package org.openmetadata.service.resources.policies;

import com.google.common.collect.Lists;
import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.UUID;
import javax.ws.rs.core.Response;
import org.apache.http.client.HttpResponseException;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInfo;
import org.openmetadata.common.utils.CommonUtil;
import org.openmetadata.schema.CreateEntity;
import org.openmetadata.schema.api.policies.CreatePolicy;
import org.openmetadata.schema.api.teams.CreateTeam;
import org.openmetadata.schema.entity.data.Table;
import org.openmetadata.schema.entity.policies.Policy;
import org.openmetadata.schema.entity.policies.accessControl.Rule;
import org.openmetadata.schema.entity.teams.Role;
import org.openmetadata.schema.entity.teams.Team;
import org.openmetadata.schema.entity.teams.User;
import org.openmetadata.schema.type.ChangeDescription;
import org.openmetadata.schema.type.EntityReference;
import org.openmetadata.schema.type.MetadataOperation;
import org.openmetadata.schema.type.ResourceDescriptor;
import org.openmetadata.schema.type.TagLabel;
import org.openmetadata.service.Entity;
import org.openmetadata.service.FunctionList;
import org.openmetadata.service.exception.CatalogExceptionMessage;
import org.openmetadata.service.resources.CollectionRegistry;
import org.openmetadata.service.resources.EntityResourceTest;
import org.openmetadata.service.resources.databases.TableResourceTest;
import org.openmetadata.service.resources.policies.PolicyResource;
import org.openmetadata.service.resources.teams.RoleResourceTest;
import org.openmetadata.service.resources.teams.TeamResourceTest;
import org.openmetadata.service.resources.teams.UserResourceTest;
import org.openmetadata.service.security.SecurityUtil;
import org.openmetadata.service.security.policyevaluator.RuleEvaluator;
import org.openmetadata.service.util.EntityUtil;
import org.openmetadata.service.util.JsonUtils;
import org.openmetadata.service.util.TestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openmetadata/service/resources/policies/PolicyResourceTest.class */
public class PolicyResourceTest extends EntityResourceTest<Policy, CreatePolicy> {
    private static final Logger LOG = LoggerFactory.getLogger(PolicyResourceTest.class);
    public static final TableResourceTest TABLE_TEST = new TableResourceTest();
    public static final TeamResourceTest TEAM_TEST = new TeamResourceTest();

    public PolicyResourceTest() {
        super("policy", Policy.class, PolicyResource.PolicyList.class, "policies", "owners,location,teams,roles", "OrganizationPolicy");
    }

    public void setupPolicies() throws IOException {
        CREATE_ACCESS_PERMISSION_POLICY = createEntity(createAccessControlPolicyWithCreateRule(), TestUtils.ADMIN_AUTH_HEADERS);
        POLICY1 = createEntity(mo39createRequest("policy1").withOwners((List) null), TestUtils.ADMIN_AUTH_HEADERS);
        POLICY2 = createEntity(mo39createRequest("policy2").withOwners((List) null), TestUtils.ADMIN_AUTH_HEADERS);
        TEAM_ONLY_POLICY = getEntityByName("TeamOnlyPolicy", "", TestUtils.ADMIN_AUTH_HEADERS);
        TEAM_ONLY_POLICY_RULES = TEAM_ONLY_POLICY.getRules();
    }

    @Override // org.openmetadata.service.resources.EntityResourceTest
    /* renamed from: createRequest, reason: avoid collision after fix types in other method and merged with bridge method [inline-methods] */
    public CreatePolicy mo39createRequest(String str) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(accessControlRule("rule1", List.of("All"), List.of(MetadataOperation.EDIT_DESCRIPTION), Rule.Effect.ALLOW));
        return createAccessControlPolicyWithRules(str, arrayList);
    }

    /* renamed from: validateCreatedEntity, reason: avoid collision after fix types in other method */
    public void validateCreatedEntity2(Policy policy, CreatePolicy createPolicy, Map<String, String> map) {
        if (createPolicy.getLocation() != null) {
            Assertions.assertEquals(createPolicy.getLocation(), policy.getLocation().getId());
        }
        if (createPolicy.getRules().size() > 1) {
            createPolicy.getRules().sort(Comparator.comparing((v0) -> {
                return v0.getName();
            }));
        }
        policy.getRules().sort(Comparator.comparing((v0) -> {
            return v0.getName();
        }));
        Assertions.assertEquals(createPolicy.getRules(), policy.getRules());
    }

    /* renamed from: compareEntities, reason: avoid collision after fix types in other method */
    public void compareEntities2(Policy policy, Policy policy2, Map<String, String> map) {
    }

