package com.floragunn.searchguard.legacy;

import com.floragunn.searchguard.action.configupdate.ConfigUpdateAction;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateRequest;
import com.floragunn.searchguard.action.configupdate.ConfigUpdateResponse;
import com.floragunn.searchguard.legacy.test.DynamicSgConfig;
import com.floragunn.searchguard.legacy.test.RestHelper;
import com.floragunn.searchguard.legacy.test.SingleClusterTest;
import com.floragunn.searchguard.test.helper.cluster.ClusterConfiguration;
import com.floragunn.searchguard.test.helper.cluster.JavaSecurityTestSetup;
import java.util.Arrays;
import java.util.Collection;
import org.elasticsearch.action.admin.cluster.repositories.put.PutRepositoryRequest;
import org.elasticsearch.action.admin.cluster.snapshots.create.CreateSnapshotRequest;
import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.action.support.WriteRequest;
import org.elasticsearch.client.Client;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentType;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:com/floragunn/searchguard/legacy/SnapshotRestoreTests.class */
public class SnapshotRestoreTests extends SingleClusterTest {

    @ClassRule
    public static JavaSecurityTestSetup javaSecurity = new JavaSecurityTestSetup();

    @Parameterized.Parameter
    public ClusterConfiguration currentClusterConfig;

    @Parameterized.Parameters
    public static Collection<ClusterConfiguration> data() {
        return Arrays.asList(ClusterConfiguration.DEFAULT);
    }

    @Test
    public void testSnapshotEnableSgIndexRestore() throws Exception {
        setup(Settings.builder().putList("path.repo", new String[]{this.repositoryPath.getRoot().getAbsolutePath()}).put("searchguard.check_snapshot_restore_write_privileges", false).put("searchguard.unsupported.restore.sgindex.enabled", true).build(), this.currentClusterConfig);
        Client privilegedInternalNodeClient = getPrivilegedInternalNodeClient();
        try {
            privilegedInternalNodeClient.index(new IndexRequest("vulcangov").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            privilegedInternalNodeClient.admin().cluster().putRepository(new PutRepositoryRequest("vulcangov").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/vulcangov"))).actionGet();
            privilegedInternalNodeClient.admin().cluster().createSnapshot(new CreateSnapshotRequest("vulcangov", "vulcangov_1").indices(new String[]{"vulcangov"}).includeGlobalState(true).waitForCompletion(true)).actionGet();
            privilegedInternalNodeClient.admin().cluster().putRepository(new PutRepositoryRequest("searchguard").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/searchguard"))).actionGet();
            privilegedInternalNodeClient.admin().cluster().createSnapshot(new CreateSnapshotRequest("searchguard", "searchguard_1").indices(new String[]{"searchguard"}).includeGlobalState(false).waitForCompletion(true)).actionGet();
            privilegedInternalNodeClient.admin().cluster().putRepository(new PutRepositoryRequest("all").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/all"))).actionGet();
            privilegedInternalNodeClient.admin().cluster().createSnapshot(new CreateSnapshotRequest("all", "all_1").indices(new String[]{"*"}).includeGlobalState(false).waitForCompletion(true)).actionGet();
            if (privilegedInternalNodeClient != null) {
                privilegedInternalNodeClient.close();
            }
            RestHelper nonSslRestHelper = nonSslRestHelper();
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/vulcangov", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/vulcangov/vulcangov_1", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_$1\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"include_global_state\": true, \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_with_global_state_$1\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "", encodeBasicHeader("worf", "worf")).getBody(), 403L, r0.getStatusCode());
            Assert.assertEquals(500L, nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"indices\": \"vulcangov\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/searchguard", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/searchguard/searchguard_1", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(500L, nonSslRestHelper.executePostRequest("_snapshot/searchguard/searchguard_1/_restore?wait_for_completion=true", "", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePostRequest("_snapshot/searchguard/searchguard_1/_restore?wait_for_completion=true", "{ \"indices\": \"searchguard\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard_copy\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/all", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/all/all_1", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(500L, nonSslRestHelper.executePostRequest("_snapshot/all/all_1/_restore?wait_for_completion=true", "", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(500L, nonSslRestHelper.executePostRequest("_snapshot/all/all_1/_restore?wait_for_completion=true", "{ \"indices\": \"vulcangov\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeDeleteRequest("searchguard_copy", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePostRequest("_snapshot/all/all_1/_restore?wait_for_completion=true", "{ \"indices\": \"searchguard\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard_copy\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(500L, nonSslRestHelper.executePostRequest("_snapshot/all/unknown-snapshot/_restore?wait_for_completion=true", "", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePostRequest("searchguard/_close", "", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePostRequest("_snapshot/searchguard/searchguard_1/_restore?wait_for_completion=true", "", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePostRequest("searchguard/_open", "", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
