package com.floragunn.searchguard.dlic.rest.api;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.searchguard.dlic.rest.validation.AbstractConfigurationValidator;
import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.helper.cluster.FileHelper;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import java.util.Collections;
import org.apache.http.Header;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/dlic/rest/api/RolesApiTest.class */
public class RolesApiTest {

    @ClassRule
    public static LocalCluster cluster = new LocalCluster.Builder().nodeSettings(new Object[]{"searchguard.restapi.roles_enabled.0", "sg_admin"}).resources("restapi").sslEnabled().enterpriseModulesEnabled().build();

    @Test
    public void testPutRole() throws Exception {
        GenericRestClient trackResources = cluster.getAdminCertRestClient().trackResources();
        try {
            Assert.assertEquals(trackResources.putJson("_searchguard/api/roles/admin", FileHelper.loadFile("restapi/simple_role.json"), new Header[0]).getBody(), 201L, r0.getStatusCode());
            Assert.assertEquals(trackResources.putJson("_searchguard/api/roles/lala", "{ \"cluster_permissions\": [\"*\"] }", new Header[0]).getBody(), 201L, r0.getStatusCode());
            Assert.assertEquals(trackResources.putJson("_searchguard/api/roles/empty", "{ \"cluster_permissions\": [] }", new Header[0]).getBody(), 201L, r0.getStatusCode());
            Assert.assertEquals(trackResources.putJson("_searchguard/api/roles/admin2", FileHelper.loadFile("restapi/simple_role_with_excludes.json"), new Header[0]).getBody(), 201L, r0.getStatusCode());
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAllRolesNotContainMetaHeader() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            GenericRestClient.HttpResponse httpResponse = adminCertRestClient.get("_searchguard/api/roles", new Header[0]);
            Assert.assertEquals(200L, httpResponse.getStatusCode());
            Assert.assertFalse(httpResponse.getBody(), httpResponse.getBody().contains("_sg_meta"));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPutDuplicateKeys() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("_searchguard/api/roles/dup", "{ \"cluster_permissions\": [\"*\"], \"cluster_permissions\": [\"*\"] }", new Header[0]);
            Assert.assertEquals(400L, putJson.getStatusCode());
            Assert.assertTrue(putJson.getBody(), putJson.getBody().contains("is defined more than once"));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPutUnknownKey() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("_searchguard/api/roles/dup", "{ \"unknownkey\": [\"*\"], \"cluster_permissions\": [\"*\"] }", new Header[0]);
            Assert.assertEquals(400L, putJson.getStatusCode());
            Assert.assertTrue(putJson.getBody().contains("invalid_keys"));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPutInvalidJson() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("_searchguard/api/roles/dup", "{ \"invalid\"::{{ [\"*\"], \"cluster_permissions\": [\"*\"] }", new Header[0]);
            Assert.assertEquals(400L, putJson.getStatusCode());
            Assert.assertTrue(putJson.getBody(), putJson.getBody().contains("Invalid JSON document"));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testRolesApi() throws Exception {
        GenericRestClient trackResources = cluster.getAdminCertRestClient().trackResources();
        try {
            Assert.assertEquals(200L, trackResources.get("_searchguard/api/roles", new Header[0]).getStatusCode());
            GenericRestClient.HttpResponse httpResponse = trackResources.get("/_searchguard/api/roles/sg_role_starfleet", new Header[0]);
            Assert.assertEquals(200L, httpResponse.getStatusCode());
            Assert.assertEquals(1L, httpResponse.getBodyAsDocNode().size());
            Assert.assertEquals(404L, trackResources.get("/_searchguard/api/roles/nothinghthere", new Header[0]).getStatusCode());
            Assert.assertEquals(200L, trackResources.get("/_searchguard/api/roles/", new Header[0]).getStatusCode());
            GenericRestClient.HttpResponse httpResponse2 = trackResources.get("/_searchguard/api/roles", new Header[0]);
