package com.floragunn.searchguard.authz.int_tests;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Document;
import com.floragunn.searchguard.test.GenericRestClient;
import com.floragunn.searchguard.test.RestMatchers;
import com.floragunn.searchguard.test.TestSgConfig;
import com.floragunn.searchguard.test.helper.cluster.LocalCluster;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Collections;
import java.util.Map;
import org.apache.http.Header;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;

/* loaded from: input_file:com/floragunn/searchguard/authz/int_tests/DataStreamDownsampleIntTest.class */
public class DataStreamDownsampleIntTest {
    private static final String DATA_STREAM_NAME = "tsds-iot";
    static TestSgConfig.User USER_WITH_ACCESS_TO_DATA_STREAM_AND_TARGET_INDEX = new TestSgConfig.User("ds_target_access").description("access to ds and downsample target index").roles(new TestSgConfig.Role("r1").dataStreamPermissions("indices:admin/data_stream/get", "indices:admin/rollover", "indices:monitor/stats", "indices:admin/block/add", "indices:admin/xpack/downsample").on(DATA_STREAM_NAME).indexPermissions("indices:admin/create").on("downsample_target*"));
    static TestSgConfig.User USER_WITH_ACCESS_ONLY_TO_DATA_STREAM = new TestSgConfig.User("only_ds_access").description("access only to ds").roles(new TestSgConfig.Role("r1").dataStreamPermissions("indices:admin/data_stream/get", "indices:admin/rollover", "indices:monitor/stats", "indices:admin/block/add", "indices:admin/xpack/downsample").on(DATA_STREAM_NAME));

    @ClassRule
    public static LocalCluster cluster = new LocalCluster.Builder().singleNode().sslEnabled().authzDebug(true).users(USER_WITH_ACCESS_TO_DATA_STREAM_AND_TARGET_INDEX, USER_WITH_ACCESS_ONLY_TO_DATA_STREAM).enterpriseModulesEnabled().dlsFls(new TestSgConfig.DlsFls()).useExternalProcessCluster().build();

    @BeforeClass
    public static void beforeClass() throws Exception {
        GenericRestClient adminCertRestClient = cluster.getAdminCertRestClient();
        try {
            MatcherAssert.assertThat(adminCertRestClient.putJson("_index_template/tsds-iot-template", (Document<?>) DocNode.of("index_patterns", Collections.singletonList("tsds-iot*"), "data_stream", DocNode.EMPTY, "template", DocNode.of("settings.index.mode", "time_series", "settings.index.routing_path", "device_id", "mappings.properties.device_id.type", "keyword", "mappings.properties.device_id.time_series_dimension", true, "mappings.properties.temperature.type", "half_float", new Object[]{"mappings.properties.temperature.time_series_metric", "gauge", "mappings.properties.@timestamp.type", "date"}))), RestMatchers.isOk());
            GenericRestClient.HttpResponse postJson = adminCertRestClient.postJson("tsds-iot/_bulk?refresh=true", String.format("{\"create\": {}}\n{ \"@timestamp\": \"%s\", \"device_id\": \"1\", \"temperature\": 30.5 }\n{\"create\": {}}\n{ \"@timestamp\": \"%s\", \"device_id\": \"2\", \"temperature\": 14 }\n{\"create\": {}}\n{ \"@timestamp\": \"%s\", \"device_id\": \"1\", \"temperature\": 18 }\n{\"create\": {}}\n{ \"@timestamp\": \"%s\", \"device_id\": \"2\", \"temperature\": 10.5 }\n", Instant.now().minus(10L, (TemporalUnit) ChronoUnit.MINUTES).toString(), Instant.now().minus(15L, (TemporalUnit) ChronoUnit.MINUTES).toString(), Instant.now().minus(7L, (TemporalUnit) ChronoUnit.MINUTES).toString(), Instant.now().plus(3L, (TemporalUnit) ChronoUnit.MINUTES)), new Header[0]);
            MatcherAssert.assertThat(postJson, RestMatchers.isOk());
            MatcherAssert.assertThat(postJson, RestMatchers.json(RestMatchers.nodeAt("errors", Matchers.equalTo(false))));
            MatcherAssert.assertThat(postJson, RestMatchers.json(RestMatchers.nodeAt("$.items[*].create.result", Matchers.hasSize(4))));
            MatcherAssert.assertThat(postJson, RestMatchers.json(RestMatchers.nodeAt("$.items[*].create.result", Matchers.everyItem(Matchers.equalTo("created")))));
            if (adminCertRestClient != null) {
                adminCertRestClient.close();
            }
        } catch (Throwable th) {
            if (adminCertRestClient != null) {
                try {
                    adminCertRestClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testDownsampleTimeSeriesDataStreamIndex() throws Exception {
        GenericRestClient restClient = cluster.getRestClient(USER_WITH_ACCESS_TO_DATA_STREAM_AND_TARGET_INDEX, new Header[0]);
        try {
            GenericRestClient.HttpResponse httpResponse = restClient.get("/_data_stream/tsds-iot", new Header[0]);
            MatcherAssert.assertThat(httpResponse, RestMatchers.isOk());
            String str = (String) httpResponse.getBodyAsDocNode().findSingleValueByJsonPath("$.data_streams[0].indices[0].index_name", String.class);
            MatcherAssert.assertThat(restClient.post("tsds-iot/_rollover"), RestMatchers.isOk());
            MatcherAssert.assertThat(restClient.put(str + "/_block/write"), RestMatchers.isOk());
            MatcherAssert.assertThat(restClient.postJson(str + "/_downsample/downsample_target_1", (Map<String, Object>) DocNode.of("fixed_interval", "1h"), new Header[0]), RestMatchers.isOk());
            if (restClient != null) {
                restClient.close();
            }
            restClient = cluster.getRestClient(USER_WITH_ACCESS_ONLY_TO_DATA_STREAM, new Header[0]);
            try {
                GenericRestClient.HttpResponse httpResponse2 = restClient.get("/_data_stream/tsds-iot", new Header[0]);
                MatcherAssert.assertThat(httpResponse2, RestMatchers.isOk());
                String str2 = (String) httpResponse2.getBodyAsDocNode().findSingleValueByJsonPath("$.data_streams[0].indices[0].index_name", String.class);
                MatcherAssert.assertThat(restClient.post("tsds-iot/_rollover"), RestMatchers.isOk());
                MatcherAssert.assertThat(restClient.put(str2 + "/_block/write"), RestMatchers.isOk());
                MatcherAssert.assertThat(restClient.postJson(str2 + "/_downsample/downsample_target_2", (Map<String, Object>) DocNode.of("fixed_interval", "1h"), new Header[0]), RestMatchers.isForbidden());
                if (restClient != null) {
                    restClient.close();
                }
            } finally {
            }
        } finally {
        }
    }
}
