package com.floragunn.searchguard.enterprise.femt;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.fluent.collections.ImmutableMap;
import com.floragunn.fluent.collections.ImmutableSet;
import com.floragunn.searchguard.authz.TenantManager;
import com.floragunn.searchguard.authz.actions.Actions;
import com.floragunn.searchguard.authz.config.ActionGroup;
import com.floragunn.searchguard.authz.config.MultiTenancyConfigurationProvider;
import com.floragunn.searchguard.configuration.CType;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.configuration.SgDynamicConfiguration;
import com.floragunn.searchguard.user.User;
import com.floragunn.searchsupport.cstate.metrics.MetricsLevel;
import java.util.List;
import java.util.Map;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:com/floragunn/searchguard/enterprise/femt/FeMultiTenancyTenantAccessMapperTest.class */
public class FeMultiTenancyTenantAccessMapperTest {
    private static final ActionGroup.FlattenedIndex emptyActionGroups = new ActionGroup.FlattenedIndex(SgDynamicConfiguration.empty(CType.ACTIONGROUPS));
    private static Actions actions = Actions.forTests();
    public static final boolean ADMIN_IS_USER = false;

    @Mock
    private MultiTenancyConfigurationProvider multiTenancyConfigurationProvider;

    @Before
    public void setUp() throws Exception {
        Mockito.when(Boolean.valueOf(this.multiTenancyConfigurationProvider.isMultiTenancyEnabled())).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.multiTenancyConfigurationProvider.isGlobalTenantEnabled())).thenReturn(true);
        Mockito.when(Boolean.valueOf(this.multiTenancyConfigurationProvider.isPrivateTenantEnabled())).thenReturn(true);
    }

    @Test
    public void wildcardTenantMapping() throws Exception {
        SgDynamicConfiguration sgDynamicConfiguration = (SgDynamicConfiguration) SgDynamicConfiguration.fromMap(DocNode.of("all_access", DocNode.of("tenant_permissions", List.of(ImmutableMap.of("tenant_patterns", List.of("*"), "allowed_actions", List.of("*"))))), CType.ROLES, (ConfigurationRepository.Context) null).get();
        TenantManager tenantManager = new TenantManager(ImmutableSet.of("my_tenant", "test"), this.multiTenancyConfigurationProvider);
        FeMultiTenancyTenantAccessMapper feMultiTenancyTenantAccessMapper = new FeMultiTenancyTenantAccessMapper(tenantManager, new RoleBasedTenantAuthorization(sgDynamicConfiguration, emptyActionGroups, actions, tenantManager, MetricsLevel.NONE), actions);
        User build = User.forUser("user_name").searchGuardRoles(new String[]{"all_access"}).build();
        Map mapTenantsAccess = feMultiTenancyTenantAccessMapper.mapTenantsAccess(build, false, ImmutableSet.of("all_access"));
        MatcherAssert.assertThat(mapTenantsAccess, Matchers.aMapWithSize(3));
        MatcherAssert.assertThat(mapTenantsAccess, Matchers.hasEntry("my_tenant", true));
        MatcherAssert.assertThat(mapTenantsAccess, Matchers.hasEntry("test", true));
        MatcherAssert.assertThat(mapTenantsAccess, Matchers.hasEntry(build.getName(), true));
    }

    @Test
    public void tenantMappingByName() throws Exception {
        SgDynamicConfiguration sgDynamicConfiguration = (SgDynamicConfiguration) SgDynamicConfiguration.fromMap(DocNode.of("access_to_some_tenants", DocNode.of("tenant_permissions", List.of(ImmutableMap.of("tenant_patterns", List.of("write_tenant"), "allowed_actions", List.of(KibanaActionsProvider.getKibanaWriteAction(actions).name())), ImmutableMap.of("tenant_patterns", List.of("read_tenant"), "allowed_actions", List.of(KibanaActionsProvider.getKibanaReadAction(actions).name()))))), CType.ROLES, (ConfigurationRepository.Context) null).get();
        TenantManager tenantManager = new TenantManager(ImmutableSet.of("write_tenant", new String[]{"read_tenant", "another_tenant"}), this.multiTenancyConfigurationProvider);
        FeMultiTenancyTenantAccessMapper feMultiTenancyTenantAccessMapper = new FeMultiTenancyTenantAccessMapper(tenantManager, new RoleBasedTenantAuthorization(sgDynamicConfiguration, emptyActionGroups, actions, tenantManager, MetricsLevel.NONE), actions);
        User build = User.forUser("user_name").searchGuardRoles(new String[]{"access_to_some_tenants"}).build();
        Map mapTenantsAccess = feMultiTenancyTenantAccessMapper.mapTenantsAccess(build, false, ImmutableSet.of("access_to_some_tenants"));
        MatcherAssert.assertThat(mapTenantsAccess, Matchers.aMapWithSize(3));
        MatcherAssert.assertThat(mapTenantsAccess, Matchers.hasEntry("write_tenant", true));
        MatcherAssert.assertThat(mapTenantsAccess, Matchers.hasEntry("read_tenant", false));
        MatcherAssert.assertThat(mapTenantsAccess, Matchers.hasEntry(build.getName(), true));
    }

