {
        String str = "/dls_new_index_allowed_read" + "/_doc/1";
        GenericRestClient restClient = cluster.getRestClient(DLS_USER, new Header[0]);
        try {
            Assert.assertEquals(restClient.putJson(str + "?refresh=true", DocNode.of("payload", "foo", "dept", "dept_d")).getBody(), 201L, r0.getStatusCode());
            Assert.assertEquals(restClient.get(str, new Header[0]).getBody(), 200L, r0.getStatusCode());
            if (restClient != null) {
                restClient.close();
            }
            restClient = cluster.getRestClient(ADMIN, new Header[0]);
            try {
                Assert.assertEquals(restClient.get(str, new Header[0]).getBody(), 200L, r0.getStatusCode());
                if (restClient != null) {
                    restClient.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void newIndex_disallowedRead() throws Exception {
        String str = "/dls_new_index_disallowed_read" + "/_doc/1";
        GenericRestClient restClient = cluster.getRestClient(DLS_USER, new Header[0]);
        try {
            Assert.assertEquals(restClient.putJson(str + "?refresh=true", DocNode.of("payload", "foo", "dept", "dept_e")).getBody(), 201L, r0.getStatusCode());
            Assert.assertEquals(restClient.get(str, new Header[0]).getBody(), 404L, r0.getStatusCode());
            if (restClient != null) {
                restClient.close();
            }
            restClient = cluster.getRestClient(ADMIN, new Header[0]);
            try {
                Assert.assertEquals(restClient.get(str, new Header[0]).getBody(), 200L, r0.getStatusCode());
                if (restClient != null) {
                    restClient.close();
                }
            } finally {
            }
        } finally {
        }
    }
}