            Assert.assertEquals(200L, httpResponse2.getStatusCode());
            Assert.assertTrue(httpResponse2.getBody().contains("\"cluster_permissions\":[\"*\"]"));
            Assert.assertFalse(httpResponse2.getBody().contains("\"cluster_permissions\" : ["));
            GenericRestClient.HttpResponse httpResponse3 = trackResources.get("/_searchguard/api/roles?pretty", new Header[0]);
            Assert.assertEquals(200L, httpResponse3.getStatusCode());
            Assert.assertFalse(httpResponse3.getBody().contains("\"cluster_permissions\":[\"*\"]"));
            Assert.assertTrue(httpResponse3.getBody().contains("\"cluster_permissions\" : ["));
            Assert.assertEquals(404L, trackResources.get("/_searchguard/api/roles/sg_internal", new Header[0]).getStatusCode());
            setupStarfleetIndex();
            addUserWithPassword("picard", "picard", new String[]{"starfleet", "captains"}, 201);
            checkReadAccess(200, "picard", "picard", "sf", "ships_0");
            checkWriteAccess(200, "picard", "picard", "sf", "ships_0");
            Assert.assertEquals(404L, trackResources.delete("/_searchguard/api/roles/idonotexist", new Header[0]).getStatusCode());
            Assert.assertEquals(403L, trackResources.delete("/_searchguard/api/roles/sg_transport_client", new Header[0]).getStatusCode());
            Assert.assertEquals(404L, trackResources.delete("/_searchguard/api/roles/sg_internal", new Header[0]).getStatusCode());
            Assert.assertEquals(200L, trackResources.delete("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[0]).getStatusCode());
            checkWriteAccess(403, "picard", "picard", "sf", "ships_1");
            checkWriteAccess(403, "picard", "picard", "sf", "public_0");
            Assert.assertEquals(200L, trackResources.delete("/_searchguard/api/roles/sg_role_starfleet", new Header[0]).getStatusCode());
            checkReadAccess(403, "picard", "picard", "sf", "ships_0");
            checkWriteAccess(403, "picard", "picard", "sf", "ships_0");
            GenericRestClient.HttpResponse putJson = trackResources.putJson("/_searchguard/api/roles/sg_role_starfleet", "", new Header[0]);
            Assert.assertEquals(400L, putJson.getStatusCode());
            Assert.assertEquals(AbstractConfigurationValidator.ErrorType.PAYLOAD_MANDATORY.getMessage(), putJson.getBodyAsDocNode().getAsString("reason"));
            DocNode bodyAsDocNode = trackResources.putJson("/_searchguard/api/roles/sg_role_starfleet", FileHelper.loadFile("restapi/roles_not_parseable.json"), new Header[0]).getBodyAsDocNode();
            Assert.assertEquals(400L, r0.getStatusCode());
            Assert.assertEquals(AbstractConfigurationValidator.ErrorType.BODY_NOT_PARSEABLE.getMessage(), bodyAsDocNode.getAsString("reason"));
            DocNode bodyAsDocNode2 = trackResources.putJson("/_searchguard/api/roles/sg_role_starfleet", FileHelper.loadFile("restapi/roles_invalid_keys.json"), new Header[0]).getBodyAsDocNode();
            Assert.assertEquals(400L, r0.getStatusCode());
            Assert.assertEquals(AbstractConfigurationValidator.ErrorType.INVALID_CONFIGURATION.getMessage(), bodyAsDocNode2.getAsString("reason"));
            Assert.assertTrue(bodyAsDocNode2.getAsNode("invalid_keys").getAsString("keys").contains("indexx_permissions"));
            Assert.assertTrue(bodyAsDocNode2.getAsNode("invalid_keys").getAsString("keys").contains("kluster_permissions"));
            DocNode bodyAsDocNode3 = trackResources.putJson("/_searchguard/api/roles/sg_role_starfleet", FileHelper.loadFile("restapi/roles_wrong_datatype.json"), new Header[0]).getBodyAsDocNode();
            Assert.assertEquals(400L, r0.getStatusCode());
            Assert.assertEquals(AbstractConfigurationValidator.ErrorType.WRONG_DATATYPE.getMessage(), bodyAsDocNode3.getAsString("reason"));
            Assert.assertTrue(bodyAsDocNode3.getAsString("cluster_permissions").equals("Array expected"));
            Assert.assertEquals(403L, trackResources.putJson("/_searchguard/api/roles/sg_transport_client", FileHelper.loadFile("restapi/roles_captains.json"), new Header[0]).getStatusCode());
