package io.confluent.kafka.multitenant.integration.test;

import com.google.common.collect.Iterables;
import io.confluent.kafka.multitenant.MultiTenantPrincipalBuilder;
import io.confluent.kafka.multitenant.Utils;
import io.confluent.kafka.multitenant.authorizer.MultiTenantAuthorizer;
import io.confluent.kafka.multitenant.integration.cluster.PhysicalCluster;
import io.confluent.kafka.security.authorizer.MockAuditLogProvider;
import io.confluent.kafka.server.plugins.auth.FileBasedPlainSaslAuthenticatorTest;
import io.confluent.kafka.test.cluster.EmbeddedKafkaCluster;
import io.confluent.kafka.test.utils.AclCommandBuilder;
import io.confluent.kafka.test.utils.KafkaTestUtils;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.stream.Collectors;
import kafka.server.KafkaConfig$;
import kafka.server.link.ClusterLinkConfig;
import kafka.server.link.ClusterLinkConfig$;
import kafka.test.JarResourceLoader;
import org.apache.kafka.clients.admin.AdminClient;
import org.apache.kafka.clients.admin.AlterConfigOp;
import org.apache.kafka.clients.admin.ClusterLinkListing;
import org.apache.kafka.clients.admin.ConfigEntry;
import org.apache.kafka.clients.admin.ConfluentAdmin;
import org.apache.kafka.clients.admin.CreateClusterLinksOptions;
import org.apache.kafka.clients.admin.DeleteAclsResult;
import org.apache.kafka.clients.admin.DeleteClusterLinksOptions;
import org.apache.kafka.clients.admin.ListClusterLinksOptions;
import org.apache.kafka.clients.admin.NewClusterLink;
import org.apache.kafka.clients.admin.NewTopic;
import org.apache.kafka.common.KafkaFuture;
import org.apache.kafka.common.Uuid;
import org.apache.kafka.common.acl.AccessControlEntry;
import org.apache.kafka.common.acl.AccessControlEntryFilter;
import org.apache.kafka.common.acl.AclBinding;
import org.apache.kafka.common.acl.AclBindingFilter;
import org.apache.kafka.common.acl.AclOperation;
import org.apache.kafka.common.acl.AclPermissionType;
import org.apache.kafka.common.config.ConfigResource;
import org.apache.kafka.common.errors.InvalidRequestException;
import org.apache.kafka.common.errors.TopicAuthorizationException;
import org.apache.kafka.common.resource.PatternType;
import org.apache.kafka.common.resource.ResourcePattern;
import org.apache.kafka.common.resource.ResourcePatternFilter;
import org.apache.kafka.common.resource.ResourceType;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.SecurityProtocol;
import org.apache.kafka.common.utils.SecurityUtils;
import org.apache.kafka.test.TestUtils;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Tags;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInfo;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ValueSource;

@Tags({@Tag("integration"), @Tag("bazel:shard_count:2")})
/* loaded from: input_file:io/confluent/kafka/multitenant/integration/test/UserResourceIdAuthorizationIntegrationTest.class */
public class UserResourceIdAuthorizationIntegrationTest {
    static final String KEY2 = String.join("\n", "{", "  \"UserResourceId\": \"u-2\",", "  \"OrgResourceId\": \"org1\",", "  \"PkcId\": \"pkc1\"", "}");
    static final String VALUE2 = String.join("\n", "{", "  \"UserId\": \"2\",", "  \"ActiveLkcIds\": [\"lkc1\", \"lkc2\"]", "}");
    static final String KEY4 = String.join("\n", "{", "  \"UserResourceId\": \"u-4\",", "  \"OrgResourceId\": \"org1\"", "}");
    static final String VALUE4 = String.join("\n", "{", "  \"UserId\": \"4\",", "  \"ActiveLkcIds\": [\"lkc3\", \"lkc4\"]", "}");
    static final String KEY5 = String.join("\n", "{", "  \"UserResourceId\": \"u-5\",", "  \"OrgResourceId\": \"org1\"", "}");
    static final String VALUE5 = String.join("\n", "{", "  \"UserId\": \"5\",", "  \"ActiveLkcIds\": [\"lkc3\", \"lkc4\"]", "}");
    static final String ANY_ACL_FILTER = "{ \"aclFilters\": [{ \"resourceFilter\": { \"resourceType\": \"any\", \"patternType\": \"any\" },\"accessFilter\": { \"operation\": \"any\", \"permissionType\": \"any\"}}]}";
    static final String ACL_FILTER_FOR_USER_2 = "{ \"aclFilters\": [{ \"resourceFilter\": { \"resourceType\": \"any\", \"patternType\": \"any\" },\"accessFilter\": { \"operation\": \"any\", \"principal\": \"User:2\", \"permissionType\": \"any\"}}]}";
    static final String ACL_FILTER_FOR_USER_4 = "{ \"aclFilters\": [{ \"resourceFilter\": { \"resourceType\": \"any\", \"patternType\": \"any\" },\"accessFilter\": { \"operation\": \"any\", \"principal\": \"User:4\", \"permissionType\": \"any\"}}]}";
    static final String ACL_FILTER_FOR_USER_U_4_AND_POOL_ID = "{ \"aclFilters\": [{ \"resourceFilter\": { \"resourceType\": \"any\", \"patternType\": \"any\" },\"accessFilter\": { \"operation\": \"any\", \"principal\": \"User:u-4\", \"permissionType\": \"any\"}}, { \"resourceFilter\": { \"resourceType\": \"any\", \"patternType\": \"any\" },\"accessFilter\": { \"operation\": \"any\", \"principal\": \"User:pool-1\", \"permissionType\": \"any\"}}]}";
    static final String ACL_FILTER_FOR_USER_V_2 = "{ \"aclFilters\": [{ \"resourceFilter\": { \"resourceType\": \"any\", \"patternType\": \"any\" },\"accessFilter\": { \"operation\": \"any\", \"principal\": \"UserV2:*\", \"permissionType\": \"any\"}}]}";
    static final String LINK_NAME_1 = "test-link1";
    private IntegrationTestHarness testHarness;
    private IntegrationTestHarness destTestHarness;
    private PhysicalCluster physicalCluster;
    private PhysicalCluster destPhysicalCluster;
    private ConfluentAdmin destConfluentAdmin;
    private Uuid linkId;
    private int userMetadataSequenceId;
    private final String logicalClusterId = Utils.LC_META_ABC.logicalClusterId();
    private final String destLogicalClusterId = Utils.LC_META_DED.logicalClusterId();
    private final String adminUserAPIkey = "APIKEY1";
    private final String adminUserAPIkeyPassword = "pwd1";
    private final String serviceUserAPIkey2 = "APIKEY2";
    private final String serviceUserAPIkeyPassword2 = "pwd2";
    private final String serviceUserAPIkey3 = "APIKEY3";
    private final String serviceUserAPIkeyPassword3 = "pwd3";
    private final String apiKeysTopic = "_confluent-apikey";
    private final String userMetaDataTopic = "_confluent-user_metadata";
    private final String testTopic1 = "abcd1";
    private final String testTopic2 = "abcd2";
    private final String testTopic3 = "abcd3";
    private final String userType = "User:";
    private final String userResourceId2 = "u-2";
    private final String userResourceId3 = "u-3";
    private final String userResourceId4 = "u-4";
    private final String userId2 = "2";
    private final String userId3 = "3";
    private final String userId4 = "4";
    private final List<NewTopic> sampleTopics = Collections.singletonList(new NewTopic("abcd1", 3, 1));