    @Override // org.openmetadata.service.resources.EntityResourceTest
    public void assertFieldChange(String str, Object obj, Object obj2) {
        if (obj == obj2) {
            return;
        }
        if (str.equals("policyUrl")) {
            Assertions.assertEquals((URI) obj, URI.create((String) obj2));
            return;
        }
        if (str.equals("location")) {
            assertEntityReferenceFieldChange(obj, obj2);
            return;
        }
        if (str.equals("rules")) {
            Assertions.assertEquals((List) obj, JsonUtils.readObjects(obj2.toString(), Rule.class));
            return;
        }
        if (str.startsWith("rules") && str.endsWith("effect")) {
            Assertions.assertEquals((Rule.Effect) obj, Rule.Effect.fromValue(obj2.toString()));
        } else if (str.startsWith("rules") && str.endsWith("operations")) {
            Assertions.assertEquals(obj.toString(), obj2.toString());
        } else {
            assertCommonFieldChange(str, obj, obj2);
        }
    }

    @Test
    void post_validPolicies_as_admin_200_OK(TestInfo testInfo) throws IOException {
        CreatePolicy createRequest = createRequest(testInfo);
        createAndCheckEntity(createRequest, TestUtils.ADMIN_AUTH_HEADERS);
        createRequest.withName(getEntityName(testInfo, 1)).withDescription("description");
        createAndCheckEntity(createRequest, TestUtils.ADMIN_AUTH_HEADERS);
    }

    @Test
    void post_AccessControlPolicyWithValidRules_200_ok(TestInfo testInfo) throws IOException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(accessControlRule(List.of("All"), List.of(MetadataOperation.EDIT_DESCRIPTION), Rule.Effect.ALLOW));
        arrayList.add(accessControlRule(List.of("All"), List.of(MetadataOperation.EDIT_TAGS), Rule.Effect.DENY));
        createAndCheckEntity(createAccessControlPolicyWithRules(getEntityName(testInfo), arrayList), TestUtils.ADMIN_AUTH_HEADERS);
    }

    @Test
    void post_AccessControlPolicyWithInvalidRules_400_error(TestInfo testInfo) {
        String entityName = getEntityName(testInfo);
        ArrayList arrayList = new ArrayList();
        arrayList.add(accessControlRule(List.of("All"), null, Rule.Effect.ALLOW));
        CreatePolicy createAccessControlPolicyWithRules = createAccessControlPolicyWithRules(entityName, arrayList);
        TestUtils.assertResponse(() -> {
            createEntity(createAccessControlPolicyWithRules, TestUtils.ADMIN_AUTH_HEADERS);
        }, Response.Status.BAD_REQUEST, "[operations must not be null]");
        String entityName2 = getEntityName(testInfo, 1);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(accessControlRule(null, List.of(MetadataOperation.DELETE), Rule.Effect.ALLOW));
        CreatePolicy createAccessControlPolicyWithRules2 = createAccessControlPolicyWithRules(entityName2, arrayList2);
        TestUtils.assertResponse(() -> {
            createEntity(createAccessControlPolicyWithRules2, TestUtils.ADMIN_AUTH_HEADERS);
        }, Response.Status.BAD_REQUEST, "[resources must not be null]");
    }

    @Test
    void post_testResourceAndOperationsFiltering(TestInfo testInfo) throws HttpResponseException {
        String entityName = getEntityName(testInfo);
        ArrayList arrayList = new ArrayList();
        arrayList.add(accessControlRule(CommonUtil.listOf(new String[]{"All", "table", "tag"}), CommonUtil.listOf(new MetadataOperation[]{MetadataOperation.VIEW_ALL, MetadataOperation.VIEW_BASIC, MetadataOperation.VIEW_QUERIES, MetadataOperation.EDIT_ALL, MetadataOperation.EDIT_TESTS, MetadataOperation.EDIT_TAGS}), Rule.Effect.ALLOW));
        Policy createEntity = createEntity(createAccessControlPolicyWithRules(entityName, arrayList), TestUtils.ADMIN_AUTH_HEADERS);
        Assertions.assertEquals(CommonUtil.listOf(new String[]{"All"}), ((Rule) createEntity.getRules().get(0)).getResources());
        Assertions.assertEquals(CommonUtil.listOf(new MetadataOperation[]{MetadataOperation.EDIT_ALL, MetadataOperation.VIEW_ALL}), ((Rule) createEntity.getRules().get(0)).getOperations());
    }

    @Test
    void test_policiesWithInvalidConditions(TestInfo testInfo) throws HttpResponseException {
        String entityName = getEntityName(testInfo);
        Iterator it = List.of("isOwner()", "!isOwner()", "noOwner()", "isOwner() || noOwner()").iterator();
        while (it.hasNext()) {
            validateCondition((String) it.next());
        }
        failsToParse(entityName, "!matchAnyTag('tag1'");
        failsToParse(entityName, "!matchAnyTag'tag1')");
        failsToParse(entityName, "!isOwner('unexpectedParam)");
        failsToParse(entityName, "!isOwner(unexpectedParam')");
        failsToParse(entityName, "!isOwner() ||");
        failsToParse(entityName, "|| isOwner()");
        failsToParse(entityName, "!");
        failsToEvaluate(entityName, "!isOwner('unexpectedParam')");
        failsToEvaluate(entityName, "invalidFunction()");
        failsToEvaluate(entityName, "isOwner() || invalidFunction()");
        failsToEvaluate(entityName, "a");
        failsToEvaluate(entityName, "abc");
        validateCondition(entityName, "matchAllTags('invalidTag')", CatalogExceptionMessage.failedToEvaluate(CatalogExceptionMessage.entityNotFound("tag", "invalidTag")));
        validateCondition(entityName, "matchAnyTag('invalidTag')", CatalogExceptionMessage.failedToEvaluate(CatalogExceptionMessage.entityNotFound("tag", "invalidTag")));
        validateCondition(entityName, "inAnyTeam('invalidTeam')", CatalogExceptionMessage.failedToEvaluate(CatalogExceptionMessage.entityNotFound("team", "invalidTeam")));
        validateCondition(entityName, "hasAnyRole('invalidRole')", CatalogExceptionMessage.failedToEvaluate(CatalogExceptionMessage.entityNotFound("role", "invalidRole")));
    }