            Assert.assertEquals(403L, trackResources.putJson("/_searchguard/api/roles/sg_internal", FileHelper.loadFile("restapi/roles_captains.json"), new Header[0]).getStatusCode());
            Assert.assertEquals(201L, trackResources.putJson("/_searchguard/api/roles/sg_role_starfleet", FileHelper.loadFile("restapi/roles_starfleet.json"), new Header[0]).getStatusCode());
            checkReadAccess(200, "picard", "picard", "sf", "ships_0");
            checkWriteAccess(200, "picard", "picard", "sf", "ships_0");
            Assert.assertEquals(201L, trackResources.putJson("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("restapi/roles_captains.json"), new Header[0]).getStatusCode());
            checkReadAccess(200, "picard", "picard", "sf", "ships_0");
            checkWriteAccess(200, "picard", "picard", "sf", "ships_0");
            Assert.assertEquals(400L, trackResources.putJson("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("restapi/roles_complete_invalid.json"), new Header[0]).getStatusCode());
            Assert.assertEquals(400L, trackResources.putJson("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("restapi/roles_multiple_2.json"), new Header[0]).getStatusCode());
            GenericRestClient.HttpResponse putJson2 = trackResources.putJson("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("restapi/roles_captains_tenants.json"), new Header[0]);
            Assert.assertEquals(200L, putJson2.getStatusCode());
            DocNode bodyAsDocNode4 = putJson2.getBodyAsDocNode();
            Assert.assertEquals(2L, bodyAsDocNode4.size());
            Assert.assertEquals(bodyAsDocNode4.get("status"), "OK");
            GenericRestClient.HttpResponse httpResponse4 = trackResources.get("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[0]);
            Assert.assertEquals(200L, httpResponse4.getStatusCode());
            System.out.println(httpResponse4.getBody());
            DocNode bodyAsDocNode5 = httpResponse4.getBodyAsDocNode();
            Assert.assertEquals(1L, bodyAsDocNode5.size());
            Assert.assertEquals(((DocNode) ((DocNode) bodyAsDocNode5.getAsNode("sg_role_starfleet_captains").getAsListOfNodes("tenant_permissions").get(1)).getAsListOfNodes("tenant_patterns").get(0)).toString(), "tenant1");
            Assert.assertEquals(((DocNode) ((DocNode) bodyAsDocNode5.getAsNode("sg_role_starfleet_captains").getAsListOfNodes("tenant_permissions").get(1)).getAsListOfNodes("allowed_actions").get(0)).toString(), "SGS_KIBANA_ALL_READ");
            Assert.assertEquals(((DocNode) ((DocNode) bodyAsDocNode5.getAsNode("sg_role_starfleet_captains").getAsListOfNodes("tenant_permissions").get(0)).getAsListOfNodes("tenant_patterns").get(0)).toString(), "tenant2");
            Assert.assertEquals(((DocNode) ((DocNode) bodyAsDocNode5.getAsNode("sg_role_starfleet_captains").getAsListOfNodes("tenant_permissions").get(0)).getAsListOfNodes("allowed_actions").get(0)).toString(), "SGS_KIBANA_ALL_WRITE");
            GenericRestClient.HttpResponse putJson3 = trackResources.putJson("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("restapi/roles_captains_tenants2.json"), new Header[0]);
            Assert.assertEquals(200L, putJson3.getStatusCode());
            DocNode bodyAsDocNode6 = putJson3.getBodyAsDocNode();
            Assert.assertEquals(2L, bodyAsDocNode6.size());
            Assert.assertEquals(bodyAsDocNode6.get("status"), "OK");
            GenericRestClient.HttpResponse httpResponse5 = trackResources.get("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[0]);
            Assert.assertEquals(200L, httpResponse5.getStatusCode());
            DocNode bodyAsDocNode7 = httpResponse5.getBodyAsDocNode();
            Assert.assertEquals(1L, bodyAsDocNode7.size());
            Assert.assertEquals(((DocNode) ((DocNode) bodyAsDocNode7.getAsNode("sg_role_starfleet_captains").getAsListOfNodes("tenant_permissions").get(0)).getAsListOfNodes("tenant_patterns").get(0)).toString(), "tenant2");
            Assert.assertEquals(((DocNode) ((DocNode) bodyAsDocNode7.getAsNode("sg_role_starfleet_captains").getAsListOfNodes("tenant_permissions").get(0)).getAsListOfNodes("tenant_patterns").get(1)).toString(), "tenant4");