    @BeforeEach
    public void setUp(TestInfo testInfo) throws Exception {
        this.testHarness = new IntegrationTestHarness(testInfo, 3);
        this.destTestHarness = new IntegrationTestHarness(testInfo, 3);
        long millis = 15000 + TimeUnit.SECONDS.toMillis(3L);
        this.physicalCluster = this.testHarness.startWithTopic(Arrays.asList("_confluent-apikey", "_confluent-user_metadata"), 1, 1, 15000L, brokerProps(millis, "0"), controllerProps(millis, "0"), Optional.empty());
        this.destPhysicalCluster = this.destTestHarness.startWithTopic(Arrays.asList("_confluent-apikey", "_confluent-user_metadata"), 1, 1, 15000L, brokerProps(millis, "100"), controllerProps(millis, "100"), Optional.empty());
        this.physicalCluster.createLogicalCluster(this.logicalClusterId, 100, 1, 2);
        this.destPhysicalCluster.createLogicalCluster(this.destLogicalClusterId, 100, 1, 2);
        loadApiKeys(this.physicalCluster, "/file_auth_test_apikeys.json", "APIKEY1");
        loadApiKeys(this.physicalCluster, "/service_account_apikey_2.json", "APIKEY2");
        loadApiKeys(this.physicalCluster, "/service_account_apikey_3.json", "APIKEY3");
        loadApiKeys(this.physicalCluster, "/service_account_apikey_4.json", "APIKEY4");
        loadApiKeys(this.destPhysicalCluster, "/admin_account_apikey_1.json", "APIKEY1");
        loadUserMetaData();
    }

    private void loadUserMetaData() {
        this.userMetadataSequenceId = 0;
        List asList = Arrays.asList(KEY2, KEY4, KEY5);
        List asList2 = Arrays.asList(VALUE2, VALUE4, VALUE5);
        for (int i = 0; i < asList.size(); i++) {
            EmbeddedKafkaCluster kafkaCluster = this.physicalCluster.kafkaCluster();
            int i2 = this.userMetadataSequenceId + 1;
            this.userMetadataSequenceId = i2;
            kafkaCluster.produceData("_confluent-user_metadata", i2, (String) asList.get(i), (String) asList2.get(i));
            EmbeddedKafkaCluster kafkaCluster2 = this.destPhysicalCluster.kafkaCluster();
            int i3 = this.userMetadataSequenceId + 1;
            this.userMetadataSequenceId = i3;
            kafkaCluster2.produceData("_confluent-user_metadata", i3, (String) asList.get(i), (String) asList2.get(i));
        }
    }

    @AfterEach
    public void tearDown() throws Exception {
        this.testHarness.shutdown();
        this.destTestHarness.shutdown();
    }

    private Properties brokerProps(long j, String str) throws IOException {
        Properties properties = new Properties();
        properties.put("listeners", "INTERNAL://localhost:0, EXTERNAL://localhost:0");
        properties.put("advertised.listeners", "INTERNAL://localhost:0, EXTERNAL://localhost:0");
        properties.put("listener.security.protocol.map", "INTERNAL:PLAINTEXT, EXTERNAL:SASL_PLAINTEXT");
        properties.put("broker.id", str);
        properties.putAll(commonProps(j));
        return properties;
    }

    private Properties controllerProps(long j, String str) throws IOException {
        Properties properties = new Properties();
        properties.put("node.id", str);
        properties.putAll(commonProps(j));
        return properties;
    }

    private Properties commonProps(long j) throws IOException {
        Properties properties = new Properties();
        properties.put("sasl.enabled.mechanisms", Collections.singletonList("PLAIN"));
        properties.put("listener.name.external.principal.builder.class", MultiTenantPrincipalBuilder.class.getName());
        properties.put("listener.name.external.confluent.security.event.logger.authentication.enable", "true");
        properties.put(KafkaConfig$.MODULE$.AuthorizerClassNameProp(), MultiTenantAuthorizer.class.getName());
        properties.put("confluent.security.event.logger.multitenant.enable", "true");
        properties.put("listener.name.external.plain.sasl.jaas.config", "io.confluent.kafka.server.plugins.auth.TopicBasedLoginModule required;");
        properties.put("confluent.multitenant.listener.names", "EXTERNAL");
        properties.put("confluent.cdc.api.keys.topic", "_confluent-apikey");
        properties.put("confluent.cdc.api.keys.topic.load.timeout.ms", String.valueOf(j));
        properties.put(MockAuditLogProvider.AUDIT_PROVIDER_CONFIG, "TEST");
        properties.put("confluent.close.connections.on.credential.delete", "true");
        properties.put("multitenant.authorizer.support.resource.ids", "true");
        properties.put("confluent.cdc.user.metadata.enable", "true");
        properties.put("confluent.cluster.link.enable", "true");
        properties.put(KafkaConfig$.MODULE$.PasswordEncoderSecretProp(), "link-secret");
        properties.put("confluent.max.acls.per.tenant", "100");
        return properties;
    }