    @Test
    void delete_Disallowed() {
        ArrayList<EntityReference> arrayList = new ArrayList(DATA_CONSUMER_ROLE.getPolicies());
        arrayList.addAll(DATA_STEWARD_ROLE.getPolicies());
        arrayList.add(TEAM_ONLY_POLICY.getEntityReference());
        for (EntityReference entityReference : arrayList) {
            TestUtils.assertResponse(() -> {
                deleteEntity(entityReference.getId(), TestUtils.ADMIN_AUTH_HEADERS);
            }, Response.Status.BAD_REQUEST, CatalogExceptionMessage.systemEntityDeleteNotAllowed(entityReference.getName(), "policy"));
        }
    }

    private void failsToParse(String str, String str2) {
        validateCondition(str, str2, "Failed to parse");
    }

    private void failsToEvaluate(String str, String str2) {
        validateCondition(str, str2, "Failed to evaluate");
    }

    private void validateCondition(String str, String str2, String str3) {
        CreatePolicy createAccessControlPolicyWithRules = createAccessControlPolicyWithRules(str, List.of(accessControlRule(List.of("All"), List.of(MetadataOperation.ALL), Rule.Effect.ALLOW).withCondition(str2)));
        TestUtils.assertResponseContains(() -> {
            createEntity(createAccessControlPolicyWithRules, TestUtils.ADMIN_AUTH_HEADERS);
        }, Response.Status.BAD_REQUEST, str3);
        TestUtils.assertResponseContains(() -> {
            validateCondition(str2);
        }, Response.Status.BAD_REQUEST, str3);
    }

