package com.floragunn.searchguard.configuration.validation;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Parser;
import com.floragunn.codova.validation.errors.ValidationError;
import com.floragunn.fluent.collections.ImmutableList;
import com.floragunn.searchguard.authz.config.Role;
import com.floragunn.searchguard.authz.config.Tenant;
import com.floragunn.searchguard.configuration.CType;
import com.floragunn.searchguard.configuration.ConfigMap;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.configuration.SgDynamicConfiguration;
import java.util.Collection;
import java.util.List;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:com/floragunn/searchguard/configuration/validation/RoleRelationsValidatorTest.class */
public class RoleRelationsValidatorTest {

    @Mock
    private ConfigurationRepository configurationRepository;
    private RoleRelationsValidator roleRelationsValidator;

    @Before
    public void setUp() throws Exception {
        this.roleRelationsValidator = new RoleRelationsValidator(this.configurationRepository);
    }

    @Test
    public void configEntry_shouldValidateRelations_noTenantMatchesGivenPattern() throws Exception {
        this.roleRelationsValidator.setConfigMap((ConfigMap) null);
        List validateConfigEntry = this.roleRelationsValidator.validateConfigEntry((Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "fake")})), (ConfigurationRepository.Context) null).get());
        MatcherAssert.assertThat(validateConfigEntry, Matchers.hasSize(1));
        MatcherAssert.assertThat(((ValidationError) validateConfigEntry.get(0)).getAttribute(), Matchers.equalTo("_"));
        MatcherAssert.assertThat(((ValidationError) validateConfigEntry.get(0)).getMessage(), Matchers.equalTo("Tenant pattern: 'fake' does not match any tenant"));
        this.roleRelationsValidator.setConfigMap(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "fake1", (Tenant) Tenant.parse(DocNode.of("description", "test tenant"), (Parser.Context) null).get())));
        List validateConfigEntry2 = this.roleRelationsValidator.validateConfigEntry((Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "fake")})), (ConfigurationRepository.Context) null).get());
        MatcherAssert.assertThat(validateConfigEntry2, Matchers.hasSize(1));
        MatcherAssert.assertThat(((ValidationError) validateConfigEntry2.get(0)).getAttribute(), Matchers.equalTo("_"));
        MatcherAssert.assertThat(((ValidationError) validateConfigEntry2.get(0)).getMessage(), Matchers.equalTo("Tenant pattern: 'fake' does not match any tenant"));
    }

    @Test
    public void configEntry_shouldValidateRelations_tenantMatchingGivenPatternExists() throws Exception {
        this.roleRelationsValidator.setConfigMap(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "exists", (Tenant) Tenant.parse(DocNode.of("description", "test tenant"), (Parser.Context) null).get())));
        MatcherAssert.assertThat(this.roleRelationsValidator.validateConfigEntry((Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "exist*")})), (ConfigurationRepository.Context) null).get()), Matchers.empty());
    }

    @Test
    public void configEntry_shouldDoNothing_configTypeNotSupported() throws Exception {
        this.roleRelationsValidator.setConfigMap(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "exists", (Tenant) Tenant.parse(DocNode.of("description", "test tenant"), (Parser.Context) null).get())));
        MatcherAssert.assertThat(this.roleRelationsValidator.validateConfigEntry(new Tenant((DocNode) null, false, false, false, (String) null)), Matchers.empty());
    }

    @Test
    public void configEntry_shouldDoNothing_configIsNull() throws Exception {
        this.roleRelationsValidator.setConfigMap(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "exists", (Tenant) Tenant.parse(DocNode.of("description", "test tenant"), (Parser.Context) null).get())));
        MatcherAssert.assertThat(this.roleRelationsValidator.validateConfigEntry(new Tenant((DocNode) null, false, false, false, (String) null)), Matchers.empty());
    }

