package org.openmetadata.service.secrets;

import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.junit.jupiter.MockitoExtension;
import org.openmetadata.schema.entity.services.DatabaseService;
import org.openmetadata.schema.entity.services.ingestionPipelines.IngestionPipeline;
import org.openmetadata.schema.entity.services.ingestionPipelines.PipelineType;
import org.openmetadata.schema.metadataIngestion.DbtPipeline;
import org.openmetadata.schema.metadataIngestion.SourceConfig;
import org.openmetadata.schema.metadataIngestion.dbtconfig.DbtS3Config;
import org.openmetadata.schema.security.credentials.AWSCredentials;
import org.openmetadata.schema.security.secrets.Parameters;
import org.openmetadata.schema.security.secrets.SecretsManagerConfiguration;
import org.openmetadata.service.fernet.Fernet;
import org.openmetadata.service.util.JsonUtils;

@ExtendWith({MockitoExtension.class})
/* loaded from: input_file:org/openmetadata/service/secrets/AWSBasedSecretsManagerTest.class */
public abstract class AWSBasedSecretsManagerTest extends ExternalSecretsManagerTest {
    @BeforeEach
    void setUp() {
        Fernet.getInstance().setFernetKey("jJ/9sz0g0OHxsfxOoSfdFdmk3ysNmPRnH3TUAbz3IHA=");
        Parameters parameters = new Parameters();
        parameters.setAdditionalProperty("region", "eu-west-1");
        parameters.setAdditionalProperty("accessKeyId", "123456");
        parameters.setAdditionalProperty("secretAccessKey", "654321");
        SecretsManagerConfiguration secretsManagerConfiguration = new SecretsManagerConfiguration();
        secretsManagerConfiguration.setParameters(parameters);
        setUpSpecific(secretsManagerConfiguration);
    }

    @Test
    void testEncryptDecryptIngestionPipelineDBTConfig() {
        IngestionPipeline withSourceConfig = new IngestionPipeline().withName("my-pipeline").withPipelineType(PipelineType.DBT).withService(new DatabaseService().getEntityReference().withType("databaseService")).withSourceConfig(new SourceConfig().withConfig(new DbtPipeline().withDbtConfigSource(new DbtS3Config().withDbtSecurityConfig(new AWSCredentials().withAwsSecretAccessKey("secret:/openmetadata/pipeline/my-pipeline/sourceconfig/config/dbtconfigsource/dbtsecurityconfig/awssecretaccesskey").withAwsRegion("eu-west-1")))));
        IngestionPipeline ingestionPipeline = (IngestionPipeline) JsonUtils.convertValue(withSourceConfig, IngestionPipeline.class);
        this.secretsManager.encryptIngestionPipeline(ingestionPipeline);
        Assertions.assertNotEquals("secret:/openmetadata/pipeline/my-pipeline/sourceconfig/config/dbtconfigsource/dbtsecurityconfig/awssecretaccesskey", getAwsSecretAccessKey(ingestionPipeline));
        this.secretsManager.decryptIngestionPipeline(ingestionPipeline);
        Assertions.assertEquals("secret:/openmetadata/pipeline/my-pipeline/sourceconfig/config/dbtconfigsource/dbtsecurityconfig/awssecretaccesskey", getAwsSecretAccessKey(ingestionPipeline));
        Assertions.assertEquals(withSourceConfig, ingestionPipeline);
    }

    private String getAwsSecretAccessKey(IngestionPipeline ingestionPipeline) {
        return ((DbtS3Config) ((DbtPipeline) ingestionPipeline.getSourceConfig().getConfig()).getDbtConfigSource()).getDbtSecurityConfig().getAwsSecretAccessKey();
    }
}
