package org.openmetadata.service.security.policyevaluator;

import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import javax.ws.rs.core.UriInfo;
import org.apache.commons.lang3.tuple.ImmutablePair;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.openmetadata.common.utils.CommonUtil;
import org.openmetadata.schema.EntityInterface;
import org.openmetadata.schema.entity.data.Table;
import org.openmetadata.schema.entity.teams.Role;
import org.openmetadata.schema.entity.teams.Team;
import org.openmetadata.schema.entity.teams.User;
import org.openmetadata.schema.type.EntityReference;
import org.openmetadata.schema.type.Include;
import org.openmetadata.schema.type.TagLabel;
import org.openmetadata.service.Entity;
import org.openmetadata.service.jdbi3.EntityRepository;
import org.openmetadata.service.jdbi3.TableRepository;
import org.openmetadata.service.jdbi3.TeamRepository;
import org.openmetadata.service.security.policyevaluator.SubjectContext;
import org.openmetadata.service.util.EntityUtil;
import org.springframework.expression.EvaluationContext;
import org.springframework.expression.spel.support.SimpleEvaluationContext;

/* loaded from: input_file:org/openmetadata/service/security/policyevaluator/RuleEvaluatorTest.class */
class RuleEvaluatorTest {
    private static final Table table = new Table().withName("table");
    private static User user;
    private static EvaluationContext evaluationContext;
    private static SubjectContext subjectContext;
    private static ResourceContext<?> resourceContext;

    RuleEvaluatorTest() {
    }

    @BeforeAll
    public static void setup() {
        TeamRepository teamRepository = (TeamRepository) Mockito.mock(TeamRepository.class);
        Entity.registerEntity(Team.class, "team", teamRepository);
        Mockito.when(teamRepository.find((UUID) ArgumentMatchers.any(UUID.class), (Include) ArgumentMatchers.any(Include.class))).thenAnswer(invocationOnMock -> {
            return EntityRepository.CACHE_WITH_ID.get(new ImmutablePair("team", (UUID) invocationOnMock.getArgument(0)));
        });
        Mockito.when(teamRepository.getReference((UUID) ArgumentMatchers.any(UUID.class), (Include) ArgumentMatchers.any(Include.class))).thenAnswer(invocationOnMock2 -> {
            return ((EntityInterface) EntityRepository.CACHE_WITH_ID.get(new ImmutablePair("team", (UUID) invocationOnMock2.getArgument(0)))).getEntityReference();
        });
        Mockito.when(teamRepository.findByName(ArgumentMatchers.anyString(), (Include) ArgumentMatchers.any(Include.class))).thenAnswer(invocationOnMock3 -> {
            return EntityRepository.CACHE_WITH_NAME.get(new ImmutablePair("team", (String) invocationOnMock3.getArgument(0)));
        });
        Mockito.when(teamRepository.get((UriInfo) ArgumentMatchers.isNull(), (UUID) ArgumentMatchers.any(UUID.class), (EntityUtil.Fields) ArgumentMatchers.isNull(), (Include) ArgumentMatchers.any(Include.class), ArgumentMatchers.anyBoolean())).thenAnswer(invocationOnMock4 -> {
            return EntityRepository.CACHE_WITH_ID.get(new ImmutablePair("team", (UUID) invocationOnMock4.getArgument(1)));
        });
        Mockito.when(teamRepository.getByName((UriInfo) ArgumentMatchers.isNull(), ArgumentMatchers.anyString(), (EntityUtil.Fields) ArgumentMatchers.isNull(), (Include) ArgumentMatchers.any(Include.class), ArgumentMatchers.anyBoolean())).thenAnswer(invocationOnMock5 -> {
            return EntityRepository.CACHE_WITH_ID.get(new ImmutablePair("team", (UUID) invocationOnMock5.getArgument(1)));
        });
        TableRepository tableRepository = (TableRepository) Mockito.mock(TableRepository.class);
        Entity.registerEntity(Table.class, "table", tableRepository);
        Mockito.when(tableRepository.getAllTags((EntityInterface) ArgumentMatchers.any())).thenAnswer(invocationOnMock6 -> {
            return table.getTags();
        });
        user = new User().withId(UUID.randomUUID()).withName("user");
        resourceContext = new ResourceContext<>("table", table, (EntityRepository) Mockito.mock(TableRepository.class));
        subjectContext = new SubjectContext(user);
        evaluationContext = SimpleEvaluationContext.forReadOnlyDataBinding().withRootObject(new RuleEvaluator((SubjectContext.PolicyContext) null, subjectContext, resourceContext)).build();
    }

