package org.gridgain.control.agent.action.controller;

import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import java.util.function.Predicate;
import org.apache.ignite.IgniteCache;
import org.apache.ignite.cache.CachePeekMode;
import org.apache.ignite.cache.affinity.rendezvous.RendezvousAffinityFunction;
import org.apache.ignite.configuration.CacheConfiguration;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.gridgain.control.agent.AbstractSelfTest;
import org.gridgain.control.agent.dto.action.AuthenticateCredentials;
import org.gridgain.control.agent.dto.action.CacheArgument;
import org.gridgain.control.agent.dto.action.CacheLostPartitionsArgument;
import org.gridgain.control.agent.dto.action.JobResponse;
import org.gridgain.control.agent.dto.action.Request;
import org.gridgain.control.agent.dto.action.Status;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/gridgain/control/agent/action/controller/CacheActionsControllerWithGridGainSecurityTest.class */
public class CacheActionsControllerWithGridGainSecurityTest extends AbstractActionControllerWithGridGainSecurityTest {
    private static final int PARTS_CNT = 32;
    private static final int KEY_COUNT = 10000;
    private static final String ADMIN_OPS_ACCOUNT = "adminOps";
    private static final String ADMIN_CACHE_ACCOUNT = "adminCache";
    private static final String CACHE_REMOVE_ACCOUNT = "cacheRemove";
    private static final String TASK_EXECUTE_ACCOUNT = "taskExecute";

    @Override // org.gridgain.control.agent.action.controller.AbstractActionControllerWithGridGainSecurityTest
    protected Map<SecurityCredentials, String> prepareCustomCredentials() {
        HashMap hashMap = new HashMap(5);
        hashMap.put(new SecurityCredentials(ADMIN_OPS_ACCOUNT, "123456"), "{     defaultAllow: false,    {        system:[ADMIN_OPS]    },    {        task:'*',        permissions:[TASK_EXECUTE]    }}");
        hashMap.put(new SecurityCredentials(ADMIN_CACHE_ACCOUNT, "123456"), "{     defaultAllow: false,    {        system:[ADMIN_CACHE]    }}");
        hashMap.put(new SecurityCredentials(CACHE_REMOVE_ACCOUNT, "123456"), "{     defaultAllow: false,    {        cache: '*',        permissions: [CACHE_REMOVE]    },    {        task:'*',        permissions:[TASK_EXECUTE]    }}");
        hashMap.put(new SecurityCredentials(TASK_EXECUTE_ACCOUNT, "123456"), "{     defaultAllow: false,    {        task:'*',        permissions:[TASK_EXECUTE]    }}");
        return hashMap;
    }

    @Override // org.gridgain.control.agent.action.controller.AbstractActionControllerTest
    protected int clusterSize() {
        return 2;
    }

    @Test
    public void shouldPerformResetLostPartitionsWithAdminOpsAccount() {
        checkSecureResetLostPartitions(ADMIN_OPS_ACCOUNT, "123456", jobResponse -> {
            return Status.COMPLETED == jobResponse.getStatus();
        });
    }

    @Test
    public void shouldFailResetLostPartitionsWithNoAccessAccount() {
        checkSecureResetLostPartitions("no_access", "123456", jobResponse -> {
            return Status.FAILED == jobResponse.getStatus() && -32002 == jobResponse.getError().getCode();
        });
    }

    @Test
    public void shouldPerformClearWithCacheRemoveAccount() {
        checkSecureClear(CACHE_REMOVE_ACCOUNT, "123456", jobResponse -> {
            return Status.COMPLETED == jobResponse.getStatus();
        });
    }

    @Test
    public void shouldFailClearWithTaskExecuteAccount() {
        checkSecureClear(TASK_EXECUTE_ACCOUNT, "123456", jobResponse -> {
            return Status.FAILED == jobResponse.getStatus() && -32002 == jobResponse.getError().getCode();
        });
    }

    @Test
    public void shouldPerformRebalanceWithAdminCacheAccount() {
        checkSecureRebalance(ADMIN_CACHE_ACCOUNT, "123456", jobResponse -> {
            return Status.COMPLETED == jobResponse.getStatus();
        });
    }

    @Test
    public void shouldFailRebalanceWithNoAccessAccount() {
        checkSecureRebalance("no_access", "123456", jobResponse -> {
            return Status.FAILED == jobResponse.getStatus() && -32002 == jobResponse.getError().getCode();
        });
    }