        } catch (Throwable th) {
            if (privilegedInternalNodeClient != null) {
                try {
                    privilegedInternalNodeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testSnapshot() throws Exception {
        setup(Settings.builder().putList("path.repo", new String[]{this.repositoryPath.getRoot().getAbsolutePath()}).put("searchguard.check_snapshot_restore_write_privileges", false).build(), this.currentClusterConfig);
        Client privilegedInternalNodeClient = getPrivilegedInternalNodeClient();
        try {
            privilegedInternalNodeClient.index(new IndexRequest("vulcangov").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            privilegedInternalNodeClient.admin().cluster().putRepository(new PutRepositoryRequest("vulcangov").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/vulcangov"))).actionGet();
            privilegedInternalNodeClient.admin().cluster().createSnapshot(new CreateSnapshotRequest("vulcangov", "vulcangov_1").indices(new String[]{"vulcangov"}).includeGlobalState(true).waitForCompletion(true)).actionGet();
            privilegedInternalNodeClient.admin().cluster().putRepository(new PutRepositoryRequest("searchguard").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/searchguard"))).actionGet();
            privilegedInternalNodeClient.admin().cluster().createSnapshot(new CreateSnapshotRequest("searchguard", "searchguard_1").indices(new String[]{"searchguard"}).includeGlobalState(false).waitForCompletion(true)).actionGet();
            privilegedInternalNodeClient.admin().cluster().putRepository(new PutRepositoryRequest("all").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/all"))).actionGet();
            privilegedInternalNodeClient.admin().cluster().createSnapshot(new CreateSnapshotRequest("all", "all_1").indices(new String[]{"*"}).includeGlobalState(false).waitForCompletion(true)).actionGet();
            if (privilegedInternalNodeClient != null) {
                privilegedInternalNodeClient.close();
            }
            RestHelper nonSslRestHelper = nonSslRestHelper();
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/vulcangov", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/vulcangov/vulcangov_1", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_$1\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"include_global_state\": true, \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_with_global_state_$1\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "", encodeBasicHeader("worf", "worf")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"indices\": \"vulcangov\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/searchguard", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/searchguard/searchguard_1", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/searchguard/searchguard_1/_restore?wait_for_completion=true", "", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/searchguard/searchguard_1/_restore?wait_for_completion=true", "{ \"indices\": \"searchguard\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard_copy\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/all", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/all/all_1", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/all/all_1/_restore?wait_for_completion=true", "", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/all/all_1/_restore?wait_for_completion=true", "{ \"indices\": \"vulcangov\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/all/all_1/_restore?wait_for_completion=true", "{ \"indices\": \"searchguard\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard_copy\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            System.out.println("---------------------------------------------------------------");
            Assert.assertEquals(500L, nonSslRestHelper.executePostRequest("_snapshot/all/unknown-snapshot/_restore?wait_for_completion=true", "", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
        } catch (Throwable th) {
            if (privilegedInternalNodeClient != null) {
                try {
                    privilegedInternalNodeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testSnapshotCheckWritePrivileges() throws Exception {
        setup(Settings.builder().putList("path.repo", new String[]{this.repositoryPath.getRoot().getAbsolutePath()}).build(), this.currentClusterConfig);
        Client privilegedInternalNodeClient = getPrivilegedInternalNodeClient();
        try {
            privilegedInternalNodeClient.index(new IndexRequest("vulcangov").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            privilegedInternalNodeClient.admin().cluster().putRepository(new PutRepositoryRequest("vulcangov").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/vulcangov"))).actionGet();
            privilegedInternalNodeClient.admin().cluster().createSnapshot(new CreateSnapshotRequest("vulcangov", "vulcangov_1").indices(new String[]{"vulcangov"}).includeGlobalState(true).waitForCompletion(true)).actionGet();
            privilegedInternalNodeClient.admin().cluster().putRepository(new PutRepositoryRequest("searchguard").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/searchguard"))).actionGet();
            privilegedInternalNodeClient.admin().cluster().createSnapshot(new CreateSnapshotRequest("searchguard", "searchguard_1").indices(new String[]{"searchguard"}).includeGlobalState(false).waitForCompletion(true)).actionGet();
            privilegedInternalNodeClient.admin().cluster().putRepository(new PutRepositoryRequest("all").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/all"))).actionGet();