            Assert.assertEquals(((DocNode) ((DocNode) bodyAsDocNode7.getAsNode("sg_role_starfleet_captains").getAsListOfNodes("tenant_permissions").get(0)).getAsListOfNodes("allowed_actions").get(0)).toString(), "SGS_KIBANA_ALL_WRITE");
            Assert.assertEquals(((DocNode) ((DocNode) bodyAsDocNode7.getAsNode("sg_role_starfleet_captains").getAsListOfNodes("tenant_permissions").get(1)).getAsListOfNodes("tenant_patterns").get(0)).toString(), "tenant1");
            Assert.assertEquals(((DocNode) ((DocNode) bodyAsDocNode7.getAsNode("sg_role_starfleet_captains").getAsListOfNodes("tenant_permissions").get(1)).getAsListOfNodes("tenant_patterns").get(1)).toString(), "tenant3");
            Assert.assertEquals(((DocNode) ((DocNode) bodyAsDocNode7.getAsNode("sg_role_starfleet_captains").getAsListOfNodes("tenant_permissions").get(1)).getAsListOfNodes("allowed_actions").get(0)).toString(), "SGS_KIBANA_ALL_READ");
            GenericRestClient.HttpResponse putJson4 = trackResources.putJson("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("restapi/roles_captains_no_tenants.json"), new Header[0]);
            Assert.assertEquals(200L, putJson4.getStatusCode());
            DocNode bodyAsDocNode8 = putJson4.getBodyAsDocNode();
            Assert.assertEquals(2L, bodyAsDocNode8.size());
            Assert.assertEquals(bodyAsDocNode8.get("status"), "OK");
            GenericRestClient.HttpResponse httpResponse6 = trackResources.get("/_searchguard/api/roles/sg_role_starfleet_captains", new Header[0]);
            Assert.assertEquals(200L, httpResponse6.getStatusCode());
            DocNode bodyAsDocNode9 = httpResponse6.getBodyAsDocNode();
            Assert.assertEquals(1L, bodyAsDocNode9.size());
            Assert.assertFalse(((DocNode) bodyAsDocNode9.getAsNode("sg_role_starfleet_captains").getAsListOfNodes("cluster_permissions").get(0)).isNull());
            Assert.assertTrue(bodyAsDocNode9.getAsNode("sg_role_starfleet_captains").getAsListOfNodes("tenant_permissions").isEmpty());
            GenericRestClient.HttpResponse putJson5 = trackResources.putJson("/_searchguard/api/roles/sg_role_starfleet_captains", FileHelper.loadFile("restapi/roles_captains_tenants_malformed.json"), new Header[0]);
            Assert.assertEquals(400L, putJson5.getStatusCode());
            DocNode bodyAsDocNode10 = putJson5.getBodyAsDocNode();
            Assert.assertEquals(bodyAsDocNode10.get("status"), "error");
            Assert.assertEquals(bodyAsDocNode10.get("reason"), AbstractConfigurationValidator.ErrorType.INVALID_CONFIGURATION.getMessage());
            Assert.assertEquals(404L, trackResources.patch("/_searchguard/api/roles/imnothere", "[{ \"op\": \"add\", \"path\": \"/a/b/c\", \"value\": [ \"foo\", \"bar\" ] }]").getStatusCode());
            Assert.assertEquals(403L, trackResources.patch("/_searchguard/api/roles/sg_transport_client", "[{ \"op\": \"add\", \"path\": \"/a/b/c\", \"value\": [ \"foo\", \"bar\" ] }]").getStatusCode());
            Assert.assertEquals(404L, trackResources.patch("/_searchguard/api/roles/sg_internal", "[{ \"op\": \"add\", \"path\": \"/a/b/c\", \"value\": [ \"foo\", \"bar\" ] }]").getStatusCode());
            GenericRestClient.HttpResponse patch = trackResources.patch("/_searchguard/api/roles/sg_role_starfleet", "[{ \"op\": \"add\", \"path\": \"/hidden\", \"value\": true }]");
            Assert.assertEquals(400L, patch.getStatusCode());
            Assert.assertTrue(patch.getBody(), patch.getBody().matches(".*\"invalid_keys\"\\s*:\\s*\\{\\s*\"keys\"\\s*:\\s*\"hidden\"\\s*\\}.*"));
            Assert.assertEquals(400L, trackResources.patch("/_searchguard/api/roles", "[{ \"op\": \"add\", \"path\": \"/imnothere/a/b/c\", \"value\": [ \"foo\", \"bar\" ] }]").getStatusCode());
            Assert.assertEquals(403L, trackResources.patch("/_searchguard/api/roles", "[{ \"op\": \"add\", \"path\": \"/sg_transport_client/a\", \"value\": [ \"foo\", \"bar\" ] }]").getStatusCode());
            Assert.assertEquals(400L, trackResources.patch("/_searchguard/api/roles", "[{ \"op\": \"add\", \"path\": \"/sg_internal/a\", \"value\": [ \"foo\", \"bar\" ] }]").getStatusCode());