    @Test
    void patch_PolicyRules(TestInfo testInfo) throws IOException {
        Rule accessControlRule = accessControlRule("rule1", List.of("All"), List.of(MetadataOperation.VIEW_ALL), Rule.Effect.ALLOW);
        Policy createAndCheckEntity = createAndCheckEntity(createRequest(testInfo).withRules(List.of(accessControlRule)), TestUtils.ADMIN_AUTH_HEADERS);
        String pojoToJson = JsonUtils.pojoToJson(createAndCheckEntity);
        ChangeDescription changeDescription = getChangeDescription(createAndCheckEntity, TestUtils.UpdateType.MINOR_UPDATE);
        accessControlRule.withDescription("description").withEffect(Rule.Effect.DENY).withResources(List.of("table")).withOperations(List.of(MetadataOperation.EDIT_ALL)).withCondition("isOwner()");
        EntityUtil.fieldAdded(changeDescription, EntityUtil.getRuleField(accessControlRule, "description"), "description");
        EntityUtil.fieldUpdated(changeDescription, EntityUtil.getRuleField(accessControlRule, "effect"), Rule.Effect.ALLOW, Rule.Effect.DENY);
        EntityUtil.fieldUpdated(changeDescription, EntityUtil.getRuleField(accessControlRule, "resources"), List.of("All"), List.of("table"));
        EntityUtil.fieldUpdated(changeDescription, EntityUtil.getRuleField(accessControlRule, "operations"), List.of(MetadataOperation.VIEW_ALL), List.of(MetadataOperation.EDIT_ALL));
        EntityUtil.fieldAdded(changeDescription, EntityUtil.getRuleField(accessControlRule, "condition"), "isOwner()");
        createAndCheckEntity.setRules(List.of(accessControlRule));
        Policy patchEntityAndCheck = patchEntityAndCheck(createAndCheckEntity, pojoToJson, TestUtils.ADMIN_AUTH_HEADERS, TestUtils.UpdateType.MINOR_UPDATE, changeDescription);
        String pojoToJson2 = JsonUtils.pojoToJson(patchEntityAndCheck);
        ChangeDescription changeDescription2 = getChangeDescription(patchEntityAndCheck, TestUtils.UpdateType.CHANGE_CONSOLIDATED);
        accessControlRule.withDescription("newDescription").withCondition("noOwner()");
        EntityUtil.fieldAdded(changeDescription2, EntityUtil.getRuleField(accessControlRule, "description"), "newDescription");
        EntityUtil.fieldUpdated(changeDescription2, EntityUtil.getRuleField(accessControlRule, "effect"), Rule.Effect.ALLOW, Rule.Effect.DENY);
        EntityUtil.fieldUpdated(changeDescription2, EntityUtil.getRuleField(accessControlRule, "resources"), List.of("All"), List.of("table"));
        EntityUtil.fieldUpdated(changeDescription2, EntityUtil.getRuleField(accessControlRule, "operations"), List.of(MetadataOperation.VIEW_ALL), List.of(MetadataOperation.EDIT_ALL));
        EntityUtil.fieldAdded(changeDescription2, EntityUtil.getRuleField(accessControlRule, "condition"), "noOwner()");
        patchEntityAndCheck.setRules(List.of(accessControlRule));
        Policy patchEntityAndCheck2 = patchEntityAndCheck(patchEntityAndCheck, pojoToJson2, TestUtils.ADMIN_AUTH_HEADERS, TestUtils.UpdateType.CHANGE_CONSOLIDATED, changeDescription2);
        String pojoToJson3 = JsonUtils.pojoToJson(patchEntityAndCheck2);
        Rule accessControlRule2 = accessControlRule("newRule", List.of("All"), List.of(MetadataOperation.EDIT_DESCRIPTION), Rule.Effect.ALLOW);
        patchEntityAndCheck2.getRules().add(accessControlRule2);
        ChangeDescription changeDescription3 = getChangeDescription(patchEntityAndCheck2, TestUtils.UpdateType.CHANGE_CONSOLIDATED);
        EntityUtil.fieldAdded(changeDescription3, EntityUtil.getRuleField(accessControlRule, "description"), "newDescription");
