package com.floragunn.searchguard.enterprise.dlsfls;

import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.cluster.ConfigurationUpdater;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import org.apache.http.Header;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/enterprise/dlsfls/InvalidRolesAndMappingConfigurationWithDisabledDlsTest.class */
public class InvalidRolesAndMappingConfigurationWithDisabledDlsTest {
    public static final String LIMITED_ROLE_NAME = "limited-role";
    private ConfigurationUpdater configurationUpdater;
    private static final Logger log = LogManager.getLogger(InvalidRolesAndMappingConfigurationWithDisabledDlsTest.class);
    private static final TestSgConfig.Authc AUTHC = new TestSgConfig.Authc(new TestSgConfig.Authc.Domain[]{new TestSgConfig.Authc.Domain("basic/internal_users_db")});
    private static final TestSgConfig.DlsFls DLSFLS = new TestSgConfig.DlsFls().metrics("detailed");
    private static final TestSgConfig.User USER_ADMIN = new TestSgConfig.User("admin").roles(new String[]{TestSgConfig.Role.ALL_ACCESS.getName()});
    private static final TestSgConfig.User USER_LIMITED = new TestSgConfig.User("limited-user").roles(new String[]{"limited-role"});

    @ClassRule
    public static LocalCluster.Embedded CLUSTER = new LocalCluster.Builder().singleNode().authc(AUTHC).dlsFls(DLSFLS).roles(new TestSgConfig.Role[]{TestSgConfig.Role.ALL_ACCESS}).user(USER_ADMIN).user(USER_LIMITED).sslEnabled().embedded().build();

    @Before
    public void beforeEach() {
        this.configurationUpdater = new ConfigurationUpdater(CLUSTER, USER_ADMIN);
    }

    @Test
    public void shouldReportConfigurationErrorWhenRoleContainsInvalidIndexPattern() throws Exception {
        MatcherAssert.assertThat(Integer.valueOf(((GenericRestClient.HttpResponse) this.configurationUpdater.callWithRole(new TestSgConfig.Role("invalid-role-index").clusterPermissions(new String[]{"*"}).indexPermissions(new String[]{"*"}).fls(new String[]{"~secret"}).on(new String[]{"/index-(.+/"}), genericRestClient -> {
            return genericRestClient.get("/*/_search", new Header[0]);
        })).getStatusCode()), Matchers.equalTo(200));
    }
}