            Assert.assertEquals(403L, trackResources.patch("/_searchguard/api/roles", "[{ \"op\": \"remove\", \"path\": \"/sg_transport_client\" }]").getStatusCode());
            Assert.assertEquals(400L, trackResources.patch("/_searchguard/api/roles", "[{ \"op\": \"remove\", \"path\": \"/sg_internal\"}]").getStatusCode());
            GenericRestClient.HttpResponse patch2 = trackResources.patch("/_searchguard/api/roles", "[{ \"op\": \"add\", \"path\": \"/newnewnew\", \"value\": {  \"hidden\": true, \"index_permissions\" : [ {\"index_patterns\" : [ \"sf\" ],\"allowed_actions\" : [ \"READ\" ]}] }}]");
            Assert.assertEquals(400L, patch2.getStatusCode());
            Assert.assertTrue(patch2.getBody().matches(".*\"invalid_keys\"\\s*:\\s*\\{\\s*\"keys\"\\s*:\\s*\"hidden\"\\s*\\}.*"));
            Assert.assertEquals(200L, trackResources.patch("/_searchguard/api/roles", "[{ \"op\": \"add\", \"path\": \"/bulknew1\", \"value\": {   \"index_permissions\" : [ {\"index_patterns\" : [ \"sf\" ],\"allowed_actions\" : [ \"READ\" ]}] }}]").getStatusCode());
            GenericRestClient.HttpResponse httpResponse7 = trackResources.get("/_searchguard/api/roles/bulknew1", new Header[0]);
            Assert.assertEquals(200L, httpResponse7.getStatusCode());
            ImmutableList asListOfStrings = ((DocNode) httpResponse7.getBodyAsDocNode().getAsNode("bulknew1").getAsListOfNodes("index_permissions").get(0)).getAsListOfStrings("allowed_actions");
            Assert.assertNotNull(asListOfStrings);
            Assert.assertEquals(1L, asListOfStrings.size());
            Assert.assertTrue(asListOfStrings.contains("READ"));
            Assert.assertEquals(200L, trackResources.patch("/_searchguard/api/roles", "[{ \"op\": \"remove\", \"path\": \"/bulknew1\"}]").getStatusCode());
            Assert.assertEquals(404L, trackResources.get("/_searchguard/api/roles/bulknew1", new Header[0]).getStatusCode());
            Assert.assertEquals(trackResources.putJson("/_searchguard/api/roles/sg_field_mask_valid", FileHelper.loadFile("restapi/roles_field_masks_valid.json"), new Header[0]).getBody(), 201L, r0.getStatusCode());
            Assert.assertEquals(400L, trackResources.putJson("/_searchguard/api/roles/sg_field_mask_invalid", FileHelper.loadFile("restapi/roles_field_masks_invalid.json"), new Header[0]).getStatusCode());
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void putRole_roleWhichAssignsPermsToNoExistentTenantsShouldBeRejected() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            GenericRestClient.HttpResponse putJson = adminCertRestClient.putJson("_searchguard/api/roles/put_role_with_pattern_matching_no_tenant", DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", Collections.singletonList("missing1*"))})));
            Assert.assertEquals(400L, putJson.getStatusCode());
            Assert.assertTrue(putJson.getBody(), putJson.getBody().contains("Tenant pattern: 'missing1*' does not match any tenant"));
            Assert.assertEquals(201L, adminCertRestClient.putJson("/_searchguard/api/tenants/missing1", DocNode.of("description", "tenant")).getStatusCode());
            Assert.assertEquals(201L, adminCertRestClient.putJson("_searchguard/api/roles/put_role_with_pattern_matching_no_tenant", r0).getStatusCode());
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void patchRole_roleWhichAssignsPermsToNoExistentTenantsShouldBeRejected() throws Exception {
        GenericRestClient trackResources = cluster.getAdminCertRestClient().trackResources();
        try {
            Assert.assertEquals(trackResources.putJson("/_searchguard/api/roles/patch_role_with_pattern_matching_no_tenant", DocNode.of("cluster_permissions", Collections.singletonList("MONITOR"))).getBody(), 201L, r0.getStatusCode());
            GenericRestClient.HttpResponse patch = trackResources.patch("/_searchguard/api/roles/patch_role_with_pattern_matching_no_tenant", DocNode.array(new Object[]{DocNode.of("op", "add", "path", "/tenant_permissions", "value", DocNode.array(new Object[]{DocNode.of("tenant_patterns", Collections.singletonList("missing1*"))}))}).toJsonString());
            Assert.assertEquals(400L, patch.getStatusCode());