            privilegedInternalNodeClient.admin().cluster().createSnapshot(new CreateSnapshotRequest("all", "all_1").indices(new String[]{"*"}).includeGlobalState(false).waitForCompletion(true)).actionGet();
            ConfigUpdateResponse configUpdateResponse = (ConfigUpdateResponse) privilegedInternalNodeClient.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config", "roles", "rolesmapping", "internalusers", "actiongroups"})).actionGet();
            Assert.assertFalse(configUpdateResponse.hasFailures());
            Assert.assertEquals(this.currentClusterConfig.getNodes(), configUpdateResponse.getNodes().size());
            System.out.println(configUpdateResponse.getNodesMap());
            if (privilegedInternalNodeClient != null) {
                privilegedInternalNodeClient.close();
            }
            RestHelper nonSslRestHelper = nonSslRestHelper();
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/vulcangov", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/vulcangov/vulcangov_1", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_$1\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"include_global_state\": true, \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_with_global_state_$1\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "", encodeBasicHeader("worf", "worf")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"indices\": \"vulcangov\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/searchguard", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/searchguard/searchguard_1", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/searchguard/searchguard_1/_restore?wait_for_completion=true", "", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/searchguard/searchguard_1/_restore?wait_for_completion=true", "{ \"indices\": \"searchguard\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard_copy\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/all", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executeGetRequest("_snapshot/all/all_1", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/all/all_1/_restore?wait_for_completion=true", "", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/all/all_1/_restore?wait_for_completion=true", "{ \"indices\": \"vulcangov\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/all/all_1/_restore?wait_for_completion=true", "{ \"indices\": \"searchguard\", \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"searchguard_copy\" }", encodeBasicHeader("nagilum", "nagilum")).getStatusCode());
            Assert.assertEquals(nonSslRestHelper.executePostRequest("_snapshot/all/unknown-snapshot/_restore?wait_for_completion=true", "", encodeBasicHeader("nagilum", "nagilum")).getBody(), 500L, r0.getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"$1_restore_1\" }", encodeBasicHeader("restoreuser", "restoreuser")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"$1_restore_2a\" }", encodeBasicHeader("restoreuser", "restoreuser")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"$1_no_restore_1\" }", encodeBasicHeader("restoreuser", "restoreuser")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"$1_no_restore_2\" }", encodeBasicHeader("restoreuser", "restoreuser")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"$1_no_restore_3\" }", encodeBasicHeader("restoreuser", "restoreuser")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/vulcangov/vulcangov_1/_restore?wait_for_completion=true", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"$1_no_restore_4\" }", encodeBasicHeader("restoreuser", "restoreuser")).getStatusCode());
        } catch (Throwable th) {
            if (privilegedInternalNodeClient != null) {
                try {
                    privilegedInternalNodeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testSnapshotRestore() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgActionGroups("sg_action_groups_packaged.yml"), Settings.builder().putList("path.repo", new String[]{this.repositoryPath.getRoot().getAbsolutePath()}).build(), true, this.currentClusterConfig);
        Client privilegedInternalNodeClient = getPrivilegedInternalNodeClient();
        try {
            privilegedInternalNodeClient.index(new IndexRequest("testsnap1").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            privilegedInternalNodeClient.index(new IndexRequest("testsnap2").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            privilegedInternalNodeClient.index(new IndexRequest("testsnap3").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            privilegedInternalNodeClient.index(new IndexRequest("testsnap4").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            privilegedInternalNodeClient.index(new IndexRequest("testsnap5").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            privilegedInternalNodeClient.index(new IndexRequest("testsnap6").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            privilegedInternalNodeClient.admin().cluster().putRepository(new PutRepositoryRequest("bckrepo").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/bckrepo"))).actionGet();
            if (privilegedInternalNodeClient != null) {
                privilegedInternalNodeClient.close();
            }
            RestHelper nonSslRestHelper = nonSslRestHelper();
