package io.jenkins.plugins.casc.vault;

import io.jenkins.plugins.casc.ConfigurationContext;
import io.jenkins.plugins.casc.ConfiguratorRegistry;
import io.jenkins.plugins.casc.SecretSourceResolver;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.contrib.java.lang.system.EnvironmentVariables;
import org.jvnet.hudson.test.JenkinsRule;
import org.testcontainers.vault.VaultContainer;

/* loaded from: input_file:io/jenkins/plugins/casc/vault/VaultSecretSourceTest.class */
public class VaultSecretSourceTest {
    private static final Logger LOGGER;

    @ClassRule
    public static VaultContainer vaultContainer;

    @Rule
    public JenkinsRule j = new JenkinsRule();

    @Rule
    public EnvironmentVariables envVars = new EnvironmentVariables().set("CASC_VAULT_FILE", getClass().getResource("vaultTest_cascFile").getPath());
    private ConfigurationContext context;
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeClass
    public static void configureContainer() {
        Assume.assumeTrue(VaultTestUtil.hasDockerDaemon());
        VaultTestUtil.configureVaultContainer(vaultContainer);
    }

    @Before
    public void refreshConfigurationContext() {
        this.context = new ConfigurationContext(ConfiguratorRegistry.get());
    }

    @Test
    public void kv1WithUser() {
        this.envVars.set("CASC_VAULT_USER", "admin");
        this.envVars.set("CASC_VAULT_PW", "admin");
        this.envVars.set("CASC_VAULT_PATHS", "kv-v1/admin,kv-v1/dev");
        this.envVars.set("CASC_VAULT_ENGINE_VERSION", "1");
        Assert.assertThat(SecretSourceResolver.resolve(this.context, "${key1}"), CoreMatchers.equalTo("123"));
    }

    @Test
    public void kv2WithUser() {
        this.envVars.set("CASC_VAULT_USER", "admin");
        this.envVars.set("CASC_VAULT_PW", "admin");
        this.envVars.set("CASC_VAULT_PATHS", "kv-v2/admin,kv-v2/dev");
        this.envVars.set("CASC_VAULT_ENGINE_VERSION", "2");
        Assert.assertThat(SecretSourceResolver.resolve(this.context, "${key1}"), CoreMatchers.equalTo("123"));
    }

    @Test
    public void kv2WithWrongUser() {
        this.envVars.set("CASC_VAULT_USER", "1234");
        this.envVars.set("CASC_VAULT_PW", "admin");
        this.envVars.set("CASC_VAULT_PATHS", VaultTestUtil.VAULT_PATH_KV2_1);
        this.envVars.set("CASC_VAULT_ENGINE_VERSION", "2");
        Assert.assertThat(SecretSourceResolver.resolve(this.context, "${key1}"), CoreMatchers.equalTo(""));
    }

    @Test
    public void kv1WithToken() {
        this.envVars.set("CASC_VAULT_TOKEN", VaultTestUtil.VAULT_ROOT_TOKEN);
        this.envVars.set("CASC_VAULT_PATHS", "kv-v1/admin,kv-v1/dev");
        this.envVars.set("CASC_VAULT_ENGINE_VERSION", "1");
        Assert.assertThat(SecretSourceResolver.resolve(this.context, "${key1}"), CoreMatchers.equalTo("123"));
    }

    @Test
    public void kv2WithToken() {
        this.envVars.set("CASC_VAULT_TOKEN", VaultTestUtil.VAULT_ROOT_TOKEN);
        this.envVars.set("CASC_VAULT_PATHS", "kv-v2/admin,kv-v2/dev");
        this.envVars.set("CASC_VAULT_ENGINE_VERSION", "2");
        Assert.assertThat(SecretSourceResolver.resolve(this.context, "${key1}"), CoreMatchers.equalTo("123"));
    }

    @Test
    public void kv1WithWrongToken() {
        this.envVars.set("CASC_VAULT_TOKEN", "1234");
        this.envVars.set("CASC_VAULT_PATHS", VaultTestUtil.VAULT_PATH_KV1_1);
        this.envVars.set("CASC_VAULT_ENGINE_VERSION", "1");
        Assert.assertThat(SecretSourceResolver.resolve(this.context, "${key1}"), CoreMatchers.equalTo(""));
    }

    @Test
    public void kv1WithApprole() {
        this.envVars.set("CASC_VAULT_APPROLE", VaultTestUtil.VAULT_APPROLE_ID);
        this.envVars.set("CASC_VAULT_APPROLE_SECRET", VaultTestUtil.VAULT_APPROLE_SECRET);
        this.envVars.set("CASC_VAULT_PATHS", "kv-v1/admin,kv-v1/dev");
        this.envVars.set("CASC_VAULT_ENGINE_VERSION", "1");
        Assert.assertThat(SecretSourceResolver.resolve(this.context, "${key1}"), CoreMatchers.equalTo("123"));
    }