    @Test
    public void shouldPerformLoadCacheWithAdminOpsAccount() {
        checkSecureLoadCache(ADMIN_OPS_ACCOUNT, "123456", jobResponse -> {
            return Status.COMPLETED == jobResponse.getStatus();
        });
    }

    @Test
    public void shouldFailLoadCacheWithTaskExecuteAccount() {
        checkSecureLoadCache(TASK_EXECUTE_ACCOUNT, "123456", jobResponse -> {
            return Status.FAILED == jobResponse.getStatus() && -32002 == jobResponse.getError().getCode();
        });
    }

    private void checkSecureResetLostPartitions(String str, String str2, Predicate<JobResponse> predicate) {
        UUID authenticate = authenticate(new AuthenticateCredentials().setCredentials(new SecurityCredentials(str, str2)));
        IgniteCache orCreateCache = this.cluster.ignite().getOrCreateCache(new CacheConfiguration(AbstractSelfTest.DEFAULT_CACHE_NAME).setAffinity(new RendezvousAffinityFunction().setPartitions(PARTS_CNT)));
        for (int i = 0; i < KEY_COUNT; i++) {
            orCreateCache.put(Integer.valueOf(i), Integer.valueOf(i));
        }
        stopGrid(instanceName(1));
        this.cluster.ignite().cluster().setBaselineTopology(Collections.singleton(this.cluster.ignite().cluster().node()));
        Assert.assertEquals(1L, this.cluster.currentBaselineTopology().size());
        Assert.assertFalse(orCreateCache.lostPartitions().isEmpty());
        executeAction(new Request().setId(UUID.randomUUID()).setAction("CacheActions.resetLostPartitions").setNodeIds(Collections.singleton(this.cluster.localNode().id())).setSessionId(authenticate).setArgument(new CacheLostPartitionsArgument().setCacheNames(Collections.singleton(AbstractSelfTest.DEFAULT_CACHE_NAME))), list -> {
            JobResponse jobResponse = (JobResponse) F.first(list);
            return Boolean.valueOf(jobResponse != null && predicate.test(jobResponse));
        });
    }

    private void checkSecureClear(String str, String str2, Predicate<JobResponse> predicate) {
        UUID authenticate = authenticate(new AuthenticateCredentials().setCredentials(new SecurityCredentials(str, str2)));
        IgniteCache orCreateCache = this.cluster.ignite().getOrCreateCache(AbstractSelfTest.DEFAULT_CACHE_NAME);
        for (int i = 0; i < KEY_COUNT; i++) {
            orCreateCache.put(Integer.valueOf(i), Integer.valueOf(i));
        }
        Assert.assertEquals(10000L, orCreateCache.size(new CachePeekMode[]{CachePeekMode.PRIMARY}));
        executeAction(new Request().setId(UUID.randomUUID()).setAction("CacheActions.clear").setNodeIds(Collections.singleton(this.cluster.localNode().id())).setSessionId(authenticate).setArgument(new CacheArgument().setCacheName(AbstractSelfTest.DEFAULT_CACHE_NAME)), list -> {
            JobResponse jobResponse = (JobResponse) F.first(list);
            return Boolean.valueOf(jobResponse != null && predicate.test(jobResponse));
        });
    }

    private void checkSecureRebalance(String str, String str2, Predicate<JobResponse> predicate) {
        executeAction(new Request().setId(UUID.randomUUID()).setAction("CacheActions.rebalance").setNodeIds(Collections.singleton(this.cluster.localNode().id())).setSessionId(authenticate(new AuthenticateCredentials().setCredentials(new SecurityCredentials(str, str2)))).setArgument(new CacheArgument().setCacheName(AbstractSelfTest.DEFAULT_CACHE_NAME)), list -> {
            JobResponse jobResponse = (JobResponse) F.first(list);
            return Boolean.valueOf(jobResponse != null && predicate.test(jobResponse));
        });
    }

    private void checkSecureLoadCache(String str, String str2, Predicate<JobResponse> predicate) {
        UUID authenticate = authenticate(new AuthenticateCredentials().setCredentials(new SecurityCredentials(str, str2)));
        this.cluster.ignite().getOrCreateCache(AbstractSelfTest.DEFAULT_CACHE_NAME);
        executeAction(new Request().setId(UUID.randomUUID()).setAction("CacheActions.loadCache").setSessionId(authenticate).setArgument(new CacheArgument().setCacheName(AbstractSelfTest.DEFAULT_CACHE_NAME)), list -> {
            JobResponse jobResponse = (JobResponse) F.first(list);
            return Boolean.valueOf(jobResponse != null && predicate.test(jobResponse));
        });
    }
}