    @Test
    void test_noOwner() {
        table.setOwners((List) null);
        Assertions.assertTrue(evaluateExpression("noOwner()").booleanValue());
        Assertions.assertFalse(evaluateExpression("!noOwner()").booleanValue());
        table.setOwners(List.of(new EntityReference().withId(UUID.randomUUID()).withType("user")));
        Assertions.assertFalse(evaluateExpression("noOwner()").booleanValue());
        Assertions.assertTrue(evaluateExpression("!noOwner()").booleanValue());
    }

    @Test
    void test_isOwner() {
        table.setOwners(List.of(new EntityReference().withId(UUID.randomUUID()).withType("user").withName("otherUser")));
        Assertions.assertFalse(evaluateExpression("isOwner()").booleanValue());
        Assertions.assertTrue(evaluateExpression("!isOwner()").booleanValue());
        table.setOwners(List.of(new EntityReference().withId(user.getId()).withType("user").withName(user.getName())));
        Assertions.assertTrue(evaluateExpression("isOwner()").booleanValue());
        Assertions.assertFalse(evaluateExpression("!isOwner()").booleanValue());
        table.setOwners((List) null);
        Assertions.assertTrue(evaluateExpression("noOwner() || isOwner()").booleanValue());
        Assertions.assertFalse(evaluateExpression("!noOwner() && !isOwner()").booleanValue());
        table.setOwners(List.of(new EntityReference().withId(user.getId()).withType("user").withName(user.getName())));
        Assertions.assertTrue(evaluateExpression("noOwner() || isOwner()").booleanValue());
        Assertions.assertFalse(evaluateExpression("!noOwner() && !isOwner()").booleanValue());
    }

    @Test
    void test_matchAllTags() {
        table.withTags(getTags("tag1", "tag2", "tag3"));
        Assertions.assertTrue(evaluateExpression("matchAllTags('tag1', 'tag2', 'tag3')").booleanValue());
        Assertions.assertFalse(evaluateExpression("!matchAllTags('tag1', 'tag2', 'tag3')").booleanValue());
        Assertions.assertTrue(evaluateExpression("matchAllTags('tag1', 'tag2')").booleanValue());
        Assertions.assertFalse(evaluateExpression("!matchAllTags('tag1', 'tag2')").booleanValue());
        Assertions.assertTrue(evaluateExpression("matchAllTags('tag1')").booleanValue());
        Assertions.assertFalse(evaluateExpression("!matchAllTags('tag1')").booleanValue());
        Assertions.assertFalse(evaluateExpression("matchAllTags('tag1', 'tag2', 'tag3', 'tag4')").booleanValue());
        Assertions.assertTrue(evaluateExpression("!matchAllTags('tag1', 'tag2', 'tag3', 'tag4')").booleanValue());
        Assertions.assertFalse(evaluateExpression("matchAllTags('tag1', 'tag2', 'tag4')").booleanValue());
        Assertions.assertTrue(evaluateExpression("!matchAllTags('tag1', 'tag2', 'tag4')").booleanValue());
        Assertions.assertFalse(evaluateExpression("matchAllTags('tag2', 'tag4')").booleanValue());
        Assertions.assertTrue(evaluateExpression("!matchAllTags('tag2', 'tag4')").booleanValue());
        Assertions.assertFalse(evaluateExpression("matchAllTags('tag4')").booleanValue());
        Assertions.assertTrue(evaluateExpression("!matchAllTags('tag4')").booleanValue());
    }

