package com.floragunn.searchguard.configuration;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Parser;
import com.floragunn.codova.validation.errors.ValidationError;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.searchguard.authz.config.Role;
import com.floragunn.searchguard.authz.config.Tenant;
import com.floragunn.searchguard.configuration.ConfigMap;
import java.util.List;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:com/floragunn/searchguard/configuration/ConfigsRelationsValidatorTest.class */
public class ConfigsRelationsValidatorTest {

    @Mock
    private ConfigurationRepository configurationRepository;
    private ConfigsRelationsValidator configsRelationsValidator;

    @Before
    public void setUp() throws Exception {
        this.configsRelationsValidator = new ConfigsRelationsValidator(this.configurationRepository);
    }

    @Test
    public void shouldValidateRoleEntryRelations_noTenantMatchesGivenPattern() throws Exception {
        this.configsRelationsValidator.onCofigurationChange((ConfigMap) null);
        List validateConfigEntryRelations = this.configsRelationsValidator.validateConfigEntryRelations((Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "fake")})), (Parser.Context) null).get());
        MatcherAssert.assertThat(validateConfigEntryRelations, Matchers.hasSize(1));
        MatcherAssert.assertThat(((ValidationError) validateConfigEntryRelations.get(0)).getAttribute(), Matchers.equalTo("_"));
        MatcherAssert.assertThat(((ValidationError) validateConfigEntryRelations.get(0)).getMessage(), Matchers.equalTo("Tenant pattern: 'fake' does not match any tenant"));
        this.configsRelationsValidator.onCofigurationChange(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "fake1", (Tenant) Tenant.parse(DocNode.of("description", "test tenant"), (Parser.Context) null).get())));
        List validateConfigEntryRelations2 = this.configsRelationsValidator.validateConfigEntryRelations((Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "fake")})), (Parser.Context) null).get());
        MatcherAssert.assertThat(validateConfigEntryRelations2, Matchers.hasSize(1));
        MatcherAssert.assertThat(((ValidationError) validateConfigEntryRelations2.get(0)).getAttribute(), Matchers.equalTo("_"));
        MatcherAssert.assertThat(((ValidationError) validateConfigEntryRelations2.get(0)).getMessage(), Matchers.equalTo("Tenant pattern: 'fake' does not match any tenant"));
    }

    @Test
    public void shouldValidateRoleEntryRelations_tenantMatchingGivenPatternExists() throws Exception {
        this.configsRelationsValidator.onCofigurationChange(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "exists", (Tenant) Tenant.parse(DocNode.of("description", "test tenant"), (Parser.Context) null).get())));
        MatcherAssert.assertThat(this.configsRelationsValidator.validateConfigEntryRelations((Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "exist*")})), (Parser.Context) null).get()), Matchers.empty());
    }

    @Test
    public void shouldValidateRoleConfigRelations_noTenantMatchesOneOfGivenPatterns() throws Exception {
        this.configsRelationsValidator.onCofigurationChange(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "exists", (Tenant) Tenant.parse(DocNode.of("description", "test tenant"), (Parser.Context) null).get())));
        List validateConfigRelations = this.configsRelationsValidator.validateConfigRelations(SgDynamicConfiguration.of(CType.ROLES, "role1", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "fake")})), (Parser.Context) null).get(), "role2", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "exists")})), (Parser.Context) null).get()));
        MatcherAssert.assertThat(validateConfigRelations, Matchers.hasSize(1));
        MatcherAssert.assertThat(((ValidationError) validateConfigRelations.get(0)).getAttribute(), Matchers.equalTo("roles.role1"));
        MatcherAssert.assertThat(((ValidationError) validateConfigRelations.get(0)).getMessage(), Matchers.equalTo("Tenant pattern: 'fake' does not match any tenant"));
    }

    @Test
    public void shouldValidateRoleConfigRelations_tenantsMatchingAllOfGivenPatternsExist() throws Exception {
        this.configsRelationsValidator.onCofigurationChange(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "first", (Tenant) Tenant.parse(DocNode.of("description", "first test tenant"), (Parser.Context) null).get(), "second", (Tenant) Tenant.parse(DocNode.of("description", "second test tenant"), (Parser.Context) null).get())));
        MatcherAssert.assertThat(this.configsRelationsValidator.validateConfigRelations(SgDynamicConfiguration.of(CType.ROLES, "role1", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "firs*")})), (Parser.Context) null).get(), "role2", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "se*nd")})), (Parser.Context) null).get())), Matchers.hasSize(0));
    }