    @Test
    public void config_shouldValidateRelations_noTenantMatchesOneOfGivenPatterns() throws Exception {
        this.roleRelationsValidator.setConfigMap(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "exists", (Tenant) Tenant.parse(DocNode.of("description", "test tenant"), (Parser.Context) null).get())));
        List validateConfig = this.roleRelationsValidator.validateConfig(SgDynamicConfiguration.of(CType.ROLES, "role1", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "fake")})), (ConfigurationRepository.Context) null).get(), "role2", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "exists")})), (ConfigurationRepository.Context) null).get()));
        MatcherAssert.assertThat(validateConfig, Matchers.hasSize(1));
        MatcherAssert.assertThat(((ValidationError) validateConfig.get(0)).getAttribute(), Matchers.equalTo("roles.role1"));
        MatcherAssert.assertThat(((ValidationError) validateConfig.get(0)).getMessage(), Matchers.equalTo("Tenant pattern: 'fake' does not match any tenant"));
    }

    @Test
    public void config_shouldValidateRelations_tenantsMatchingAllOfGivenPatternsExist() throws Exception {
        this.roleRelationsValidator.setConfigMap(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "first", (Tenant) Tenant.parse(DocNode.of("description", "first test tenant"), (Parser.Context) null).get(), "second", (Tenant) Tenant.parse(DocNode.of("description", "second test tenant"), (Parser.Context) null).get())));
        MatcherAssert.assertThat(this.roleRelationsValidator.validateConfig(SgDynamicConfiguration.of(CType.ROLES, "role1", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "firs*")})), (ConfigurationRepository.Context) null).get(), "role2", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "se*nd")})), (ConfigurationRepository.Context) null).get())), Matchers.hasSize(0));
    }

    @Test
    public void config_shouldDoNothing_configTypeNotSupported() throws Exception {
        this.roleRelationsValidator.setConfigMap(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "first", (Tenant) Tenant.parse(DocNode.of("description", "first test tenant"), (Parser.Context) null).get(), "second", (Tenant) Tenant.parse(DocNode.of("description", "second test tenant"), (Parser.Context) null).get())));
        MatcherAssert.assertThat(this.roleRelationsValidator.validateConfig(SgDynamicConfiguration.of(CType.TENANTS, "a", new Tenant((DocNode) null, false, false, false, (String) null))), Matchers.hasSize(0));
    }

    @Test
    public void config_shouldDoNothing_configIsNull() throws Exception {
        this.roleRelationsValidator.setConfigMap(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "first", (Tenant) Tenant.parse(DocNode.of("description", "first test tenant"), (Parser.Context) null).get(), "second", (Tenant) Tenant.parse(DocNode.of("description", "second test tenant"), (Parser.Context) null).get())));
        MatcherAssert.assertThat(this.roleRelationsValidator.validateConfig((SgDynamicConfiguration) null), Matchers.hasSize(0));
    }

    @Test
    public void configList_shouldValidateRelations_newRolesAndTenantsConfigsArePresent_noTenantMatchesOneOfGivenPatterns() throws Exception {
        this.roleRelationsValidator.setConfigMap(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "first", (Tenant) Tenant.parse(DocNode.of("description", "first test tenant"), (Parser.Context) null).get(), "second", (Tenant) Tenant.parse(DocNode.of("description", "second test tenant"), (Parser.Context) null).get())));
        List validateConfigs = this.roleRelationsValidator.validateConfigs(ImmutableList.of(SgDynamicConfiguration.of(CType.ROLES, "role1", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "firs*")})), (ConfigurationRepository.Context) null).get(), "role2", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "se*nd")})), (ConfigurationRepository.Context) null).get()), SgDynamicConfiguration.of(CType.TENANTS, "second", (Tenant) Tenant.parse(DocNode.of("description", "second test tenant"), (Parser.Context) null).get(), "third", (Tenant) Tenant.parse(DocNode.of("description", "third test tenant"), (Parser.Context) null).get())));
        MatcherAssert.assertThat(validateConfigs, Matchers.hasSize(1));
        MatcherAssert.assertThat(((ValidationError) validateConfigs.get(0)).getAttribute(), Matchers.equalTo("roles.role1"));
        MatcherAssert.assertThat(((ValidationError) validateConfigs.get(0)).getMessage(), Matchers.equalTo("Tenant pattern: 'firs*' does not match any tenant"));
    }