    @Test
    public void kv2WithApprole() {
        this.envVars.set("CASC_VAULT_APPROLE", VaultTestUtil.VAULT_APPROLE_ID);
        this.envVars.set("CASC_VAULT_APPROLE_SECRET", VaultTestUtil.VAULT_APPROLE_SECRET);
        this.envVars.set("CASC_VAULT_PATHS", "kv-v2/admin,kv-v2/dev");
        this.envVars.set("CASC_VAULT_ENGINE_VERSION", "2");
        Assert.assertThat(SecretSourceResolver.resolve(this.context, "${key1}"), CoreMatchers.equalTo("123"));
    }

    @Test
    public void kv2WithWrongApprole() {
        this.envVars.set("CASC_VAULT_APPROLE", "1234");
        this.envVars.set("CASC_VAULT_APPROLE_SECRET", VaultTestUtil.VAULT_APPROLE_SECRET);
        this.envVars.set("CASC_VAULT_PATHS", VaultTestUtil.VAULT_PATH_KV2_1);
        this.envVars.set("CASC_VAULT_ENGINE_VERSION", "2");
        Assert.assertThat(SecretSourceResolver.resolve(this.context, "${key1}"), CoreMatchers.equalTo(""));
    }

    @Test
    public void kv2WithApproleMultipleKeys() {
        this.envVars.set("CASC_VAULT_APPROLE", VaultTestUtil.VAULT_APPROLE_ID);
        this.envVars.set("CASC_VAULT_APPROLE_SECRET", VaultTestUtil.VAULT_APPROLE_SECRET);
        this.envVars.set("CASC_VAULT_PATHS", "kv-v2/admin,kv-v2/dev");
        this.envVars.set("CASC_VAULT_ENGINE_VERSION", "2");
        Assert.assertThat(SecretSourceResolver.resolve(this.context, "${key2}"), CoreMatchers.equalTo("456"));
        Assert.assertThat(SecretSourceResolver.resolve(this.context, "${key3}"), CoreMatchers.equalTo("789"));
    }

    @Test
    public void kv2WithApproleMultipleKeysOverriden() {
        this.envVars.set("CASC_VAULT_APPROLE", VaultTestUtil.VAULT_APPROLE_ID);
        this.envVars.set("CASC_VAULT_APPROLE_SECRET", VaultTestUtil.VAULT_APPROLE_SECRET);
        this.envVars.set("CASC_VAULT_PATHS", "kv-v2/admin,kv-v2/dev,kv-v2/qa");
        this.envVars.set("CASC_VAULT_ENGINE_VERSION", "2");
        Assert.assertThat(SecretSourceResolver.resolve(this.context, "${key2}"), CoreMatchers.equalTo("321"));
        Assert.assertThat(SecretSourceResolver.resolve(this.context, "${key1}"), CoreMatchers.equalTo("123"));
    }

    @Test
    public void kv2WithApproleWithReauth() {
        this.envVars.set("CASC_VAULT_APPROLE", VaultTestUtil.VAULT_APPROLE_ID);
        this.envVars.set("CASC_VAULT_APPROLE_SECRET", VaultTestUtil.VAULT_APPROLE_SECRET);
        this.envVars.set("CASC_VAULT_PATHS", VaultTestUtil.VAULT_PATH_KV2_AUTH_TEST);
        this.envVars.set("CASC_VAULT_ENGINE_VERSION", "2");
        Assert.assertThat(SecretSourceResolver.resolve(this.context, "${key1}"), CoreMatchers.equalTo("auth-test"));
        try {
            Thread.sleep(2000L);
            VaultTestUtil.runCommand(vaultContainer, "vault", "kv", "put", VaultTestUtil.VAULT_PATH_KV2_AUTH_TEST, "key1=re-auth-test");
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Could not update vault secret for test", (Throwable) e);
            if (!$assertionsDisabled) {
                throw new AssertionError();
            }
        } catch (InterruptedException e2) {
            LOGGER.log(Level.WARNING, "Test got interrupted", (Throwable) e2);
            if (!$assertionsDisabled) {
                throw new AssertionError();
            }
        }
        Assert.assertThat(SecretSourceResolver.resolve(this.context, "${key1}"), CoreMatchers.equalTo("re-auth-test"));
    }

    @Test
    public void kv2WithUserDeprecatedPath() {
        this.envVars.set("CASC_VAULT_APPROLE", VaultTestUtil.VAULT_APPROLE_ID);
        this.envVars.set("CASC_VAULT_APPROLE_SECRET", VaultTestUtil.VAULT_APPROLE_SECRET);
        this.envVars.set("CASC_VAULT_PATH", "kv-v1/admin,kv-v1/dev");
        this.envVars.set("CASC_VAULT_ENGINE_VERSION", "1");
        Assert.assertThat(SecretSourceResolver.resolve(this.context, "${key3}"), CoreMatchers.equalTo("789"));
    }

    static {
        $assertionsDisabled = !VaultSecretSourceTest.class.desiredAssertionStatus();
        LOGGER = Logger.getLogger(VaultSecretSourceTest.class.getName());
        vaultContainer = VaultTestUtil.createVaultContainer();
    }
}