    @Test
    void test_matchAnyTag() {
        table.withTags(getTags("tag1", "tag2", "tag3"));
        Assertions.assertTrue(evaluateExpression("matchAnyTag('tag1', 'tag2', 'tag3', 'tag4')").booleanValue());
        Assertions.assertFalse(evaluateExpression("!matchAnyTag('tag1', 'tag2', 'tag3', 'tag4')").booleanValue());
        Assertions.assertTrue(evaluateExpression("matchAnyTag('tag1', 'tag2', 'tag4')").booleanValue());
        Assertions.assertFalse(evaluateExpression("!matchAnyTag('tag1', 'tag2', 'tag4')").booleanValue());
        Assertions.assertTrue(evaluateExpression("matchAnyTag('tag1', 'tag2', 'tag4')").booleanValue());
        Assertions.assertFalse(evaluateExpression("!matchAnyTag('tag1', 'tag2', 'tag4')").booleanValue());
        Assertions.assertTrue(evaluateExpression("matchAnyTag('tag1', 'tag4')").booleanValue());
        Assertions.assertFalse(evaluateExpression("!matchAnyTag('tag1', 'tag4')").booleanValue());
        Assertions.assertFalse(evaluateExpression("matchAnyTag('tag4')").booleanValue());
        Assertions.assertTrue(evaluateExpression("!matchAnyTag('tag4')").booleanValue());
    }

    @Test
    void test_matchTeam() {
        Team createTeam = createTeam("team1", null);
        Team createTeam2 = createTeam("team11", "team1");
        Team createTeam3 = createTeam("team12", "team1");
        Team createTeam4 = createTeam("team111", "team11");
        table.setOwners(List.of(createTeam4.getEntityReference()));
        updatePolicyContext("team111");
        Iterator it = CommonUtil.listOf(new Team[]{createTeam4}).iterator();
        while (it.hasNext()) {
            user.setTeams(CommonUtil.listOf(new EntityReference[]{((Team) it.next()).getEntityReference()}));
            Assertions.assertTrue(evaluateExpression("matchTeam()").booleanValue());
        }
        for (Team team : CommonUtil.listOf(new Team[]{createTeam, createTeam3, createTeam2})) {
            user.setTeams(CommonUtil.listOf(new EntityReference[]{team.getEntityReference()}));
            Assertions.assertFalse(evaluateExpression("matchTeam()").booleanValue(), "Failed for team " + team.getName());
        }
        updatePolicyContext("team11");
        Iterator it2 = CommonUtil.listOf(new Team[]{createTeam2, createTeam4}).iterator();
        while (it2.hasNext()) {
            user.setTeams(CommonUtil.listOf(new EntityReference[]{((Team) it2.next()).getEntityReference()}));
            Assertions.assertTrue(evaluateExpression("matchTeam()").booleanValue());
        }
        for (Team team2 : CommonUtil.listOf(new Team[]{createTeam, createTeam3})) {
            user.setTeams(CommonUtil.listOf(new EntityReference[]{team2.getEntityReference()}));
            Assertions.assertFalse(evaluateExpression("matchTeam()").booleanValue(), "Failed for team " + team2.getName());
        }
        updatePolicyContext("team1");
        Iterator it3 = CommonUtil.listOf(new Team[]{createTeam, createTeam2, createTeam4, createTeam3}).iterator();
        while (it3.hasNext()) {
            user.setTeams(CommonUtil.listOf(new EntityReference[]{((Team) it3.next()).getEntityReference()}));
            Assertions.assertTrue(evaluateExpression("matchTeam()").booleanValue());
        }
    }

    @Test
    void test_inAnyTeam() {
        Team createTeam = createTeam("team1", null);
        createTeam("team11", "team1");
        Team createTeam2 = createTeam("team12", "team1");
        user.setTeams(CommonUtil.listOf(new EntityReference[]{createTeam("team111", "team11").getEntityReference()}));
        Assertions.assertTrue(evaluateExpression("inAnyTeam('team1')").booleanValue());
        Assertions.assertTrue(evaluateExpression("inAnyTeam('team11')").booleanValue());
        Assertions.assertTrue(evaluateExpression("inAnyTeam('team111')").booleanValue());
        Assertions.assertFalse(evaluateExpression("inAnyTeam('team12')").booleanValue());
        user.setTeams(CommonUtil.listOf(new EntityReference[]{createTeam2.getEntityReference()}));
        Assertions.assertTrue(evaluateExpression("inAnyTeam('team1')").booleanValue());
        Assertions.assertTrue(evaluateExpression("inAnyTeam('team12')").booleanValue());
        Assertions.assertFalse(evaluateExpression("inAnyTeam('team111', 'team11')").booleanValue());
        user.setTeams(CommonUtil.listOf(new EntityReference[]{createTeam.getEntityReference()}));
        Assertions.assertTrue(evaluateExpression("inAnyTeam('team1')").booleanValue());
        Assertions.assertFalse(evaluateExpression("inAnyTeam('team12', 'team11', 'team111')").booleanValue());
    }