    @Test
    public void configList_shouldValidateRelations_newRolesAndTenantsConfigsArePresent_tenantsMatchingAllOfGivenPatternsExist() throws Exception {
        this.roleRelationsValidator.setConfigMap(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "first", (Tenant) Tenant.parse(DocNode.of("description", "first test tenant"), (Parser.Context) null).get(), "second", (Tenant) Tenant.parse(DocNode.of("description", "second test tenant"), (Parser.Context) null).get())));
        MatcherAssert.assertThat(this.roleRelationsValidator.validateConfigs(ImmutableList.of(SgDynamicConfiguration.of(CType.ROLES, "role1", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "thi*")})), (ConfigurationRepository.Context) null).get(), "role2", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "fo*th")})), (ConfigurationRepository.Context) null).get()), SgDynamicConfiguration.of(CType.TENANTS, "third", (Tenant) Tenant.parse(DocNode.of("description", "third test tenant"), (Parser.Context) null).get(), "fourth", (Tenant) Tenant.parse(DocNode.of("description", "fourth test tenant"), (Parser.Context) null).get()))), Matchers.hasSize(0));
    }

    @Test
    public void configList_shouldValidateRelations_onlyNewRolesConfigIsPresent_noTenantMatchesOneOfGivenPatterns() throws Exception {
        this.roleRelationsValidator.setConfigMap(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "first", (Tenant) Tenant.parse(DocNode.of("description", "first test tenant"), (Parser.Context) null).get(), "second", (Tenant) Tenant.parse(DocNode.of("description", "second test tenant"), (Parser.Context) null).get())));
        List validateConfigs = this.roleRelationsValidator.validateConfigs(ImmutableList.of(SgDynamicConfiguration.of(CType.ROLES, "role1", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "firs*")})), (ConfigurationRepository.Context) null).get(), "role2", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "se*nds")})), (ConfigurationRepository.Context) null).get())));
        MatcherAssert.assertThat(validateConfigs, Matchers.hasSize(1));
        MatcherAssert.assertThat(((ValidationError) validateConfigs.get(0)).getAttribute(), Matchers.equalTo("roles.role2"));
        MatcherAssert.assertThat(((ValidationError) validateConfigs.get(0)).getMessage(), Matchers.equalTo("Tenant pattern: 'se*nds' does not match any tenant"));
    }

    @Test
    public void configList_shouldValidateRelations_onlyNewRolesConfigIsPresent_tenantsMatchingAllOfGivenPatternsExist() throws Exception {
        this.roleRelationsValidator.setConfigMap(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "first", (Tenant) Tenant.parse(DocNode.of("description", "first test tenant"), (Parser.Context) null).get(), "second", (Tenant) Tenant.parse(DocNode.of("description", "second test tenant"), (Parser.Context) null).get())));
        MatcherAssert.assertThat(this.roleRelationsValidator.validateConfigs(ImmutableList.of(SgDynamicConfiguration.of(CType.ROLES, "role1", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "f*")})), (ConfigurationRepository.Context) null).get(), "role2", (Role) Role.parse(DocNode.of("tenant_permissions", DocNode.array(new Object[]{DocNode.of("tenant_patterns", "s*")})), (ConfigurationRepository.Context) null).get()))), Matchers.hasSize(0));
    }

    @Test
    public void configList_shouldValidateRelations_shouldDoNothing_listIsNull() throws Exception {
        this.roleRelationsValidator.setConfigMap(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "first", (Tenant) Tenant.parse(DocNode.of("description", "first test tenant"), (Parser.Context) null).get(), "second", (Tenant) Tenant.parse(DocNode.of("description", "second test tenant"), (Parser.Context) null).get())));
        MatcherAssert.assertThat(this.roleRelationsValidator.validateConfigs((List) null), Matchers.hasSize(0));
    }

    @Test
    public void configList_shouldValidateRelations_shouldDoNothing_listContainsOnlyNullElement() throws Exception {
        this.roleRelationsValidator.setConfigMap(configMapWithConfig(SgDynamicConfiguration.of(CType.TENANTS, "first", (Tenant) Tenant.parse(DocNode.of("description", "first test tenant"), (Parser.Context) null).get(), "second", (Tenant) Tenant.parse(DocNode.of("description", "second test tenant"), (Parser.Context) null).get())));
        MatcherAssert.assertThat(this.roleRelationsValidator.validateConfigs(ImmutableList.of((Collection) null)), Matchers.hasSize(0));
    }

    private ConfigMap configMapWithConfig(SgDynamicConfiguration<?> sgDynamicConfiguration) {
        return new ConfigMap.Builder("index").with(sgDynamicConfiguration).build();
    }
}