    @Test
    public void shouldNotReturnPrivateTenantWhenItsDisabled() throws Exception {
        SgDynamicConfiguration sgDynamicConfiguration = (SgDynamicConfiguration) SgDynamicConfiguration.fromMap(DocNode.of("access_to_some_tenants", DocNode.of("tenant_permissions", List.of(ImmutableMap.of("tenant_patterns", List.of("write_tenant"), "allowed_actions", List.of(KibanaActionsProvider.getKibanaWriteAction(actions).name())), ImmutableMap.of("tenant_patterns", List.of("read_tenant"), "allowed_actions", List.of(KibanaActionsProvider.getKibanaReadAction(actions).name()))))), CType.ROLES, (ConfigurationRepository.Context) null).get();
        ImmutableSet of = ImmutableSet.of("write_tenant", new String[]{"read_tenant", "another_tenant"});
        Mockito.when(Boolean.valueOf(this.multiTenancyConfigurationProvider.isPrivateTenantEnabled())).thenReturn(false);
        TenantManager tenantManager = new TenantManager(of, this.multiTenancyConfigurationProvider);
        Map mapTenantsAccess = new FeMultiTenancyTenantAccessMapper(tenantManager, new RoleBasedTenantAuthorization(sgDynamicConfiguration, emptyActionGroups, actions, tenantManager, MetricsLevel.NONE), actions).mapTenantsAccess(User.forUser("user_name").searchGuardRoles(new String[]{"access_to_some_tenants"}).build(), false, ImmutableSet.of("access_to_some_tenants"));
        MatcherAssert.assertThat(mapTenantsAccess, Matchers.aMapWithSize(2));
        MatcherAssert.assertThat(mapTenantsAccess, Matchers.hasEntry("write_tenant", true));
        MatcherAssert.assertThat(mapTenantsAccess, Matchers.hasEntry("read_tenant", false));
    }

    @Test
    public void shouldNotReturnGlobalTenantWhenUserHasAccessButTenantIsDisabled() throws Exception {
        SgDynamicConfiguration sgDynamicConfiguration = (SgDynamicConfiguration) SgDynamicConfiguration.fromMap(DocNode.of("access_to_global_tenant", DocNode.of("tenant_permissions", List.of(ImmutableMap.of("tenant_patterns", List.of("SGS_GLOBAL_TENANT"), "allowed_actions", List.of(KibanaActionsProvider.getKibanaWriteAction(actions).name()))))), CType.ROLES, (ConfigurationRepository.Context) null).get();
        ImmutableSet of = ImmutableSet.of("SGS_GLOBAL_TENANT");
        Mockito.when(Boolean.valueOf(this.multiTenancyConfigurationProvider.isGlobalTenantEnabled())).thenReturn(false);
        TenantManager tenantManager = new TenantManager(of, this.multiTenancyConfigurationProvider);
        FeMultiTenancyTenantAccessMapper feMultiTenancyTenantAccessMapper = new FeMultiTenancyTenantAccessMapper(tenantManager, new RoleBasedTenantAuthorization(sgDynamicConfiguration, emptyActionGroups, actions, tenantManager, MetricsLevel.NONE), actions);
        User build = User.forUser("user_name").searchGuardRoles(new String[]{"access_to_global_tenant"}).build();
        Map mapTenantsAccess = feMultiTenancyTenantAccessMapper.mapTenantsAccess(build, false, ImmutableSet.of("access_to_global_tenant"));
        MatcherAssert.assertThat(mapTenantsAccess, Matchers.aMapWithSize(1));
        MatcherAssert.assertThat(mapTenantsAccess, Matchers.hasEntry(build.getName(), true));
    }
}