    @ValueSource(strings = {"zk", "kraft"})
    @ParameterizedTest(name = "{displayName}.quorum={0}")
    public void testCreateAcls(String str) throws Exception {
        AdminClient createPlainAuthAdminClient;
        Throwable th;
        AdminClient createPlainAuthAdminClient2;
        Throwable th2;
        AdminClient createPlainAuthAdminClient3;
        Throwable th3;
        AdminClient createPlainAuthAdminClient4;
        Throwable th4;
        Throwable th5;
        AdminClient createPlainAuthAdminClient5 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1"));
        Throwable th6 = null;
        try {
            AdminClient createPlainAuthAdminClient6 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
            Throwable th7 = null;
            try {
                try {
                    TestUtils.assertFutureError(createPlainAuthAdminClient6.createTopics(topicsList("topic1")).all(), TopicAuthorizationException.class);
                    if (createPlainAuthAdminClient6 != null) {
                        if (0 != 0) {
                            try {
                                createPlainAuthAdminClient6.close();
                            } catch (Throwable th8) {
                                th7.addSuppressed(th8);
                            }
                        } else {
                            createPlainAuthAdminClient6.close();
                        }
                    }
                    createPlainAuthAdminClient5.createAcls(Collections.singleton(topicAcl("2", "topic1"))).all().get();
                    AdminClient createPlainAuthAdminClient7 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
                    Throwable th9 = null;
                    try {
                        try {
                            TestUtils.retryOnExceptionWithTimeout(() -> {
                            });
                            List list = (List) topicsList("topic1").stream().map((v0) -> {
                                return v0.name();
                            }).collect(Collectors.toList());
                            TestUtils.retryOnExceptionWithTimeout(() -> {
                                Assertions.assertTrue(((Set) createPlainAuthAdminClient7.listTopics().names().get()).containsAll(list));
                            });
                            if (createPlainAuthAdminClient7 != null) {
                                if (0 != 0) {
                                    try {
                                        createPlainAuthAdminClient7.close();
                                    } catch (Throwable th10) {
                                        th9.addSuppressed(th10);
                                    }
                                } else {
                                    createPlainAuthAdminClient7.close();
                                }
                            }
                            createPlainAuthAdminClient = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
                            th = null;
                        } catch (Throwable th11) {
                            th9 = th11;
                            throw th11;
                        }
                    } finally {
                        if (createPlainAuthAdminClient7 != null) {
                            if (th9 != null) {
                                try {
                                    createPlainAuthAdminClient7.close();
                                } catch (Throwable th12) {
                                    th9.addSuppressed(th12);
                                }
                            } else {
                                createPlainAuthAdminClient7.close();
                            }
                        }
                    }
                } catch (Throwable th13) {
                    th7 = th13;
                    throw th13;
                }
                try {
                    try {
                        TestUtils.assertFutureError(createPlainAuthAdminClient.createTopics(topicsList("topic2")).all(), TopicAuthorizationException.class);
                        if (createPlainAuthAdminClient != null) {
                            if (0 != 0) {
                                try {
                                    createPlainAuthAdminClient.close();
                                } catch (Throwable th14) {
                                    th.addSuppressed(th14);
                                }
                            } else {
                                createPlainAuthAdminClient.close();
                            }
                        }
                        createPlainAuthAdminClient5.createAcls(Collections.singleton(topicAcl("2", "topic2"))).all().get();
                        createPlainAuthAdminClient2 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
                        th2 = null;
                    } catch (Throwable th15) {
                        th = th15;
                        throw th15;
                    }
                    try {
                        try {
                            TestUtils.retryOnExceptionWithTimeout(() -> {
                            });
                            List list2 = (List) topicsList("topic2").stream().map((v0) -> {
                                return v0.name();
                            }).collect(Collectors.toList());
                            TestUtils.retryOnExceptionWithTimeout(() -> {
                                Assertions.assertTrue(((Set) createPlainAuthAdminClient2.listTopics().names().get()).containsAll(list2));
                            });
                            if (createPlainAuthAdminClient2 != null) {
                                if (0 != 0) {
                                    try {
                                        createPlainAuthAdminClient2.close();
                                    } catch (Throwable th16) {
                                        th2.addSuppressed(th16);
                                    }
                                } else {
                                    createPlainAuthAdminClient2.close();
                                }
                            }
                            createPlainAuthAdminClient3 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY3", "pwd3"));
                            th3 = null;
                        } catch (Throwable th17) {
                            th2 = th17;
                            throw th17;
                        }
                        try {
                            try {
                                TestUtils.assertFutureError(createPlainAuthAdminClient3.createTopics(topicsList("topic3")).all(), TopicAuthorizationException.class);
                                if (createPlainAuthAdminClient3 != null) {
                                    if (0 != 0) {
                                        try {
                                            createPlainAuthAdminClient3.close();
                                        } catch (Throwable th18) {
                                            th3.addSuppressed(th18);
                                        }
                                    } else {
                                        createPlainAuthAdminClient3.close();
                                    }
                                }
                                createPlainAuthAdminClient5.createAcls(Collections.singleton(topicAcl("3", "topic3"))).all().get();
                                AdminClient createPlainAuthAdminClient8 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY3", "pwd3"));
                                Throwable th19 = null;
                                try {
                                    try {
                                        TestUtils.retryOnExceptionWithTimeout(() -> {
                                        });
                                        List list3 = (List) topicsList("topic3").stream().map((v0) -> {
                                            return v0.name();
                                        }).collect(Collectors.toList());
                                        TestUtils.retryOnExceptionWithTimeout(() -> {
                                            Assertions.assertTrue(((Set) createPlainAuthAdminClient8.listTopics().names().get()).containsAll(list3));
                                        });
                                        if (createPlainAuthAdminClient8 != null) {
                                            if (0 != 0) {
                                                try {
                                                    createPlainAuthAdminClient8.close();
                                                } catch (Throwable th20) {
                                                    th19.addSuppressed(th20);
                                                }
                                            } else {
                                                createPlainAuthAdminClient8.close();
                                            }
                                        }
                                        createPlainAuthAdminClient4 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
                                        th4 = null;
                                    } catch (Throwable th21) {
                                        th19 = th21;
                                        throw th21;
                                    }
                                } finally {
                                    if (createPlainAuthAdminClient8 != null) {
                                        if (th19 != null) {
                                            try {
                                                createPlainAuthAdminClient8.close();
                                            } catch (Throwable th22) {
                                                th19.addSuppressed(th22);
                                            }
                                        } else {
                                            createPlainAuthAdminClient8.close();
                                        }
                                    }
                                }
                            } catch (Throwable th23) {
                                th3 = th23;
                                throw th23;
                            }
                            try {
                                try {
                                    TestUtils.assertFutureError(createPlainAuthAdminClient4.createTopics(topicsList("topic4")).all(), TopicAuthorizationException.class);
                                    if (createPlainAuthAdminClient4 != null) {
                                        if (0 != 0) {
                                            try {
                                                createPlainAuthAdminClient4.close();
                                            } catch (Throwable th24) {
                                                th4.addSuppressed(th24);
                                            }
                                        } else {
                                            createPlainAuthAdminClient4.close();
                                        }
                                    }
                                    createPlainAuthAdminClient5.createAcls(Collections.singleton(topicAcl("*", "topic4"))).all().get();
                                    createPlainAuthAdminClient6 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
                                    th5 = null;
                                } catch (Throwable th25) {
                                    th4 = th25;
                                    throw th25;
                                }
                                try {
                                    try {
                                        TestUtils.retryOnExceptionWithTimeout(() -> {
                                        });
                                        List list4 = (List) topicsList("topic4").stream().map((v0) -> {
                                            return v0.name();
                                        }).collect(Collectors.toList());
                                        TestUtils.retryOnExceptionWithTimeout(() -> {
                                            Assertions.assertTrue(((Set) createPlainAuthAdminClient6.listTopics().names().get()).containsAll(list4));
                                        });
                                        if (createPlainAuthAdminClient6 != null) {
                                            if (0 != 0) {
                                                try {
                                                    createPlainAuthAdminClient6.close();
                                                } catch (Throwable th26) {
                                                    th5.addSuppressed(th26);
                                                }
                                            } else {
                                                createPlainAuthAdminClient6.close();
                                            }
                                        }
                                        if (createPlainAuthAdminClient5 != null) {
                                            if (0 == 0) {
                                                createPlainAuthAdminClient5.close();
                                                return;
                                            }
                                            try {
                                                createPlainAuthAdminClient5.close();
                                            } catch (Throwable th27) {
                                                th6.addSuppressed(th27);
                                            }
                                        }
                                    } catch (Throwable th28) {
                                        th5 = th28;
                                        throw th28;
                                    }
                                } finally {
                                }
                            } finally {
                            }
                        } finally {
                            if (createPlainAuthAdminClient3 != null) {
                                if (th3 != null) {
                                    try {
                                        createPlainAuthAdminClient3.close();
                                    } catch (Throwable th29) {
                                        th3.addSuppressed(th29);
                                    }
                                } else {
                                    createPlainAuthAdminClient3.close();
                                }
                            }
                        }
                    } finally {
                        if (createPlainAuthAdminClient2 != null) {
                            if (th2 != null) {
                                try {
                                    createPlainAuthAdminClient2.close();
                                } catch (Throwable th30) {
                                    th2.addSuppressed(th30);
                                }
                            } else {
                                createPlainAuthAdminClient2.close();
                            }
                        }
                    }
                } finally {
                    if (createPlainAuthAdminClient != null) {
                        if (th != null) {
                            try {
                                createPlainAuthAdminClient.close();
                            } catch (Throwable th31) {
                                th.addSuppressed(th31);
                            }
                        } else {
                            createPlainAuthAdminClient.close();
                        }
                    }
                }
            } finally {
                if (createPlainAuthAdminClient6 != null) {
                    if (th7 != null) {
                        try {
                            createPlainAuthAdminClient6.close();
                        } catch (Throwable th32) {
                            th7.addSuppressed(th32);
                        }
                    } else {
                        createPlainAuthAdminClient6.close();
                    }
                }
            }
        } catch (Throwable th33) {
            if (createPlainAuthAdminClient5 != null) {
                if (0 != 0) {
                    try {
                        createPlainAuthAdminClient5.close();
                    } catch (Throwable th34) {
                        th6.addSuppressed(th34);
                    }
                } else {
                    createPlainAuthAdminClient5.close();
                }
            }
            throw th33;
        }
    }