        EntityUtil.fieldUpdated(changeDescription3, EntityUtil.getRuleField(accessControlRule, "effect"), Rule.Effect.ALLOW, Rule.Effect.DENY);
        EntityUtil.fieldUpdated(changeDescription3, EntityUtil.getRuleField(accessControlRule, "resources"), List.of("All"), List.of("table"));
        EntityUtil.fieldUpdated(changeDescription3, EntityUtil.getRuleField(accessControlRule, "operations"), List.of(MetadataOperation.VIEW_ALL), List.of(MetadataOperation.EDIT_ALL));
        EntityUtil.fieldAdded(changeDescription3, EntityUtil.getRuleField(accessControlRule, "condition"), "noOwner()");
        EntityUtil.fieldAdded(changeDescription3, "rules", List.of(accessControlRule2));
        Policy patchEntityAndCheck3 = patchEntityAndCheck(patchEntityAndCheck2, pojoToJson3, TestUtils.ADMIN_AUTH_HEADERS, TestUtils.UpdateType.CHANGE_CONSOLIDATED, changeDescription3);
        String pojoToJson4 = JsonUtils.pojoToJson(patchEntityAndCheck3);
        patchEntityAndCheck3.setRules(List.of(accessControlRule2));
        ChangeDescription changeDescription4 = getChangeDescription(patchEntityAndCheck3, TestUtils.UpdateType.CHANGE_CONSOLIDATED);
        Rule accessControlRule3 = accessControlRule("rule1", List.of("All"), List.of(MetadataOperation.VIEW_ALL), Rule.Effect.ALLOW);
        EntityUtil.fieldAdded(changeDescription4, "rules", List.of(accessControlRule2));
        EntityUtil.fieldDeleted(changeDescription4, "rules", List.of(accessControlRule3));
        patchEntityAndCheck(patchEntityAndCheck3, pojoToJson4, TestUtils.ADMIN_AUTH_HEADERS, TestUtils.UpdateType.CHANGE_CONSOLIDATED, changeDescription4);
    }

    @Test
    void get_policyResources() throws HttpResponseException {
        PolicyResource.ResourceDescriptorList policyResources = getPolicyResources(TestUtils.ADMIN_AUTH_HEADERS);
        Assertions.assertNotNull(policyResources.getData());
        for (String str : Entity.getEntityList()) {
            Assertions.assertNotNull((ResourceDescriptor) policyResources.getData().stream().filter(resourceDescriptor -> {
                return resourceDescriptor.getName().equals(str);
            }).findFirst().orElse(null), String.format("Resource descriptor not found for entity %s", str));
        }
    }

    @Test
    void get_policyTeamsAndRoles(TestInfo testInfo) throws IOException {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < 3; i++) {
            arrayList.add(createEntity(createRequest(testInfo, i), TestUtils.ADMIN_AUTH_HEADERS));
        }
        ArrayList arrayList2 = new ArrayList();
        for (int i2 = 0; i2 < 3; i2++) {
            arrayList2.add(TEAM_TEST.createEntity(TEAM_TEST.createRequest(testInfo, i2).withPolicies(List.of(((Policy) arrayList.get(i2)).getId())), TestUtils.ADMIN_AUTH_HEADERS));
        }
        RoleResourceTest roleResourceTest = new RoleResourceTest();
        Role createEntity = roleResourceTest.createEntity(roleResourceTest.createRequest(testInfo).withPolicies(EntityUtil.toFQNs(arrayList)), TestUtils.ADMIN_AUTH_HEADERS);
        for (int i3 = 0; i3 < 3; i3++) {
            Policy entity = getEntity(((Policy) arrayList.get(i3)).getId(), "teams,roles", TestUtils.ADMIN_AUTH_HEADERS);
            assertReference(((Team) arrayList2.get(i3)).getEntityReference(), (EntityReference) entity.getTeams().get(0));
            assertReference(createEntity.getEntityReference(), (EntityReference) entity.getRoles().get(0));
        }
    }

