package org.apache.pulsar.broker.admin;

import java.util.LinkedHashSet;
import java.util.UUID;
import org.apache.commons.lang3.reflect.FieldUtils;
import org.apache.pulsar.broker.authentication.AuthenticationDataSource;
import org.apache.pulsar.broker.authorization.AuthorizationService;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.client.impl.auth.AuthenticationToken;
import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.ClusterOperation;
import org.apache.pulsar.common.policies.data.ClusterPolicies;
import org.apache.pulsar.common.policies.data.FailureDomain;
import org.apache.pulsar.common.policies.data.NamespaceIsolationData;
import org.apache.pulsar.common.policies.data.PolicyName;
import org.apache.pulsar.common.policies.data.PolicyOperation;
import org.apache.pulsar.security.MockedPulsarStandalone;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

@Test(groups = {"broker-admin"})
/* loaded from: input_file:org/apache/pulsar/broker/admin/ClusterEndpointsAuthorizationTest.class */
public class ClusterEndpointsAuthorizationTest extends MockedPulsarStandalone {
    private AuthorizationService orignalAuthorizationService;
    private AuthorizationService spyAuthorizationService;
    private PulsarAdmin superUserAdmin;
    private PulsarAdmin nobodyAdmin;

    @BeforeClass(alwaysRun = true)
    public void setup() {
        configureTokenAuthentication();
        configureDefaultAuthorization();
        start();
        this.superUserAdmin = PulsarAdmin.builder().serviceHttpUrl(getPulsarService().getWebServiceAddress()).authentication(new AuthenticationToken(SUPER_USER_TOKEN)).build();
        this.nobodyAdmin = PulsarAdmin.builder().serviceHttpUrl(getPulsarService().getWebServiceAddress()).authentication(new AuthenticationToken(NOBODY_TOKEN)).build();
    }

    @BeforeMethod(alwaysRun = true)
    public void before() throws IllegalAccessException {
        this.orignalAuthorizationService = getPulsarService().getBrokerService().getAuthorizationService();
        this.spyAuthorizationService = (AuthorizationService) Mockito.spy(this.orignalAuthorizationService);
        FieldUtils.writeField(getPulsarService().getBrokerService(), "authorizationService", this.spyAuthorizationService, true);
    }

    @AfterMethod(alwaysRun = true)
    public void after() throws IllegalAccessException {
        if (this.orignalAuthorizationService != null) {
            FieldUtils.writeField(getPulsarService().getBrokerService(), "authorizationService", this.orignalAuthorizationService, true);
        }
    }

    @AfterClass(alwaysRun = true)
    public void cleanup() {
        if (this.superUserAdmin != null) {
            this.superUserAdmin.close();
            this.superUserAdmin = null;
        }
        this.spyAuthorizationService = null;
        this.orignalAuthorizationService = null;
        super.close();
    }

    @Test
    public void testGetCluster() throws PulsarAdminException {
        String clusterName = getPulsarService().getConfiguration().getClusterName();
        this.superUserAdmin.clusters().getCluster(clusterName);
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterOperationAsync((String) ArgumentMatchers.eq(clusterName), (ClusterOperation) ArgumentMatchers.eq(ClusterOperation.GET_CLUSTER), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().getCluster(clusterName);
        });
    }

    @Test
    public void testCreateCluster() throws PulsarAdminException {
        String uuid = UUID.randomUUID().toString();
        this.superUserAdmin.clusters().createCluster(uuid, ClusterData.builder().build());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterOperationAsync((String) ArgumentMatchers.eq(uuid), (ClusterOperation) ArgumentMatchers.eq(ClusterOperation.CREATE_CLUSTER), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().createCluster(uuid, ClusterData.builder().build());
        });
    }

    @Test
    public void testUpdateCluster() {
        String uuid = UUID.randomUUID().toString();
        try {
            this.superUserAdmin.clusters().updateCluster(uuid, ClusterData.builder().serviceUrl("aaa").build());
        } catch (Throwable th) {
        }
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterOperationAsync((String) ArgumentMatchers.eq(uuid), (ClusterOperation) ArgumentMatchers.eq(ClusterOperation.UPDATE_CLUSTER), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().updateCluster(uuid, ClusterData.builder().build());
        });
    }