    @ValueSource(strings = {"zk", "kraft"})
    @ParameterizedTest(name = "{displayName}.quorum={0}")
    public void testWildCardAcls(String str) throws Exception {
        AdminClient createPlainAuthAdminClient = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1"));
        Throwable th = null;
        try {
            try {
                TestUtils.assertFutureError(createPlainAuthAdminClient.createAcls(Collections.singleton(new AclBinding(new ResourcePattern(ResourceType.TOPIC, "*", PatternType.PREFIXED), new AccessControlEntry(new KafkaPrincipal("User", "*").toString(), "*", AclOperation.ALL, AclPermissionType.ALLOW)))).all(), InvalidRequestException.class);
                AclBinding aclBinding = new AclBinding(new ResourcePattern(ResourceType.TOPIC, "*", PatternType.LITERAL), new AccessControlEntry(new KafkaPrincipal("User", "4").toString(), "*", AclOperation.ALL, AclPermissionType.ALLOW));
                createPlainAuthAdminClient.createAcls(Collections.singleton(aclBinding)).all().get();
                TestUtils.retryOnExceptionWithTimeout(() -> {
                    Assertions.assertEquals((Collection) createPlainAuthAdminClient.describeAcls(topicFilter("4")).values().get(), Collections.singletonList(aclBinding));
                });
                AclBinding aclBinding2 = new AclBinding(new ResourcePattern(ResourceType.TOPIC, "..", PatternType.PREFIXED), new AccessControlEntry(new KafkaPrincipal("User", "4").toString(), "*", AclOperation.ALL, AclPermissionType.ALLOW));
                createPlainAuthAdminClient.createAcls(Collections.singleton(aclBinding2)).all().get();
                TestUtils.retryOnExceptionWithTimeout(() -> {
                    Assertions.assertTrue(((Collection) createPlainAuthAdminClient.describeAcls(topicFilter("4")).values().get()).containsAll(Arrays.asList(aclBinding, aclBinding2)));
                });
                if (createPlainAuthAdminClient != null) {
                    if (0 == 0) {
                        createPlainAuthAdminClient.close();
                        return;
                    }
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createPlainAuthAdminClient != null) {
                if (th != null) {
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createPlainAuthAdminClient.close();
                }
            }
            throw th4;
        }
    }

