package acceptance;

import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.io.CharSource;
import io.digdag.client.DigdagClient;
import io.digdag.client.api.Id;
import java.io.ByteArrayInputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.time.Duration;
import java.util.Base64;
import java.util.Map;
import org.apache.commons.io.output.ByteArrayOutputStream;
import org.apache.commons.lang3.RandomUtils;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import utils.CommandStatus;
import utils.TemporaryDigdagServer;
import utils.TestUtils;

/* loaded from: input_file:acceptance/SecretsIT.class */
public class SecretsIT {

    @Rule
    public TemporaryFolder folder = new TemporaryFolder();
    private TemporaryDigdagServer server;
    private Path config;
    private Path projectDir;
    private DigdagClient client;

    @Before
    public void setUp() throws Exception {
        this.projectDir = this.folder.newFolder().toPath().toAbsolutePath().normalize();
        this.config = this.folder.newFile().toPath();
    }

    @After
    public void tearDownClient() throws Exception {
        if (this.client != null) {
            this.client.close();
            this.client = null;
        }
    }

    @After
    public void tearDownServer() throws Exception {
        if (this.server != null) {
            this.server.close();
            this.server = null;
        }
    }

    private void startServer() throws Exception {
        this.server = TemporaryDigdagServer.builder().configuration("digdag.secret-encryption-key = " + Base64.getEncoder().encodeToString(RandomUtils.nextBytes(16))).build();
        this.server.start();
        this.client = DigdagClient.builder().host(this.server.host()).port(this.server.port()).build();
    }

    @Test
    public void testSetListDeleteProjectSecrets() throws Exception {
        startServer();
        CommandStatus main = TestUtils.main("push", "--project", this.projectDir.toString(), "test", "-c", this.config.toString(), "-e", this.server.endpoint());
        MatcherAssert.assertThat(main.errUtf8(), Integer.valueOf(main.code()), Matchers.is(0));
        Path path = this.folder.newFile().toPath();
        Files.write(path, (Iterable<? extends CharSequence>) ImmutableList.of("value3"), new OpenOption[0]);
        CommandStatus main2 = TestUtils.main("secrets", "-c", this.config.toString(), "-e", this.server.endpoint(), "--project", "test", "--set", "key1=value1", "key2=value2", "key3=@" + path.toString());
        MatcherAssert.assertThat(main2.errUtf8(), Integer.valueOf(main2.code()), Matchers.is(0));
        MatcherAssert.assertThat(main2.errUtf8(), Matchers.containsString("Secret 'key1' set"));
        MatcherAssert.assertThat(main2.errUtf8(), Matchers.containsString("Secret 'key2' set"));
        MatcherAssert.assertThat(main2.errUtf8(), Matchers.containsString("Secret 'key3' set"));
        CommandStatus main3 = TestUtils.main(new ByteArrayInputStream("value4".getBytes(StandardCharsets.US_ASCII)), "secrets", "-c", this.config.toString(), "-e", this.server.endpoint(), "--project", "test", "--set", "key4=-");
        MatcherAssert.assertThat(main3.errUtf8(), Integer.valueOf(main3.code()), Matchers.is(0));
        MatcherAssert.assertThat(main3.errUtf8(), Matchers.containsString("Secret 'key4' set"));
        YAMLFactory yAMLFactory = new YAMLFactory();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TestUtils.objectMapper().writeValue(yAMLFactory.createGenerator(byteArrayOutputStream), ImmutableMap.of("key5", "value5", "key6", "value6"));
        CommandStatus main4 = TestUtils.main(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), "secrets", "-c", this.config.toString(), "-e", this.server.endpoint(), "--project", "test", "--set", "@-");
        MatcherAssert.assertThat(main4.errUtf8(), Integer.valueOf(main4.code()), Matchers.is(0));
        MatcherAssert.assertThat(main4.errUtf8(), Matchers.containsString("Secret 'key5' set"));
        MatcherAssert.assertThat(main4.errUtf8(), Matchers.containsString("Secret 'key6' set"));
        Path resolve = this.folder.newFolder().toPath().resolve("secrets.yaml");
        OutputStream newOutputStream = Files.newOutputStream(resolve, new OpenOption[0]);
        Throwable th = null;
        try {
            TestUtils.objectMapper().writeValue(yAMLFactory.createGenerator(newOutputStream), ImmutableMap.of("key7", "value7", "key8", "value8"));
            CommandStatus main5 = TestUtils.main("secrets", "-c", this.config.toString(), "-e", this.server.endpoint(), "--project", "test", "--set", "@" + resolve);
            MatcherAssert.assertThat(main5.errUtf8(), Integer.valueOf(main5.code()), Matchers.is(0));
            MatcherAssert.assertThat(main5.errUtf8(), Matchers.containsString("Secret 'key7' set"));
            MatcherAssert.assertThat(main5.errUtf8(), Matchers.containsString("Secret 'key8' set"));
            if (newOutputStream != null) {
                if (0 != 0) {
                    try {
                        newOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    newOutputStream.close();
                }
            }
            CommandStatus main6 = TestUtils.main("secrets", "-c", this.config.toString(), "-e", this.server.endpoint(), "--project", "test");
            MatcherAssert.assertThat(main6.errUtf8(), Integer.valueOf(main6.code()), Matchers.is(0));
            MatcherAssert.assertThat(CharSource.wrap(main6.outUtf8()).readLines(), Matchers.containsInAnyOrder(new String[]{"key1", "key2", "key3", "key4", "key5", "key6", "key7", "key8"}));
            CommandStatus main7 = TestUtils.main("secrets", "-c", this.config.toString(), "-e", this.server.endpoint(), "--project", "test", "--delete", "key1", "--delete", "key2", "key3");
            MatcherAssert.assertThat(main7.errUtf8(), Integer.valueOf(main7.code()), Matchers.is(0));
            MatcherAssert.assertThat(main7.errUtf8(), Matchers.containsString("Secret 'key1' deleted"));
            MatcherAssert.assertThat(main7.errUtf8(), Matchers.containsString("Secret 'key2' deleted"));
            MatcherAssert.assertThat(main7.errUtf8(), Matchers.containsString("Secret 'key3' deleted"));
            CommandStatus main8 = TestUtils.main("secrets", "-c", this.config.toString(), "-e", this.server.endpoint(), "--project", "test");
            MatcherAssert.assertThat(main8.errUtf8(), Integer.valueOf(main8.code()), Matchers.is(0));
            MatcherAssert.assertThat(CharSource.wrap(main8.outUtf8()).readLines(), Matchers.containsInAnyOrder(new String[]{"key4", "key5", "key6", "key7", "key8"}));
        } catch (Throwable th3) {
            if (newOutputStream != null) {
                if (0 != 0) {
                    try {
                        newOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newOutputStream.close();
                }
            }
            throw th3;
        }
    }