    @Test
    public void shouldValidateConfigsRelations_newRolesAndTenantsConfigsArePresent_noTenantMatchesOneOfGivenPatterns() throws Exception {
        this.configsRelationsValidator.onCofigurationChange(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "first", (Tenant) Tenant.parse(DocNode.of("description", "first test tenant"), (Parser.Context) null).get(), "second", (Tenant) Tenant.parse(DocNode.of("description", "second test tenant"), (Parser.Context) null).get())));
        List validateConfigsRelations = this.configsRelationsValidator.validateConfigsRelations(ImmutableList.of(SgDynamicConfiguration.of(CType.ROLES, "role1", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "firs*")})), (Parser.Context) null).get(), "role2", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "se*nd")})), (Parser.Context) null).get()), SgDynamicConfiguration.of(CType.TENANTS, "second", (Tenant) Tenant.parse(DocNode.of("description", "second test tenant"), (Parser.Context) null).get(), "third", (Tenant) Tenant.parse(DocNode.of("description", "third test tenant"), (Parser.Context) null).get())));
        MatcherAssert.assertThat(validateConfigsRelations, Matchers.hasSize(1));
        MatcherAssert.assertThat(((ValidationError) validateConfigsRelations.get(0)).getAttribute(), Matchers.equalTo("roles.role1"));
        MatcherAssert.assertThat(((ValidationError) validateConfigsRelations.get(0)).getMessage(), Matchers.equalTo("Tenant pattern: 'firs*' does not match any tenant"));
    }

    @Test
    public void shouldValidateConfigsRelations_newRolesAndTenantsConfigsArePresent_tenantsMatchingAllOfGivenPatternsExist() throws Exception {
        this.configsRelationsValidator.onCofigurationChange(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "first", (Tenant) Tenant.parse(DocNode.of("description", "first test tenant"), (Parser.Context) null).get(), "second", (Tenant) Tenant.parse(DocNode.of("description", "second test tenant"), (Parser.Context) null).get())));
        MatcherAssert.assertThat(this.configsRelationsValidator.validateConfigsRelations(ImmutableList.of(SgDynamicConfiguration.of(CType.ROLES, "role1", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "thi*")})), (Parser.Context) null).get(), "role2", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "fo*th")})), (Parser.Context) null).get()), SgDynamicConfiguration.of(CType.TENANTS, "third", (Tenant) Tenant.parse(DocNode.of("description", "third test tenant"), (Parser.Context) null).get(), "fourth", (Tenant) Tenant.parse(DocNode.of("description", "fourth test tenant"), (Parser.Context) null).get()))), Matchers.hasSize(0));
    }

    @Test
    public void shouldValidateConfigsRelations_onlyNewRolesConfigIsPresent_noTenantMatchesOneOfGivenPatterns() throws Exception {
        this.configsRelationsValidator.onCofigurationChange(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "first", (Tenant) Tenant.parse(DocNode.of("description", "first test tenant"), (Parser.Context) null).get(), "second", (Tenant) Tenant.parse(DocNode.of("description", "second test tenant"), (Parser.Context) null).get())));
        List validateConfigsRelations = this.configsRelationsValidator.validateConfigsRelations(ImmutableList.of(SgDynamicConfiguration.of(CType.ROLES, "role1", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "firs*")})), (Parser.Context) null).get(), "role2", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "se*nds")})), (Parser.Context) null).get())));
        MatcherAssert.assertThat(validateConfigsRelations, Matchers.hasSize(1));
        MatcherAssert.assertThat(((ValidationError) validateConfigsRelations.get(0)).getAttribute(), Matchers.equalTo("roles.role2"));
        MatcherAssert.assertThat(((ValidationError) validateConfigsRelations.get(0)).getMessage(), Matchers.equalTo("Tenant pattern: 'se*nds' does not match any tenant"));
    }

    @Test
    public void shouldValidateConfigsRelations_onlyNewRolesConfigIsPresent_tenantsMatchingAllOfGivenPatternsExist() throws Exception {
        this.configsRelationsValidator.onCofigurationChange(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "first", (Tenant) Tenant.parse(DocNode.of("description", "first test tenant"), (Parser.Context) null).get(), "second", (Tenant) Tenant.parse(DocNode.of("description", "second test tenant"), (Parser.Context) null).get())));
        MatcherAssert.assertThat(this.configsRelationsValidator.validateConfigsRelations(ImmutableList.of(SgDynamicConfiguration.of(CType.ROLES, "role1", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "f*")})), (Parser.Context) null).get(), "role2", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "s*")})), (Parser.Context) null).get()))), Matchers.hasSize(0));
    }

    private ConfigMap configMapWithConfig(SgDynamicConfiguration<?> sgDynamicConfiguration) {
        return new ConfigMap.Builder("index").with(sgDynamicConfiguration).build();
    }
}