    @ValueSource(strings = {"zk", "kraft"})
    @ParameterizedTest(name = "{displayName}.quorum={0}")
    public void testDescribeAcls(String str) throws Exception {
        AclBinding aclBinding = topicAcl("2");
        AclBinding aclBinding2 = topicAcl("3");
        AclBinding aclBinding3 = topicAcl("*");
        ArrayList arrayList = new ArrayList(Arrays.asList(aclBinding, aclBinding2, aclBinding3));
        ArrayList arrayList2 = new ArrayList(Arrays.asList(topicAcl("u-2"), aclBinding2, aclBinding3));
        AdminClient createPlainAuthAdminClient = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1"));
        Throwable th = null;
        try {
            try {
                createPlainAuthAdminClient.createAcls(new ArrayList(Arrays.asList(aclBinding, aclBinding2, aclBinding3))).all().get();
                TestUtils.retryOnExceptionWithTimeout(() -> {
                    Collection<?> collection = (Collection) createPlainAuthAdminClient.describeAcls(AclBindingFilter.ANY).values().get();
                    Assertions.assertEquals(arrayList.size(), collection.size());
                    Assertions.assertTrue(arrayList.containsAll(collection));
                    Assertions.assertEquals(topicAcl("u-2"), Iterables.getOnlyElement((Iterable) createPlainAuthAdminClient.describeAcls(topicFilter("u-2")).values().get()));
                    Assertions.assertEquals(aclBinding, Iterables.getOnlyElement((Iterable) createPlainAuthAdminClient.describeAcls(topicFilter("2")).values().get()));
                    Collection<?> collection2 = (Collection) createPlainAuthAdminClient.describeAcls(topicFilter("*", "UserV2")).values().get();
                    Assertions.assertEquals(arrayList2.size(), collection2.size());
                    Assertions.assertTrue(arrayList2.containsAll(collection2));
                    Collection<?> collection3 = (Collection) createPlainAuthAdminClient.describeAcls(topicFilter(AclOperation.ALL)).values().get();
                    Assertions.assertEquals(arrayList.size(), collection3.size());
                    Assertions.assertTrue(arrayList.containsAll(collection3));
                });
                if (createPlainAuthAdminClient != null) {
                    if (0 == 0) {
                        createPlainAuthAdminClient.close();
                        return;
                    }
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createPlainAuthAdminClient != null) {
                if (th != null) {
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createPlainAuthAdminClient.close();
                }
            }
            throw th4;
        }
    }

    @ValueSource(strings = {"zk", "kraft"})
    @ParameterizedTest(name = "{displayName}.quorum={0}")
    public void testDeleteAcls(String str) throws Exception {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < 5; i++) {
            arrayList.add(topicAcl("2", "abcd1" + i));
            arrayList.add(topicAcl("u-2", "abcd2" + i));
            arrayList.add(topicAcl("3", "abcd1" + i));
            arrayList.add(topicAcl("4", "abcd1" + i));
            arrayList.add(topicAcl("u-4", "abcd2" + i));
        }
        AdminClient createPlainAuthAdminClient = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1"));
        Throwable th = null;
        try {
            List asList = Arrays.asList(topicFilter("2"), topicFilter("u-2"), topicFilter("u-3"), topicFilter("4"));
            createPlainAuthAdminClient.createAcls(arrayList).all().get();
            Map values = createPlainAuthAdminClient.deleteAcls(asList).values();
            this.testHarness.ensureKraftMetadataConsistent();
            int i2 = 0;
            while (i2 < 4) {
                DeleteAclsResult.FilterResults filterResults = (DeleteAclsResult.FilterResults) ((KafkaFuture) values.get(asList.get(i2))).get();
                Set set = (Set) filterResults.values().stream().map(filterResult -> {
                    return filterResult.binding().entry().principal();
                }).collect(Collectors.toSet());
                Assertions.assertTrue(set.size() == (i2 == 2 ? 0 : 1));
                switch (i2 + 1) {
                    case 1:
                        Assertions.assertTrue(filterResults.values().size() == 5 && set.contains(principal("2")));
                        break;
                    case 2:
                        Assertions.assertTrue(filterResults.values().size() == 5 && set.contains(principal("u-2")));
                        break;
                    case 3:
                        Assertions.assertTrue(filterResults.values().size() == 0);
                        break;
                    case 4:
                        Assertions.assertTrue(filterResults.values().size() == 10 && set.contains(principal("4")));
                        break;
                }
                i2++;
            }
            createPlainAuthAdminClient.createAcls(arrayList).all().get();
            Collection collection = (Collection) createPlainAuthAdminClient.deleteAcls(Arrays.asList(AclBindingFilter.ANY)).all().get();
            Set set2 = (Set) collection.stream().map(aclBinding -> {
                return aclBinding.entry().principal();
            }).collect(Collectors.toSet());
            Assertions.assertTrue(collection.size() == 25 && set2.size() == 3 && set2.containsAll(Arrays.asList(principal("2"), principal("3"), principal("4"))));
            createPlainAuthAdminClient.createAcls(arrayList).all().get();
            Collection collection2 = (Collection) createPlainAuthAdminClient.deleteAcls(Arrays.asList(topicFilter("*", "UserV2"))).all().get();
            Set set3 = (Set) collection2.stream().map(aclBinding2 -> {
                return aclBinding2.entry().principal();
            }).collect(Collectors.toSet());
            Assertions.assertTrue(collection2.size() == 25 && set3.size() == 3 && set3.containsAll(Arrays.asList(principal("u-2"), principal("3"), principal("u-4"))));
            if (createPlainAuthAdminClient != null) {
                if (0 == 0) {
                    createPlainAuthAdminClient.close();
                    return;
                }
                try {
                    createPlainAuthAdminClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (createPlainAuthAdminClient != null) {
                if (0 != 0) {
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    createPlainAuthAdminClient.close();
                }
            }
            throw th3;
        }
    }