    private void testUseProjectSecret(String str) throws Exception {
        startServer();
        TestUtils.copyResource("acceptance/secrets/echo_secret.dig", this.projectDir);
        TestUtils.copyResource("acceptance/secrets/echo_secret_parameterized.dig", this.projectDir);
        TestUtils.pushProject(this.server.endpoint(), this.projectDir, "test");
        String str2 = str + "1";
        String str3 = str + "2";
        CommandStatus main = TestUtils.main("secrets", "-c", this.config.toString(), "-e", this.server.endpoint(), "--project", "test", "--set", "key1=" + str2, "key2=" + str3);
        MatcherAssert.assertThat(main.errUtf8(), Integer.valueOf(main.code()), Matchers.is(0));
        Path resolve = this.folder.newFolder().toPath().toAbsolutePath().normalize().resolve("out");
        Path resolve2 = this.folder.newFolder().toPath().toAbsolutePath().normalize().resolve("out-parameterized");
        Id startWorkflow = TestUtils.startWorkflow(this.server.endpoint(), "test", "echo_secret", ImmutableMap.of("OUTFILE", resolve.toString()));
        Id startWorkflow2 = TestUtils.startWorkflow(this.server.endpoint(), "test", "echo_secret_parameterized", ImmutableMap.of("secret_key", "key2", "OUTFILE", resolve2.toString()));
        TestUtils.expect(Duration.ofMinutes(5L), TestUtils.attemptSuccess(this.server.endpoint(), startWorkflow));
        TestUtils.expect(Duration.ofMinutes(5L), TestUtils.attemptSuccess(this.server.endpoint(), startWorkflow2));
        MatcherAssert.assertThat(Files.readAllLines(resolve), Matchers.contains(new String[]{str2}));
        MatcherAssert.assertThat(Files.readAllLines(resolve2), Matchers.contains(new String[]{str3}));
        CommandStatus main2 = TestUtils.main("secrets", "-c", this.config.toString(), "-e", this.server.endpoint(), "--project", "test", "--delete", "key1");
        MatcherAssert.assertThat(main2.errUtf8(), Integer.valueOf(main2.code()), Matchers.is(0));
        MatcherAssert.assertThat(main2.errUtf8(), Matchers.containsString("Secret 'key1' deleted"));
        Id startWorkflow3 = TestUtils.startWorkflow(this.server.endpoint(), "test", "echo_secret", ImmutableMap.of("OUTFILE", this.folder.newFolder().toPath().toAbsolutePath().normalize().resolve("out").toString()));
        TestUtils.expect(Duration.ofMinutes(5L), TestUtils.attemptFailure(this.server.endpoint(), startWorkflow3));
        MatcherAssert.assertThat(TestUtils.getAttemptLogs(this.client, startWorkflow3), Matchers.containsString("Secret not found for key: 'key1'"));
    }