    @Test
    void patch_usingFqn_PolicyRules(TestInfo testInfo) throws IOException {
        Rule accessControlRule = accessControlRule("rule1", List.of("All"), List.of(MetadataOperation.VIEW_ALL), Rule.Effect.ALLOW);
        Policy createAndCheckEntity = createAndCheckEntity(createRequest(testInfo).withRules(List.of(accessControlRule)), TestUtils.ADMIN_AUTH_HEADERS);
        String pojoToJson = JsonUtils.pojoToJson(createAndCheckEntity);
        ChangeDescription changeDescription = getChangeDescription(createAndCheckEntity, TestUtils.UpdateType.MINOR_UPDATE);
        accessControlRule.withDescription("description").withEffect(Rule.Effect.DENY).withResources(List.of("table")).withOperations(List.of(MetadataOperation.EDIT_ALL)).withCondition("isOwner()");
        EntityUtil.fieldAdded(changeDescription, EntityUtil.getRuleField(accessControlRule, "description"), "description");
        EntityUtil.fieldUpdated(changeDescription, EntityUtil.getRuleField(accessControlRule, "effect"), Rule.Effect.ALLOW, Rule.Effect.DENY);
        EntityUtil.fieldUpdated(changeDescription, EntityUtil.getRuleField(accessControlRule, "resources"), List.of("All"), List.of("table"));
        EntityUtil.fieldUpdated(changeDescription, EntityUtil.getRuleField(accessControlRule, "operations"), List.of(MetadataOperation.VIEW_ALL), List.of(MetadataOperation.EDIT_ALL));
        EntityUtil.fieldAdded(changeDescription, EntityUtil.getRuleField(accessControlRule, "condition"), "isOwner()");
        createAndCheckEntity.setRules(List.of(accessControlRule));
        Policy patchEntityUsingFqnAndCheck = patchEntityUsingFqnAndCheck(createAndCheckEntity, pojoToJson, TestUtils.ADMIN_AUTH_HEADERS, TestUtils.UpdateType.MINOR_UPDATE, changeDescription);
        String pojoToJson2 = JsonUtils.pojoToJson(patchEntityUsingFqnAndCheck);
        ChangeDescription changeDescription2 = getChangeDescription(patchEntityUsingFqnAndCheck, TestUtils.UpdateType.CHANGE_CONSOLIDATED);
        accessControlRule.withDescription("newDescription").withCondition("noOwner()");
        EntityUtil.fieldAdded(changeDescription2, EntityUtil.getRuleField(accessControlRule, "description"), "newDescription");
        EntityUtil.fieldUpdated(changeDescription2, EntityUtil.getRuleField(accessControlRule, "effect"), Rule.Effect.ALLOW, Rule.Effect.DENY);
        EntityUtil.fieldUpdated(changeDescription2, EntityUtil.getRuleField(accessControlRule, "resources"), List.of("All"), List.of("table"));
        EntityUtil.fieldUpdated(changeDescription2, EntityUtil.getRuleField(accessControlRule, "operations"), List.of(MetadataOperation.VIEW_ALL), List.of(MetadataOperation.EDIT_ALL));
        EntityUtil.fieldAdded(changeDescription2, EntityUtil.getRuleField(accessControlRule, "condition"), "noOwner()");
        patchEntityUsingFqnAndCheck.setRules(List.of(accessControlRule));
        Policy patchEntityUsingFqnAndCheck2 = patchEntityUsingFqnAndCheck(patchEntityUsingFqnAndCheck, pojoToJson2, TestUtils.ADMIN_AUTH_HEADERS, TestUtils.UpdateType.CHANGE_CONSOLIDATED, changeDescription2);
        String pojoToJson3 = JsonUtils.pojoToJson(patchEntityUsingFqnAndCheck2);
        Rule accessControlRule2 = accessControlRule("newRule", List.of("All"), List.of(MetadataOperation.EDIT_DESCRIPTION), Rule.Effect.ALLOW);
        patchEntityUsingFqnAndCheck2.getRules().add(accessControlRule2);
        ChangeDescription changeDescription3 = getChangeDescription(patchEntityUsingFqnAndCheck2, TestUtils.UpdateType.CHANGE_CONSOLIDATED);
        EntityUtil.fieldAdded(changeDescription3, EntityUtil.getRuleField(accessControlRule, "description"), "newDescription");
        EntityUtil.fieldUpdated(changeDescription3, EntityUtil.getRuleField(accessControlRule, "effect"), Rule.Effect.ALLOW, Rule.Effect.DENY);
        EntityUtil.fieldUpdated(changeDescription3, EntityUtil.getRuleField(accessControlRule, "resources"), List.of("All"), List.of("table"));
        EntityUtil.fieldUpdated(changeDescription3, EntityUtil.getRuleField(accessControlRule, "operations"), List.of(MetadataOperation.VIEW_ALL), List.of(MetadataOperation.EDIT_ALL));
        EntityUtil.fieldAdded(changeDescription3, EntityUtil.getRuleField(accessControlRule, "condition"), "noOwner()");
        EntityUtil.fieldAdded(changeDescription3, "rules", List.of(accessControlRule2));
        Policy patchEntityUsingFqnAndCheck3 = patchEntityUsingFqnAndCheck(patchEntityUsingFqnAndCheck2, pojoToJson3, TestUtils.ADMIN_AUTH_HEADERS, TestUtils.UpdateType.CHANGE_CONSOLIDATED, changeDescription3);
        String pojoToJson4 = JsonUtils.pojoToJson(patchEntityUsingFqnAndCheck3);
        patchEntityUsingFqnAndCheck3.setRules(List.of(accessControlRule2));
        ChangeDescription changeDescription4 = getChangeDescription(patchEntityUsingFqnAndCheck3, TestUtils.UpdateType.CHANGE_CONSOLIDATED);
        Rule accessControlRule3 = accessControlRule("rule1", List.of("All"), List.of(MetadataOperation.VIEW_ALL), Rule.Effect.ALLOW);
        EntityUtil.fieldAdded(changeDescription4, "rules", List.of(accessControlRule2));
        EntityUtil.fieldDeleted(changeDescription4, "rules", List.of(accessControlRule3));
        patchEntityUsingFqnAndCheck(patchEntityUsingFqnAndCheck3, pojoToJson4, TestUtils.ADMIN_AUTH_HEADERS, TestUtils.UpdateType.CHANGE_CONSOLIDATED, changeDescription4);
    }