    private String principal(String str) {
        return "User:" + str;
    }

    @Disabled
    @ValueSource(strings = {"zk", "kraft"})
    @ParameterizedTest(name = "{displayName}.quorum={0}")
    public void testUserResourceIdWithAdminClient(String str) throws Exception {
        Throwable th;
        Throwable th2;
        AclBinding aclBinding = topicAcl("u-2");
        AclBindingFilter aclBindingFilter = topicFilter("u-2");
        AdminClient createPlainAuthAdminClient = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1"));
        Throwable th3 = null;
        try {
            Assertions.assertTrue(((Collection) createPlainAuthAdminClient.describeAcls(aclBindingFilter).values().get()).isEmpty());
            AdminClient createPlainAuthAdminClient2 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
            Throwable th4 = null;
            try {
                try {
                    TestUtils.assertFutureError(createPlainAuthAdminClient2.createTopics(this.sampleTopics).all(), TopicAuthorizationException.class);
                    if (createPlainAuthAdminClient2 != null) {
                        if (0 != 0) {
                            try {
                                createPlainAuthAdminClient2.close();
                            } catch (Throwable th5) {
                                th4.addSuppressed(th5);
                            }
                        } else {
                            createPlainAuthAdminClient2.close();
                        }
                    }
                    createPlainAuthAdminClient.createAcls(Collections.singleton(aclBinding)).all().get();
                    Assertions.assertEquals(1, ((Collection) createPlainAuthAdminClient.describeAcls(aclBindingFilter).values().get()).size());
                    createPlainAuthAdminClient2 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
                    th = null;
                } catch (Throwable th6) {
                    th4 = th6;
                    throw th6;
                }
                try {
                    try {
                        createPlainAuthAdminClient2.createTopics(this.sampleTopics).all().get();
                        Assertions.assertTrue(((Set) createPlainAuthAdminClient2.listTopics().names().get()).containsAll((List) this.sampleTopics.stream().map((v0) -> {
                            return v0.name();
                        }).collect(Collectors.toList())));
                        if (createPlainAuthAdminClient2 != null) {
                            if (0 != 0) {
                                try {
                                    createPlainAuthAdminClient2.close();
                                } catch (Throwable th7) {
                                    th.addSuppressed(th7);
                                }
                            } else {
                                createPlainAuthAdminClient2.close();
                            }
                        }
                        createPlainAuthAdminClient.deleteAcls(Collections.singleton(aclBindingFilter)).all().get();
                        Assertions.assertTrue(((Collection) createPlainAuthAdminClient.describeAcls(aclBindingFilter).values().get()).isEmpty());
                        createPlainAuthAdminClient2 = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY2", "pwd2"));
                        th2 = null;
                    } catch (Throwable th8) {
                        th = th8;
                        throw th8;
                    }
                    try {
                        try {
                            TestUtils.assertFutureError(createPlainAuthAdminClient2.describeTopics(Collections.singletonList("abcd1")).allTopicNames(), TopicAuthorizationException.class);
                            if (createPlainAuthAdminClient2 != null) {
                                if (0 != 0) {
                                    try {
                                        createPlainAuthAdminClient2.close();
                                    } catch (Throwable th9) {
                                        th2.addSuppressed(th9);
                                    }
                                } else {
                                    createPlainAuthAdminClient2.close();
                                }
                            }
                            if (createPlainAuthAdminClient != null) {
                                if (0 == 0) {
                                    createPlainAuthAdminClient.close();
                                    return;
                                }
                                try {
                                    createPlainAuthAdminClient.close();
                                } catch (Throwable th10) {
                                    th3.addSuppressed(th10);
                                }
                            }
                        } catch (Throwable th11) {
                            th2 = th11;
                            throw th11;
                        }
                    } finally {
                    }
                } finally {
                }
            } finally {
                if (createPlainAuthAdminClient2 != null) {
                    if (th4 != null) {
                        try {
                            createPlainAuthAdminClient2.close();
                        } catch (Throwable th12) {
                            th4.addSuppressed(th12);
                        }
                    } else {
                        createPlainAuthAdminClient2.close();
                    }
                }
            }
        } catch (Throwable th13) {
            if (createPlainAuthAdminClient != null) {
                if (0 != 0) {
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th14) {
                        th3.addSuppressed(th14);
                    }
                } else {
                    createPlainAuthAdminClient.close();
                }
            }
            throw th13;
        }
    }

    @Test
    public void testDynamicConfig() throws ExecutionException, InterruptedException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(topicAcl("2", "abcd1"));
        arrayList.add(topicAcl("u-2", "abcd2"));
        arrayList.add(topicAcl("u-2", "abcd3"));
        arrayList.add(topicAcl("3", "abcd1"));
        AdminClient createPlainAuthAdminClient = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1"));
        Throwable th = null;
        try {
            try {
                createPlainAuthAdminClient.createAcls(arrayList).all().get();
                AclBindingFilter aclBindingFilter = topicFilter("2");
                AclBindingFilter aclBindingFilter2 = topicFilter("3");
                Assertions.assertTrue(((Collection) createPlainAuthAdminClient.describeAcls(aclBindingFilter).values().get()).size() == 3 && ((Collection) createPlainAuthAdminClient.describeAcls(aclBindingFilter2).values().get()).size() == 1);
                updateResourceIdInAclConfig(createPlainAuthAdminClient, "false");
                TestUtils.retryOnExceptionWithTimeout(() -> {
                    Assertions.assertTrue(((Collection) createPlainAuthAdminClient.describeAcls(aclBindingFilter).values().get()).size() == 1 && ((Collection) createPlainAuthAdminClient.describeAcls(aclBindingFilter2).values().get()).size() == 1);
                });
                updateResourceIdInAclConfig(createPlainAuthAdminClient, "true");
                TestUtils.retryOnExceptionWithTimeout(() -> {
                    Assertions.assertTrue(((Collection) createPlainAuthAdminClient.describeAcls(aclBindingFilter).values().get()).size() == 3 && ((Collection) createPlainAuthAdminClient.describeAcls(aclBindingFilter2).values().get()).size() == 1);
                });
                if (createPlainAuthAdminClient != null) {
                    if (0 == 0) {
                        createPlainAuthAdminClient.close();
                        return;
                    }
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createPlainAuthAdminClient != null) {
                if (th != null) {
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createPlainAuthAdminClient.close();
                }
            }
            throw th4;
        }
    }

    @ValueSource(strings = {"zk", "kraft"})
    @ParameterizedTest(name = "{displayName}.quorum={0}")
    public void testResourceIdSupportInKafkaCli(String str) throws Exception {
        String clientPlainJaasConfig = IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1");
        topicAclCommandBuilder("2", "abcd1", clientPlainJaasConfig).execute();
        topicAclCommandBuilder("u-2", "abcd2", clientPlainJaasConfig).execute();
        topicAclCommandBuilder("u-2", "abcd3", clientPlainJaasConfig).execute();
        topicAclCommandBuilder("4", "abcd1", clientPlainJaasConfig).execute();
        TestUtils.retryOnExceptionWithTimeout(() -> {
            String executeAndGrabOutput = this.physicalCluster.newAclCommandWithExternalListener(clientPlainJaasConfig).customCommand(Arrays.asList("--add", "--resource-pattern-type=" + PatternType.LITERAL.name(), "--topic=abcd1", "--operation=" + SecurityUtils.operationName(AclOperation.READ), "--allow-principal=" + new KafkaPrincipal("User", "3"), "--resource-id")).executeAndGrabOutput();
            Assertions.assertTrue(executeAndGrabOutput.split("User:u-2", -1).length == 2 && executeAndGrabOutput.split("User:u-4", -1).length == 2 && executeAndGrabOutput.split("User:3", -1).length == 3);
            String executeAndGrabOutput2 = this.physicalCluster.newAclCommandWithExternalListener(clientPlainJaasConfig).customCommand(Arrays.asList("--list", "--resource-id")).executeAndGrabOutput();
            Assertions.assertTrue(executeAndGrabOutput2.split("User:u-2", -1).length == 4 && executeAndGrabOutput2.split("User:3", -1).length == 2);
            String executeAndGrabOutput3 = this.physicalCluster.newAclCommandWithExternalListener(clientPlainJaasConfig).customCommand(Arrays.asList("--list", "--principal=User:u-2", "--resource-id")).executeAndGrabOutput();
            Assertions.assertTrue(executeAndGrabOutput3.split("User:u-2", -1).length == 5 && executeAndGrabOutput3.split("User:3", -1).length == 1);
            String executeAndGrabOutput4 = this.physicalCluster.newAclCommandWithExternalListener(clientPlainJaasConfig).customCommand(Arrays.asList("--list", "--principal=User:3", "--resource-id")).executeAndGrabOutput();
            Assertions.assertTrue(executeAndGrabOutput4.split("User:u-2", -1).length == 1 && executeAndGrabOutput4.split("User:3", -1).length == 3);
        });
    }