    @Test
    void test_hasAnyRole() {
        Team createTeamWithRole = createTeamWithRole("team1", null);
        Team createTeamWithRole2 = createTeamWithRole("team11", "team1");
        Team createTeamWithRole3 = createTeamWithRole("team111", "team11");
        user.setRoles(CommonUtil.listOf(new EntityReference[]{createRole("user").getEntityReference()}));
        user.setTeams(CommonUtil.listOf(new EntityReference[]{createTeamWithRole3.getEntityReference()}));
        Iterator it = CommonUtil.listOf(new String[]{"user", "team111", "team11", "team1"}).iterator();
        while (it.hasNext()) {
            Assertions.assertTrue(evaluateExpression(String.format("hasAnyRole('%s')", (String) it.next())).booleanValue());
        }
        user.setTeams(CommonUtil.listOf(new EntityReference[]{createTeamWithRole2.getEntityReference()}));
        Iterator it2 = CommonUtil.listOf(new String[]{"user", "team11", "team1"}).iterator();
        while (it2.hasNext()) {
            Assertions.assertTrue(evaluateExpression(String.format("hasAnyRole('%s')", (String) it2.next())).booleanValue());
        }
        user.setTeams(CommonUtil.listOf(new EntityReference[]{createTeamWithRole.getEntityReference()}));
        Iterator it3 = CommonUtil.listOf(new String[]{"user", "team1"}).iterator();
        while (it3.hasNext()) {
            Assertions.assertTrue(evaluateExpression(String.format("hasAnyRole('%s')", (String) it3.next())).booleanValue());
        }
    }

    private Boolean evaluateExpression(String str) {
        return (Boolean) CompiledRule.parseExpression(str).getValue(evaluationContext, Boolean.class);
    }

    private List<TagLabel> getTags(String... strArr) {
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            arrayList.add(new TagLabel().withTagFQN(str));
        }
        return arrayList;
    }

    private Team createTeam(String str, String str2) {
        Team withId = new Team().withName(str).withId(UUID.nameUUIDFromBytes(str.getBytes(StandardCharsets.UTF_8)));
        if (str2 != null) {
            withId.setParents(CommonUtil.listOf(new EntityReference[]{Entity.getEntityReferenceById("team", UUID.nameUUIDFromBytes(str2.getBytes(StandardCharsets.UTF_8)), Include.NON_DELETED)}));
        }
        EntityRepository.CACHE_WITH_ID.put(new ImmutablePair("team", withId.getId()), withId);
        return withId;
    }

    private Team createTeamWithRole(String str, String str2) {
        Team createTeam = createTeam(str, str2);
        createTeam.setDefaultRoles(CommonUtil.listOf(new EntityReference[]{createRole(str).getEntityReference()}));
        createTeam.setInheritedRoles(new ArrayList());
        Iterator it = CommonUtil.listOrEmpty(createTeam.getParents()).iterator();
        while (it.hasNext()) {
            Team team = (Team) Entity.getEntity("team", ((EntityReference) it.next()).getId(), "defaultRoles, policies, parents, profile,domains", Include.NON_DELETED);
            createTeam.getInheritedRoles().addAll(CommonUtil.listOrEmpty(team.getDefaultRoles()));
            createTeam.getInheritedRoles().addAll(CommonUtil.listOrEmpty(team.getInheritedRoles()));
        }
        return createTeam;
    }

    private Role createRole(String str) {
        Role withId = new Role().withName(str).withId(UUID.nameUUIDFromBytes(str.getBytes(StandardCharsets.UTF_8)));
        EntityRepository.CACHE_WITH_ID.put(new ImmutablePair("role", withId.getId()), withId);
        return withId;
    }

    private void updatePolicyContext(String str) {
        evaluationContext = SimpleEvaluationContext.forReadOnlyDataBinding().withRootObject(new RuleEvaluator(new SubjectContext.PolicyContext("team", str, (String) null, (String) null, (List) null), subjectContext, resourceContext)).build();
    }
}