    @Test
    void get_policyFunctions() throws HttpResponseException {
        Assertions.assertEquals(CollectionRegistry.getInstance().getFunctions(RuleEvaluator.class), getPolicyFunctions(TestUtils.ADMIN_AUTH_HEADERS).getData());
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Test
    void test_roles_policies_scenarios() throws HttpResponseException {
        Team createEntity = TEAM_TEST.createEntity(TEAM_TEST.mo39createRequest("rolesPoliciesTeam1").withTeamType(CreateTeam.TeamType.DEPARTMENT), TestUtils.ADMIN_AUTH_HEADERS);
        Team createEntity2 = TEAM_TEST.createEntity(TEAM_TEST.mo39createRequest("rolesPoliciesTeam2").withTeamType(CreateTeam.TeamType.DEPARTMENT).withDefaultRoles(CommonUtil.listOf(new UUID[]{DATA_STEWARD_ROLE.getId()})), TestUtils.ADMIN_AUTH_HEADERS);
        Team createEntity3 = TEAM_TEST.createEntity(TEAM_TEST.mo39createRequest("rolesPoliciesTeam11").withParents(CommonUtil.listOf(new UUID[]{createEntity.getId()})), TestUtils.ADMIN_AUTH_HEADERS);
        Team createEntity4 = TEAM_TEST.createEntity(TEAM_TEST.mo39createRequest("rolesPoliciesTeam12").withParents(CommonUtil.listOf(new UUID[]{createEntity.getId()})), TestUtils.ADMIN_AUTH_HEADERS);
        Team createEntity5 = TEAM_TEST.createEntity(TEAM_TEST.mo39createRequest("rolesPoliciesTeam21").withParents(CommonUtil.listOf(new UUID[]{createEntity2.getId()})), TestUtils.ADMIN_AUTH_HEADERS);
        Team createEntity6 = TEAM_TEST.createEntity(TEAM_TEST.mo39createRequest("rolesPoliciesTeam22").withParents(CommonUtil.listOf(new UUID[]{createEntity2.getId()})), TestUtils.ADMIN_AUTH_HEADERS);
        UserResourceTest userResourceTest = new UserResourceTest();
        User createEntity7 = userResourceTest.createEntity(userResourceTest.mo39createRequest("rolesAndPoliciesUser1").withTeams(CommonUtil.listOf(new UUID[]{createEntity.getId()})), TestUtils.ADMIN_AUTH_HEADERS);
        User createEntity8 = userResourceTest.createEntity(userResourceTest.mo39createRequest("rolesAndPoliciesUser2").withTeams(CommonUtil.listOf(new UUID[]{createEntity2.getId()})), TestUtils.ADMIN_AUTH_HEADERS);
        User createEntity9 = userResourceTest.createEntity(userResourceTest.mo39createRequest("rolesAndPoliciesUser11").withTeams(CommonUtil.listOf(new UUID[]{createEntity3.getId()})), TestUtils.ADMIN_AUTH_HEADERS);
        User createEntity10 = userResourceTest.createEntity(userResourceTest.mo39createRequest("rolesAndPoliciesUser12").withTeams(CommonUtil.listOf(new UUID[]{createEntity4.getId()})), TestUtils.ADMIN_AUTH_HEADERS);
        User createEntity11 = userResourceTest.createEntity(userResourceTest.mo39createRequest("rolesAndPoliciesUser21").withTeams(CommonUtil.listOf(new UUID[]{createEntity5.getId()})), TestUtils.ADMIN_AUTH_HEADERS);
        User createEntity12 = userResourceTest.createEntity(userResourceTest.mo39createRequest("rolesAndPoliciesUser22").withTeams(CommonUtil.listOf(new UUID[]{createEntity6.getId()})), TestUtils.ADMIN_AUTH_HEADERS);
        Table createEntity13 = TABLE_TEST.createEntity(TABLE_TEST.mo39createRequest("rolesAndPoliciesTable11").withOwners(List.of(createEntity3.getEntityReference())).withTags(CommonUtil.listOf(new TagLabel[]{PII_SENSITIVE_TAG_LABEL})), TestUtils.ADMIN_AUTH_HEADERS);
        CreateEntity withOwners = TABLE_TEST.mo39createRequest("rolesAndPoliciesTable12").withOwners(List.of(createEntity4.getEntityReference()));
        withOwners.getColumns().forEach(column -> {
            column.withTags((List) null);
        });
        Table createEntity14 = TABLE_TEST.createEntity(withOwners, TestUtils.ADMIN_AUTH_HEADERS);
        Policy createPolicy = createPolicy("disallowAllPIIAccess", "matchAnyTag('PII.Sensitive')");
        Policy createPolicy2 = createPolicy("denyPIIAccessExceptTeam11", "matchAnyTag('PII.Sensitive') && !inAnyTeam('rolesPoliciesTeam11')");
        Policy createPolicy3 = createPolicy("denyPIIAccessExceptTeam1", "matchAnyTag('PII.Sensitive') && !inAnyTeam('rolesPoliciesTeam1')");
        Object[] objArr = {new Object[]{createEntity3, TEAM_ONLY_POLICY, CommonUtil.listOf(new User[]{createEntity9}), CommonUtil.listOf(new User[]{createEntity7, createEntity8, createEntity10, createEntity11, createEntity12}), createEntity13}, new Object[]{createEntity, TEAM_ONLY_POLICY, CommonUtil.listOf(new User[]{createEntity7, createEntity9, createEntity10}), CommonUtil.listOf(new User[]{createEntity8, createEntity11, createEntity12}), createEntity13}, new Object[]{createEntity, createPolicy, Collections.emptyList(), CommonUtil.listOf(new User[]{createEntity7, createEntity8, createEntity9, createEntity10, createEntity11, createEntity12}), createEntity13}, new Object[]{createEntity, createPolicy, CommonUtil.listOf(new User[]{createEntity7, createEntity9, createEntity10, createEntity8, createEntity11, createEntity12}), Collections.emptyList(), createEntity14}, new Object[]{createEntity, createPolicy2, CommonUtil.listOf(new User[]{createEntity9}), CommonUtil.listOf(new User[]{createEntity7, createEntity8, createEntity10, createEntity11, createEntity12}), createEntity13}, new Object[]{createEntity, createPolicy2, CommonUtil.listOf(new User[]{createEntity7, createEntity9, createEntity10, createEntity8, createEntity11, createEntity12}), Collections.emptyList(), createEntity14}, new Object[]{createEntity3, createPolicy2, CommonUtil.listOf(new User[]{createEntity9}), CommonUtil.listOf(new User[]{createEntity7, createEntity8, createEntity10, createEntity11, createEntity12}), createEntity13}, new Object[]{createEntity3, createPolicy2, CommonUtil.listOf(new User[]{createEntity7, createEntity9, createEntity10, createEntity8, createEntity11, createEntity12}), Collections.emptyList(), createEntity14}, new Object[]{createEntity, createPolicy3, CommonUtil.listOf(new User[]{createEntity7, createEntity9, createEntity10}), CommonUtil.listOf(new User[]{createEntity8, createEntity11, createEntity12}), createEntity13}, new Object[]{createEntity, createPolicy3, CommonUtil.listOf(new User[]{createEntity7, createEntity9, createEntity10, createEntity8, createEntity11, createEntity12}), Collections.emptyList(), createEntity14}, new Object[]{createEntity, createPolicy("denyPIIAccessExceptRole", "matchAnyTag('PII.Sensitive') && !hasAnyRole('DataSteward')"), CommonUtil.listOf(new User[]{createEntity8, createEntity11, createEntity12}), CommonUtil.listOf(new User[]{createEntity7, createEntity9, createEntity10}), createEntity13}, new Object[]{createEntity, createPolicy3, CommonUtil.listOf(new User[]{createEntity7, createEntity9, createEntity10, createEntity8, createEntity11, createEntity12}), Collections.emptyList(), createEntity14}};
        for (int i = 0; i < objArr.length; i++) {
            testScenario(i, objArr[i]);
        }
    }