    @ValueSource(strings = {"zk", "kraft"})
    @ParameterizedTest(name = "{displayName}.quorum={0}")
    public void testCreateSameAclWithDifferentId(String str) throws Exception {
        AdminClient createPlainAuthAdminClient = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1"));
        Throwable th = null;
        try {
            try {
                ArrayList arrayList = new ArrayList(Arrays.asList(topicAcl("u-2"), topicAcl("u-4"), topicAcl("pool-1")));
                createPlainAuthAdminClient.createAcls(Arrays.asList(topicAcl("2"), topicAcl("u-4"), topicAcl("pool-1"))).all().get();
                TestUtils.waitForCondition(() -> {
                    return ((Collection) createPlainAuthAdminClient.describeAcls(AclBindingFilter.ANY).values().get()).size() == 3;
                }, "ACL size should be equal to 3");
                createPlainAuthAdminClient.createAcls(Arrays.asList(topicAcl("u-2"), topicAcl("4"))).all().get();
                EmbeddedKafkaCluster kafkaCluster = this.physicalCluster.kafkaCluster();
                int i = this.userMetadataSequenceId + 1;
                this.userMetadataSequenceId = i;
                kafkaCluster.produceData("_confluent-user_metadata", i, KEY2, null);
                EmbeddedKafkaCluster kafkaCluster2 = this.physicalCluster.kafkaCluster();
                int i2 = this.userMetadataSequenceId + 1;
                this.userMetadataSequenceId = i2;
                kafkaCluster2.produceData("_confluent-user_metadata", i2, KEY4, null);
                TestUtils.retryOnExceptionWithTimeout(() -> {
                    Collection collection = (Collection) createPlainAuthAdminClient.describeAcls(AclBindingFilter.ANY).values().get();
                    Assertions.assertTrue(collection.containsAll(arrayList));
                    Assertions.assertTrue(collection.size() == arrayList.size());
                });
                int i3 = 0;
                while (arrayList.size() < 100) {
                    arrayList.add(topicAcl("u-2", "abcd1" + i3));
                    i3++;
                }
                createPlainAuthAdminClient.createAcls(arrayList).all().get();
                EmbeddedKafkaCluster kafkaCluster3 = this.physicalCluster.kafkaCluster();
                int i4 = this.userMetadataSequenceId + 1;
                this.userMetadataSequenceId = i4;
                kafkaCluster3.produceData("_confluent-user_metadata", i4, KEY2, VALUE2);
                EmbeddedKafkaCluster kafkaCluster4 = this.physicalCluster.kafkaCluster();
                int i5 = this.userMetadataSequenceId + 1;
                this.userMetadataSequenceId = i5;
                kafkaCluster4.produceData("_confluent-user_metadata", i5, KEY4, VALUE4);
                TestUtils.retryOnExceptionWithTimeout(() -> {
                    createPlainAuthAdminClient.createAcls(Arrays.asList(topicAcl("2"))).all().get();
                });
                createPlainAuthAdminClient.createAcls(Arrays.asList(topicAcl("pool-1"))).all().get();
                createPlainAuthAdminClient.deleteAcls(Arrays.asList(topicAcl("u-4").toFilter())).all().get();
                createPlainAuthAdminClient.createAcls(Arrays.asList(topicAcl("4"))).all().get();
                TestUtils.assertFutureThrows(createPlainAuthAdminClient.createAcls(Arrays.asList(topicAcl("4", "abcd2"))).all(), InvalidRequestException.class);
                createPlainAuthAdminClient.createAcls(Arrays.asList(topicAcl("u-4"))).all().get();
                Assertions.assertTrue(((Collection) createPlainAuthAdminClient.describeAcls(AclBindingFilter.ANY).values().get()).size() == 100);
                if (createPlainAuthAdminClient != null) {
                    if (0 == 0) {
                        createPlainAuthAdminClient.close();
                        return;
                    }
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createPlainAuthAdminClient != null) {
                if (th != null) {
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createPlainAuthAdminClient.close();
                }
            }
            throw th4;
        }
    }

    @ValueSource(strings = {"zk"})
    public void testAclsWithMultipleClusterLinkIds(String str) throws Exception {
        AclBinding aclBinding = topicAcl("4", "abcd1");
        AclBinding aclBinding2 = topicAcl("u-4", "abcd1");
        AdminClient createPlainAuthAdminClient = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1"));
        Throwable th = null;
        try {
            ConfluentAdmin createPlainAuthAdminClient2 = this.destTestHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1"));
            Throwable th2 = null;
            try {
                this.destConfluentAdmin = createPlainAuthAdminClient2;
                this.linkId = createClusterLink(LINK_NAME_1, ACL_FILTER_FOR_USER_V_2);
                createPlainAuthAdminClient.createAcls(Arrays.asList(aclBinding)).all().get();
                this.destConfluentAdmin.createAcls(Arrays.asList(aclBinding)).all().get();
                waitForDestAcls(Arrays.asList(addLinkId(aclBinding, this.linkId, Uuid.ZERO_UUID)));
                createPlainAuthAdminClient.deleteAcls(Arrays.asList(aclBinding2.toFilter())).all().get();
                waitForDestAcls(Arrays.asList(aclBinding));
                this.destConfluentAdmin.deleteAcls(Arrays.asList(aclBinding.toFilter())).all().get();
                createPlainAuthAdminClient.createAcls(Arrays.asList(aclBinding)).all().get();
                waitForDestAcls(Arrays.asList(addLinkId(aclBinding, this.linkId)));
                this.destConfluentAdmin.deleteClusterLinks(Arrays.asList(LINK_NAME_1), new DeleteClusterLinksOptions()).all().get();
                waitForDestAcls(Arrays.asList(aclBinding));
                if (createPlainAuthAdminClient2 != null) {
                    if (0 != 0) {
                        try {
                            createPlainAuthAdminClient2.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        createPlainAuthAdminClient2.close();
                    }
                }
                if (createPlainAuthAdminClient != null) {
                    if (0 == 0) {
                        createPlainAuthAdminClient.close();
                        return;
                    }
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                }
            } catch (Throwable th5) {
                if (createPlainAuthAdminClient2 != null) {
                    if (0 != 0) {
                        try {
                            createPlainAuthAdminClient2.close();
                        } catch (Throwable th6) {
                            th2.addSuppressed(th6);
                        }
                    } else {
                        createPlainAuthAdminClient2.close();
                    }
                }
                throw th5;
            }
        } catch (Throwable th7) {
            if (createPlainAuthAdminClient != null) {
                if (0 != 0) {
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    createPlainAuthAdminClient.close();
                }
            }
            throw th7;
        }
    }