    @Test
    public void useProjectSecretWithNormalValue() throws Exception {
        testUseProjectSecret("value");
    }

    @Test
    public void useProjectSecretWithSymbolValue() throws Exception {
        testUseProjectSecret("!#$%*+-=?@^_$");
    }

    @Test
    public void useProjectSecretWithSymbolValueConsideringCompatibility() throws Exception {
        testUseProjectSecret("!#\\$%*+-=?@^_\\$");
    }

    @Test
    public void testUseProjectSecret() throws Exception {
        TestUtils.addWorkflow(this.projectDir, "acceptance/secrets/echo_secret.dig");
        ImmutableMap of = ImmutableMap.of("DIGDAG_CONFIG_HOME", this.folder.newFolder().toPath().toString());
        CommandStatus main = TestUtils.main((Map<String, String>) of, "secrets", "-c", this.config.toString(), "--local", "--set", "key1=value1", "key2=value2");
        MatcherAssert.assertThat(main.errUtf8(), Integer.valueOf(main.code()), Matchers.is(0));
        MatcherAssert.assertThat(main.errUtf8(), Matchers.containsString("Secret 'key1' set"));
        MatcherAssert.assertThat(main.errUtf8(), Matchers.containsString("Secret 'key2' set"));
        CommandStatus main2 = TestUtils.main((Map<String, String>) of, "secrets", "-c", this.config.toString(), "--local");
        MatcherAssert.assertThat(main2.errUtf8(), Integer.valueOf(main2.code()), Matchers.is(0));
        MatcherAssert.assertThat(main2.outUtf8(), Matchers.containsString("key1"));
        MatcherAssert.assertThat(main2.outUtf8(), Matchers.containsString("key2"));
        MatcherAssert.assertThat(main2.outUtf8(), Matchers.not(Matchers.containsString("value1")));
        MatcherAssert.assertThat(main2.outUtf8(), Matchers.not(Matchers.containsString("value2")));
        MatcherAssert.assertThat(main2.outUtf8(), Matchers.not(Matchers.containsString("value3")));
        Path resolve = this.folder.newFolder().toPath().toAbsolutePath().normalize().resolve("out");
        CommandStatus main3 = TestUtils.main((Map<String, String>) of, "run", "-c", this.config.toString(), "-o", this.folder.newFolder().toString(), "--project", this.projectDir.toString(), "-p", "OUTFILE=" + resolve.toString(), "echo_secret");
        MatcherAssert.assertThat(main3.errUtf8(), Integer.valueOf(main3.code()), Matchers.is(0));
        MatcherAssert.assertThat(Files.readAllLines(resolve), Matchers.contains(new String[]{"value1"}));
        CommandStatus main4 = TestUtils.main((Map<String, String>) of, "secrets", "-c", this.config.toString(), "--local", "--set", "key1=123");
        MatcherAssert.assertThat(main4.errUtf8(), Integer.valueOf(main4.code()), Matchers.is(0));
        MatcherAssert.assertThat(main4.errUtf8(), Matchers.containsString("Secret 'key1' set"));
        Path resolve2 = this.folder.newFolder().toPath().toAbsolutePath().normalize().resolve("out");
        CommandStatus main5 = TestUtils.main((Map<String, String>) of, "run", "-c", this.config.toString(), "-o", this.folder.newFolder().toString(), "--project", this.projectDir.toString(), "-p", "OUTFILE=" + resolve2.toString(), "echo_secret");
        MatcherAssert.assertThat(main5.errUtf8(), Integer.valueOf(main5.code()), Matchers.is(0));
        MatcherAssert.assertThat(Files.readAllLines(resolve2), Matchers.contains(new String[]{"123"}));
        CommandStatus main6 = TestUtils.main((Map<String, String>) of, "secrets", "-c", this.config.toString(), "--local", "--delete", "key1");
        MatcherAssert.assertThat(main6.errUtf8(), Integer.valueOf(main6.code()), Matchers.is(0));
        MatcherAssert.assertThat(main6.errUtf8(), Matchers.containsString("Secret 'key1' deleted"));
        CommandStatus main7 = TestUtils.main((Map<String, String>) of, "secrets", "-c", this.config.toString(), "--local");
        MatcherAssert.assertThat(main7.errUtf8(), Integer.valueOf(main7.code()), Matchers.is(0));
        MatcherAssert.assertThat(main7.outUtf8(), Matchers.not(Matchers.containsString("key1")));
        MatcherAssert.assertThat(main7.outUtf8(), Matchers.containsString("key2"));
        MatcherAssert.assertThat(main7.outUtf8(), Matchers.not(Matchers.containsString("value1")));
        MatcherAssert.assertThat(main7.outUtf8(), Matchers.not(Matchers.containsString("value2")));
        MatcherAssert.assertThat(main7.outUtf8(), Matchers.not(Matchers.containsString("value3")));
        CommandStatus main8 = TestUtils.main((Map<String, String>) of, "run", "-c", this.config.toString(), "-o", this.folder.newFolder().toString(), "--project", this.projectDir.toString(), "-p", "OUTFILE=" + this.folder.newFolder().toPath().toAbsolutePath().normalize().resolve("out").toString(), "echo_secret");
        MatcherAssert.assertThat(main8.errUtf8(), Integer.valueOf(main8.code()), Matchers.not(Matchers.is(0)));
        MatcherAssert.assertThat(main8.errUtf8(), Matchers.containsString("Secret not found for key: 'key1'"));
    }