            Assert.assertEquals(200L, nonSslRestHelper.executePutRequest("_snapshot/bckrepo/" + "{\"indices\": \"testsnap1\",\"ignore_unavailable\": false,\"include_global_state\": false}".hashCode() + "?wait_for_completion=true&pretty", "{\"indices\": \"testsnap1\",\"ignore_unavailable\": false,\"include_global_state\": false}", encodeBasicHeader("snapresuser", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePostRequest("_snapshot/bckrepo/" + "{\"indices\": \"testsnap1\",\"ignore_unavailable\": false,\"include_global_state\": false}".hashCode() + "/_restore?wait_for_completion=true&pretty", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_$1\" }", encodeBasicHeader("snapresuser", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePutRequest("_snapshot/bckrepo/" + "{\"indices\": \"searchguard\",\"ignore_unavailable\": false,\"include_global_state\": false}".hashCode() + "?wait_for_completion=true&pretty", "{\"indices\": \"searchguard\",\"ignore_unavailable\": false,\"include_global_state\": false}", encodeBasicHeader("snapresuser", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/bckrepo/" + "{\"indices\": \"searchguard\",\"ignore_unavailable\": false,\"include_global_state\": false}".hashCode() + "/_restore?wait_for_completion=true&pretty", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_$1\" }", encodeBasicHeader("snapresuser", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePutRequest("_snapshot/bckrepo/" + "{\"indices\": \"testsnap2\",\"ignore_unavailable\": false,\"include_global_state\": true}".hashCode() + "?wait_for_completion=true&pretty", "{\"indices\": \"testsnap2\",\"ignore_unavailable\": false,\"include_global_state\": true}", encodeBasicHeader("snapresuser", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/bckrepo/" + "{\"indices\": \"testsnap2\",\"ignore_unavailable\": false,\"include_global_state\": true}".hashCode() + "/_restore?wait_for_completion=true&pretty", "{ \"include_global_state\": true, \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_$1\" }", encodeBasicHeader("snapresuser", "nagilum")).getStatusCode());
        } catch (Throwable th) {
            if (privilegedInternalNodeClient != null) {
                try {
                    privilegedInternalNodeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testNoSnapshotRestore() throws Exception {
        setup(Settings.EMPTY, new DynamicSgConfig().setSgActionGroups("sg_action_groups_packaged.yml"), Settings.builder().putList("path.repo", new String[]{this.repositoryPath.getRoot().getAbsolutePath()}).put("searchguard.enable_snapshot_restore_privilege", false).build(), true, this.currentClusterConfig);
        Client privilegedInternalNodeClient = getPrivilegedInternalNodeClient();
        try {
            privilegedInternalNodeClient.index(new IndexRequest("testsnap1").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            privilegedInternalNodeClient.index(new IndexRequest("testsnap2").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            privilegedInternalNodeClient.index(new IndexRequest("testsnap3").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            privilegedInternalNodeClient.index(new IndexRequest("testsnap4").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            privilegedInternalNodeClient.index(new IndexRequest("testsnap5").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            privilegedInternalNodeClient.index(new IndexRequest("testsnap6").setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet();
            privilegedInternalNodeClient.admin().cluster().putRepository(new PutRepositoryRequest("bckrepo").type("fs").settings(Settings.builder().put("location", this.repositoryPath.getRoot().getAbsolutePath() + "/bckrepo"))).actionGet();
            if (privilegedInternalNodeClient != null) {
                privilegedInternalNodeClient.close();
            }
            RestHelper nonSslRestHelper = nonSslRestHelper();
            Assert.assertEquals(200L, nonSslRestHelper.executePutRequest("_snapshot/bckrepo/" + "{\"indices\": \"testsnap1\",\"ignore_unavailable\": false,\"include_global_state\": false}".hashCode() + "?wait_for_completion=true&pretty", "{\"indices\": \"testsnap1\",\"ignore_unavailable\": false,\"include_global_state\": false}", encodeBasicHeader("snapresuser", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/bckrepo/" + "{\"indices\": \"testsnap1\",\"ignore_unavailable\": false,\"include_global_state\": false}".hashCode() + "/_restore?wait_for_completion=true&pretty", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_$1\" }", encodeBasicHeader("snapresuser", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePutRequest("_snapshot/bckrepo/" + "{\"indices\": \"searchguard\",\"ignore_unavailable\": false,\"include_global_state\": false}".hashCode() + "?wait_for_completion=true&pretty", "{\"indices\": \"searchguard\",\"ignore_unavailable\": false,\"include_global_state\": false}", encodeBasicHeader("snapresuser", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/bckrepo/" + "{\"indices\": \"searchguard\",\"ignore_unavailable\": false,\"include_global_state\": false}".hashCode() + "/_restore?wait_for_completion=true&pretty", "{ \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_$1\" }", encodeBasicHeader("snapresuser", "nagilum")).getStatusCode());
            Assert.assertEquals(200L, nonSslRestHelper.executePutRequest("_snapshot/bckrepo/" + "{\"indices\": \"testsnap2\",\"ignore_unavailable\": false,\"include_global_state\": true}".hashCode() + "?wait_for_completion=true&pretty", "{\"indices\": \"testsnap2\",\"ignore_unavailable\": false,\"include_global_state\": true}", encodeBasicHeader("snapresuser", "nagilum")).getStatusCode());
            Assert.assertEquals(403L, nonSslRestHelper.executePostRequest("_snapshot/bckrepo/" + "{\"indices\": \"testsnap2\",\"ignore_unavailable\": false,\"include_global_state\": true}".hashCode() + "/_restore?wait_for_completion=true&pretty", "{ \"include_global_state\": true, \"rename_pattern\": \"(.+)\", \"rename_replacement\": \"restored_index_$1\" }", encodeBasicHeader("snapresuser", "nagilum")).getStatusCode());
        } catch (Throwable th) {
            if (privilegedInternalNodeClient != null) {
                try {
                    privilegedInternalNodeClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