    @Test
    public void testGetClusterMigration() {
        String uuid = UUID.randomUUID().toString();
        try {
            this.superUserAdmin.clusters().getClusterMigration(uuid);
        } catch (Throwable th) {
        }
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterPolicyOperationAsync((String) ArgumentMatchers.eq(uuid), (PolicyName) ArgumentMatchers.eq(PolicyName.CLUSTER_MIGRATION), (PolicyOperation) ArgumentMatchers.eq(PolicyOperation.READ), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().getClusterMigration(uuid);
        });
    }

    @Test
    public void testUpdateClusterMigration() throws PulsarAdminException {
        String uuid = UUID.randomUUID().toString();
        this.superUserAdmin.clusters().createCluster(uuid, ClusterData.builder().build());
        Mockito.clearInvocations(new AuthorizationService[]{this.spyAuthorizationService});
        this.superUserAdmin.clusters().updateClusterMigration(uuid, false, new ClusterPolicies.ClusterUrl());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterPolicyOperationAsync((String) ArgumentMatchers.eq(uuid), (PolicyName) ArgumentMatchers.eq(PolicyName.CLUSTER_MIGRATION), (PolicyOperation) ArgumentMatchers.eq(PolicyOperation.WRITE), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().updateClusterMigration(uuid, false, new ClusterPolicies.ClusterUrl());
        });
    }

    @Test
    public void testSetPeerClusterNames() throws PulsarAdminException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.add("a");
        String clusterName = getPulsarService().getConfiguration().getClusterName();
        try {
            this.superUserAdmin.clusters().updatePeerClusterNames(clusterName, linkedHashSet);
        } catch (Throwable th) {
        }
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterOperationAsync((String) ArgumentMatchers.eq(clusterName), (ClusterOperation) ArgumentMatchers.eq(ClusterOperation.UPDATE_PEER_CLUSTER), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().updatePeerClusterNames(clusterName, linkedHashSet);
        });
    }

    @Test
    public void testGetPeerCluster() throws PulsarAdminException {
        String clusterName = getPulsarService().getConfiguration().getClusterName();
        this.superUserAdmin.clusters().getPeerClusterNames(clusterName);
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterOperationAsync((String) ArgumentMatchers.eq(clusterName), (ClusterOperation) ArgumentMatchers.eq(ClusterOperation.GET_PEER_CLUSTER), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().getPeerClusterNames(clusterName);
        });
    }

    @Test
    public void testDeleteCluster() throws PulsarAdminException {
        String uuid = UUID.randomUUID().toString();
        this.superUserAdmin.clusters().createCluster(uuid, ClusterData.builder().build());
        Mockito.clearInvocations(new AuthorizationService[]{this.spyAuthorizationService});
        this.superUserAdmin.clusters().deleteCluster(uuid);
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterOperationAsync((String) ArgumentMatchers.eq(uuid), (ClusterOperation) ArgumentMatchers.eq(ClusterOperation.DELETE_CLUSTER), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().deleteCluster(uuid);
        });
    }

    @Test
    public void testGetNamespaceIsolationPolicies() throws PulsarAdminException {
        String clusterName = getPulsarService().getConfiguration().getClusterName();
        this.superUserAdmin.clusters().getNamespaceIsolationPolicies(clusterName);
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterPolicyOperationAsync((String) ArgumentMatchers.eq(clusterName), (PolicyName) ArgumentMatchers.eq(PolicyName.NAMESPACE_ISOLATION), (PolicyOperation) ArgumentMatchers.eq(PolicyOperation.READ), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().getNamespaceIsolationPolicies(clusterName);
        });
    }

    @Test
    public void testGetNamespaceIsolationPolicy() throws PulsarAdminException {
        String clusterName = getPulsarService().getConfiguration().getClusterName();
        this.superUserAdmin.clusters().getNamespaceIsolationPolicy(clusterName, "");
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterPolicyOperationAsync((String) ArgumentMatchers.eq(clusterName), (PolicyName) ArgumentMatchers.eq(PolicyName.NAMESPACE_ISOLATION), (PolicyOperation) ArgumentMatchers.eq(PolicyOperation.READ), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().getNamespaceIsolationPolicy(clusterName, "");
        });
    }

    @Test
    public void testGetBrokersWithNamespaceIsolationPolicy() throws PulsarAdminException {
        String clusterName = getPulsarService().getConfiguration().getClusterName();
        this.superUserAdmin.clusters().getBrokersWithNamespaceIsolationPolicy(clusterName);
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterPolicyOperationAsync((String) ArgumentMatchers.eq(clusterName), (PolicyName) ArgumentMatchers.eq(PolicyName.NAMESPACE_ISOLATION), (PolicyOperation) ArgumentMatchers.eq(PolicyOperation.READ), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().getBrokersWithNamespaceIsolationPolicy(clusterName);
        });
    }