    @Test
    public void verifyInvalidSecretUseFails() throws Exception {
        startServer();
        TestUtils.copyResource("acceptance/secrets/invalid_secret_use.dig", this.projectDir);
        TestUtils.copyResource("acceptance/secrets/echo_secret_parameterized.dig", this.projectDir);
        TestUtils.pushProject(this.server.endpoint(), this.projectDir, "test");
        CommandStatus main = TestUtils.main("secrets", "-c", this.config.toString(), "-e", this.server.endpoint(), "--project", "test", "--set", "key1=value1", "key2=value2");
        MatcherAssert.assertThat(main.errUtf8(), Integer.valueOf(main.code()), Matchers.is(0));
        Id startWorkflow = TestUtils.startWorkflow(this.server.endpoint(), "test", "invalid_secret_use", ImmutableMap.of());
        TestUtils.expect(Duration.ofMinutes(5L), TestUtils.attemptFailure(this.server.endpoint(), startWorkflow));
        MatcherAssert.assertThat(TestUtils.getAttemptLogs(this.client, startWorkflow), Matchers.containsString("\"key1\" is not defined"));
    }

    @Test
    public void verifyAccessIsGrantedToUserSecretTemplateKeys() throws Exception {
        startServer();
        TestUtils.copyResource("acceptance/secrets/user_secret_template.dig", this.projectDir);
        TestUtils.pushProject(this.server.endpoint(), this.projectDir, "test");
        CommandStatus main = TestUtils.main("secrets", "-c", this.config.toString(), "-e", this.server.endpoint(), "--project", "test", "--set", "foo=foo_value", "nested.bar=bar_value");
        MatcherAssert.assertThat(main.errUtf8(), Integer.valueOf(main.code()), Matchers.is(0));
        Path resolve = this.folder.newFolder().toPath().toAbsolutePath().normalize().resolve("out");
        TestUtils.expect(Duration.ofMinutes(5L), TestUtils.attemptSuccess(this.server.endpoint(), TestUtils.startWorkflow(this.server.endpoint(), "test", "user_secret_template", ImmutableMap.of("OUTFILE", resolve.toString()))));
        MatcherAssert.assertThat(Files.readAllLines(resolve), Matchers.contains(new String[]{"foo=foo_value bar=bar_value"}));
    }
}