    private Policy createPolicy(String str, String str2) throws HttpResponseException {
        validateCondition(str2);
        return createEntity(mo39createRequest(str).withRules(CommonUtil.listOf(new Rule[]{new Rule().withName(str).withResources(CommonUtil.listOf(new String[]{"All"})).withOperations(CommonUtil.listOf(new MetadataOperation[]{MetadataOperation.ALL})).withEffect(Rule.Effect.DENY).withCondition(str2)})), TestUtils.ADMIN_AUTH_HEADERS);
    }

    private void testScenario(int i, Object[] objArr) throws HttpResponseException {
        Team team = (Team) objArr[0];
        Policy policy = (Policy) objArr[1];
        List<User> list = (List) objArr[2];
        List<User> list2 = (List) objArr[3];
        Table table = (Table) objArr[4];
        addTeamPolicy(team, policy);
        LOG.info("Testing scenario at {} with team:{} policy:{} table:{}", new Object[]{Integer.valueOf(i), team.getName(), policy.getName(), table.getName()});
        checkAccess(list, list2, table);
        removeTeamPolicy(team);
    }

    @Override // org.openmetadata.service.resources.EntityResourceTest
    public Policy validateGetWithDifferentFields(Policy policy, boolean z) throws HttpResponseException {
        Policy entityByName = z ? getEntityByName(policy.getFullyQualifiedName(), "", TestUtils.ADMIN_AUTH_HEADERS) : getEntity(policy.getId(), "", TestUtils.ADMIN_AUTH_HEADERS);
        TestUtils.assertListNull(entityByName.getOwners(), entityByName.getLocation());
        Policy entityByName2 = z ? getEntityByName(entityByName.getFullyQualifiedName(), "owners,location", TestUtils.ADMIN_AUTH_HEADERS) : getEntity(entityByName.getId(), "owners,location", TestUtils.ADMIN_AUTH_HEADERS);
        TestUtils.assertListNotNull(entityByName2.getOwners());
        return entityByName2;
    }

    private CreatePolicy createAccessControlPolicyWithRules(String str, List<Rule> list) {
        return new CreatePolicy().withName(str).withDescription("description").withRules(list).withOwners(Lists.newArrayList(new EntityReference[]{USER1_REF}));
    }

    private CreatePolicy createAccessControlPolicyWithCreateRule() {
        return new CreatePolicy().withName("CreatePermissionPolicy").withDescription("Create User Permission").withRules(List.of(new Rule().withName("CreatePermission").withResources(List.of("All")).withOperations(List.of(MetadataOperation.CREATE)).withEffect(Rule.Effect.ALLOW)));
    }

    private void validateCondition(String str) throws HttpResponseException {
        TestUtils.get(getResource(this.collectionName + "/validation/condition/" + str), TestUtils.ADMIN_AUTH_HEADERS);
    }

    public final PolicyResource.ResourceDescriptorList getPolicyResources(Map<String, String> map) throws HttpResponseException {
        return (PolicyResource.ResourceDescriptorList) TestUtils.get(getResource(this.collectionName + "/resources"), PolicyResource.ResourceDescriptorList.class, map);
    }

    public final FunctionList getPolicyFunctions(Map<String, String> map) throws HttpResponseException {
        return (FunctionList) TestUtils.get(getResource(this.collectionName + "/functions"), FunctionList.class, map);
    }

    private static Rule accessControlRule(List<String> list, List<MetadataOperation> list2, Rule.Effect effect) {
        return accessControlRule("rule" + new Random().nextInt(21), list, list2, effect);
    }

    private static Rule accessControlRule(String str, List<String> list, List<MetadataOperation> list2, Rule.Effect effect) {
        return new Rule().withName(str).withResources(list).withOperations(list2).withEffect(effect);
    }

    private void addTeamPolicy(Team team, Policy policy) throws HttpResponseException {
        String pojoToJson = JsonUtils.pojoToJson(team);
        team.setPolicies(CommonUtil.listOf(new EntityReference[]{policy.getEntityReference()}));
        TEAM_TEST.patchEntity(team.getId(), pojoToJson, team, TestUtils.ADMIN_AUTH_HEADERS);
    }

    private void removeTeamPolicy(Team team) throws HttpResponseException {
        String pojoToJson = JsonUtils.pojoToJson(team);
        team.setPolicies((List) null);
        TEAM_TEST.patchEntity(team.getId(), pojoToJson, team, TestUtils.ADMIN_AUTH_HEADERS);
    }

    private void checkAccess(List<User> list, List<User> list2, Table table) throws HttpResponseException {
        for (User user : list) {
            LOG.info("Expecting access allowed for user:{}", user.getName());
            Assertions.assertNotNull(TABLE_TEST.getEntity(table.getId(), "", SecurityUtil.authHeaders(user.getName())));
        }
        for (User user2 : list2) {
            LOG.info("Expecting access denied for user:{}", user2.getName());
            TestUtils.assertResponseContains(() -> {
                TABLE_TEST.getEntity(table.getId(), "", SecurityUtil.authHeaders(user2.getName()));
            }, Response.Status.FORBIDDEN, "denied");
        }
    }

    @Override // org.openmetadata.service.resources.EntityResourceTest
    public /* bridge */ /* synthetic */ void compareEntities(Policy policy, Policy policy2, Map map) throws HttpResponseException {
        compareEntities2(policy, policy2, (Map<String, String>) map);
    }

    @Override // org.openmetadata.service.resources.EntityResourceTest
    public /* bridge */ /* synthetic */ void validateCreatedEntity(Policy policy, CreatePolicy createPolicy, Map map) throws HttpResponseException {
        validateCreatedEntity2(policy, createPolicy, (Map<String, String>) map);
    }
}