    @Test
    public void testGetBrokerWithNamespaceIsolationPolicy() throws PulsarAdminException {
        String clusterName = getPulsarService().getConfiguration().getClusterName();
        this.superUserAdmin.clusters().getBrokerWithNamespaceIsolationPolicy(clusterName, getPulsarService().getBrokerId());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterPolicyOperationAsync((String) ArgumentMatchers.eq(clusterName), (PolicyName) ArgumentMatchers.eq(PolicyName.NAMESPACE_ISOLATION), (PolicyOperation) ArgumentMatchers.eq(PolicyOperation.READ), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().getBrokerWithNamespaceIsolationPolicy(clusterName, "");
        });
    }

    @Test
    public void testSetNamespaceIsolationPolicy() {
        String clusterName = getPulsarService().getConfiguration().getClusterName();
        try {
            this.superUserAdmin.clusters().updateNamespaceIsolationPolicy(clusterName, "test", NamespaceIsolationData.builder().build());
        } catch (Throwable th) {
        }
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterPolicyOperationAsync((String) ArgumentMatchers.eq(clusterName), (PolicyName) ArgumentMatchers.eq(PolicyName.NAMESPACE_ISOLATION), (PolicyOperation) ArgumentMatchers.eq(PolicyOperation.WRITE), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().updateNamespaceIsolationPolicy(clusterName, "test", NamespaceIsolationData.builder().build());
        });
    }

    @Test
    public void testDeleteNamespaceIsolationPolicy() throws PulsarAdminException {
        String clusterName = getPulsarService().getConfiguration().getClusterName();
        this.superUserAdmin.clusters().deleteNamespaceIsolationPolicy(clusterName, "test");
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterPolicyOperationAsync((String) ArgumentMatchers.eq(clusterName), (PolicyName) ArgumentMatchers.eq(PolicyName.NAMESPACE_ISOLATION), (PolicyOperation) ArgumentMatchers.eq(PolicyOperation.WRITE), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().deleteNamespaceIsolationPolicy(clusterName, "test");
        });
    }

    @Test
    public void testSetFailureDomain() throws PulsarAdminException {
        String clusterName = getPulsarService().getConfiguration().getClusterName();
        this.superUserAdmin.clusters().updateFailureDomain(clusterName, "test", FailureDomain.builder().build());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterOperationAsync((String) ArgumentMatchers.eq(clusterName), (ClusterOperation) ArgumentMatchers.eq(ClusterOperation.UPDATE_FAILURE_DOMAIN), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().updateFailureDomain(clusterName, "test", FailureDomain.builder().build());
        });
    }

    @Test
    public void testGetFailureDomains() throws PulsarAdminException {
        String clusterName = getPulsarService().getConfiguration().getClusterName();
        this.superUserAdmin.clusters().getFailureDomains(clusterName);
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterOperationAsync((String) ArgumentMatchers.eq(clusterName), (ClusterOperation) ArgumentMatchers.eq(ClusterOperation.GET_FAILURE_DOMAIN), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().getFailureDomains(clusterName);
        });
    }

    @Test
    public void testGetDomain() throws PulsarAdminException {
        String clusterName = getPulsarService().getConfiguration().getClusterName();
        try {
            this.superUserAdmin.clusters().getFailureDomain(clusterName, "test");
        } catch (Throwable th) {
        }
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterOperationAsync((String) ArgumentMatchers.eq(clusterName), (ClusterOperation) ArgumentMatchers.eq(ClusterOperation.GET_FAILURE_DOMAIN), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().getFailureDomain(clusterName, "test");
        });
    }

    @Test
    public void testDeleteFailureDomain() throws PulsarAdminException {
        String clusterName = getPulsarService().getConfiguration().getClusterName();
        try {
            this.superUserAdmin.clusters().deleteFailureDomain(clusterName, "test");
        } catch (Throwable th) {
        }
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).allowClusterOperationAsync((String) ArgumentMatchers.eq(clusterName), (ClusterOperation) ArgumentMatchers.eq(ClusterOperation.DELETE_FAILURE_DOMAIN), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        ((AuthorizationService) Mockito.verify(this.spyAuthorizationService)).isSuperUser((String) ArgumentMatchers.any(), (AuthenticationDataSource) ArgumentMatchers.any());
        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class, () -> {
            this.nobodyAdmin.clusters().deleteFailureDomain(clusterName, "test");
        });
    }
}