            Assert.assertTrue(patch.getBody(), patch.getBody().contains("Tenant pattern: 'missing1*' does not match any tenant"));
            GenericRestClient.HttpResponse patch2 = trackResources.patch("/_searchguard/api/roles/", DocNode.array(new Object[]{DocNode.of("op", "add", "path", "/patch_role_with_pattern_matching_no_tenant2", "value", DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", Collections.singletonList("missing1*"))})))}).toJsonString());
            Assert.assertEquals(400L, patch2.getStatusCode());
            Assert.assertTrue(patch2.getBody(), patch2.getBody().contains("Tenant pattern: 'missing1*' does not match any tenant"));
            Assert.assertEquals(201L, trackResources.putJson("/_searchguard/api/tenants/missing1", DocNode.of("description", "tenant")).getStatusCode());
            Assert.assertEquals(200L, trackResources.patch("/_searchguard/api/roles/patch_role_with_pattern_matching_no_tenant", r0.toJsonString()).getStatusCode());
            Assert.assertEquals(200L, trackResources.patch("/_searchguard/api/roles/", r0.toJsonString()).getStatusCode());
            if (trackResources != null) {
                trackResources.close();
            }
        } catch (Throwable th) {
            if (trackResources != null) {
                try {
                    trackResources.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    protected void setupStarfleetIndex() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            adminCertRestClient.put("sf");
            adminCertRestClient.putJson("sf/_doc/ships_0", "{\"number\" : \"NCC-1701-D\"}", new Header[0]);
            adminCertRestClient.putJson("sf/_doc/public_0", "{\"some\" : \"value\"}", new Header[0]);
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    protected void addUserWithPassword(String str, String str2, int i) throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            Assert.assertEquals(i, adminCertRestClient.putJson("/_searchguard/api/internalusers/" + str, "{\"password\": \"" + str2 + "\"}", new Header[0]).getStatusCode());
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    protected void addUserWithPassword(String str, String str2, String[] strArr, int i) throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            String str3 = "{\"password\": \"" + str2 + "\",\"backend_roles\": [";
            for (int i2 = 0; i2 < strArr.length; i2++) {
                str3 = str3 + "\"" + strArr[i2] + "\"";
                if (i2 + 1 < strArr.length) {
                    str3 = str3 + ",";
                }
            }
            Assert.assertEquals(i, adminCertRestClient.putJson("/_searchguard/api/internalusers/" + str, str3 + "]}", new Header[0]).getStatusCode());
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    protected String checkReadAccess(int i, String str, String str2, String str3, String str4) throws Exception {
        GenericRestClient restClient = cluster.getRestClient(str, str2, new Header[0]);
        try {
            GenericRestClient.HttpResponse httpResponse = restClient.get(str3 + "/_doc/" + str4, new Header[0]);
            Assert.assertEquals(i, httpResponse.getStatusCode());
            String body = httpResponse.getBody();
            if (restClient != null) {
                restClient.close();
            }
            return body;
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    protected String checkWriteAccess(int i, String str, String str2, String str3, String str4) throws Exception {
        GenericRestClient restClient = cluster.getRestClient(str, str2, new Header[0]);
        try {
            GenericRestClient.HttpResponse putJson = restClient.putJson(str3 + "/_doc/" + str4, "{\"value\" : \"true\"}", new Header[0]);
            Assert.assertEquals(i, putJson.getStatusCode());
            String body = putJson.getBody();
            if (restClient != null) {
                restClient.close();
            }
            return body;
        } catch (Throwable th) {
            if (restClient != null) {
                try {
                    restClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