    @ValueSource(strings = {"zk"})
    @ParameterizedTest(name = "{displayName}.quorum={0}")
    public void testAclSyncWithResourceId(String str) throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(topicAcl("2", "abcd1"));
        arrayList.add(topicAcl("2", "abcd2"));
        arrayList.add(topicAcl("pool-1", "abcd1"));
        arrayList.add(topicAcl("pool-1", "abcd3"));
        arrayList.add(topicAcl("4", "abcd3"));
        arrayList.add(topicAcl("4", "abcd2"));
        AdminClient createPlainAuthAdminClient = this.testHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1"));
        Throwable th = null;
        try {
            ConfluentAdmin createPlainAuthAdminClient2 = this.destTestHarness.createPlainAuthAdminClient(IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1"));
            Throwable th2 = null;
            try {
                try {
                    this.destConfluentAdmin = createPlainAuthAdminClient2;
                    this.linkId = createClusterLink(LINK_NAME_1, ANY_ACL_FILTER);
                    createPlainAuthAdminClient.createAcls(arrayList).all().get();
                    waitForDestAcls((Collection) arrayList.stream().map(aclBinding -> {
                        return addLinkId(aclBinding, this.linkId);
                    }).collect(Collectors.toSet()));
                    updateAclFilterForClusterLink(ACL_FILTER_FOR_USER_2, LINK_NAME_1);
                    waitForDestAcls((Collection) arrayList.stream().map(aclBinding2 -> {
                        return aclBinding2.entry().principal().equals("User:2") ? addLinkId(aclBinding2, this.linkId) : aclBinding2;
                    }).collect(Collectors.toSet()));
                    createPlainAuthAdminClient.deleteAcls(Collections.singleton(AclBindingFilter.ANY)).all().get();
                    waitForDestAcls((Collection) arrayList.subList(2, arrayList.size()).stream().collect(Collectors.toSet()));
                    this.destConfluentAdmin.deleteAcls(Collections.singleton(AclBindingFilter.ANY)).all().get();
                    testAclSyncWithResourceIdFlagEnabledOnSrcAndDest(createPlainAuthAdminClient, arrayList);
                    if (createPlainAuthAdminClient2 != null) {
                        if (0 != 0) {
                            try {
                                createPlainAuthAdminClient2.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            createPlainAuthAdminClient2.close();
                        }
                    }
                    if (createPlainAuthAdminClient != null) {
                        if (0 == 0) {
                            createPlainAuthAdminClient.close();
                            return;
                        }
                        try {
                            createPlainAuthAdminClient.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th2 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (createPlainAuthAdminClient2 != null) {
                    if (th2 != null) {
                        try {
                            createPlainAuthAdminClient2.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        createPlainAuthAdminClient2.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (createPlainAuthAdminClient != null) {
                if (0 != 0) {
                    try {
                        createPlainAuthAdminClient.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    createPlainAuthAdminClient.close();
                }
            }
            throw th8;
        }
    }

    private void testAclSyncWithResourceIdFlagEnabledOnSrcAndDest(AdminClient adminClient, List<AclBinding> list) throws Exception {
        adminClient.createAcls(list).all().get();
        updateAclFilterForClusterLink(ANY_ACL_FILTER, LINK_NAME_1);
        waitForDestAcls((Collection) list.stream().map(aclBinding -> {
            return addLinkId(aclBinding, this.linkId);
        }).collect(Collectors.toSet()));
        updateAclFilterForClusterLink(ACL_FILTER_FOR_USER_V_2, LINK_NAME_1);
        waitForDestAcls((Collection) list.stream().map(aclBinding2 -> {
            return addLinkId(aclBinding2, this.linkId);
        }).collect(Collectors.toSet()));
        updateAclFilterForClusterLink(ACL_FILTER_FOR_USER_U_4_AND_POOL_ID, LINK_NAME_1);
        waitForDestAcls((Collection) list.stream().map(aclBinding3 -> {
            return aclBinding3.entry().principal().equals("User:2") ? aclBinding3 : addLinkId(aclBinding3, this.linkId);
        }).collect(Collectors.toSet()));
        updateAclFilterForClusterLink(ACL_FILTER_FOR_USER_4, LINK_NAME_1);
        waitForDestAcls((Collection) list.stream().map(aclBinding4 -> {
            return (aclBinding4.entry().principal().equals("User:2") || aclBinding4.entry().principal().equals("User:pool-1")) ? aclBinding4 : addLinkId(aclBinding4, this.linkId);
        }).collect(Collectors.toSet()));
        adminClient.deleteAcls(Collections.singleton(AclBindingFilter.ANY)).all().get();
        waitForDestAcls((Collection) list.subList(0, 4).stream().collect(Collectors.toSet()));
        this.destConfluentAdmin.deleteAcls(Collections.singleton(AclBindingFilter.ANY)).all().get();
    }

    private void updateAclFilterForClusterLink(String str, String str2) throws Exception {
        this.destConfluentAdmin.incrementalAlterConfigs(Collections.singletonMap(new ConfigResource(ConfigResource.Type.CLUSTER_LINK, str2), Collections.singleton(new AlterConfigOp(new ConfigEntry(ClusterLinkConfig.AclFiltersProp(), str), AlterConfigOp.OpType.SET)))).all().get(15L, TimeUnit.SECONDS);
    }

    private void waitForDestAcls(Collection<AclBinding> collection) throws Exception {
        TestUtils.waitForCondition(() -> {
            return equalAclBindings(describeAcls(this.destConfluentAdmin, AclBindingFilter.ANY), collection).booleanValue();
        }, () -> {
            return "expected acls " + collection + " got " + describeAcls(this.destConfluentAdmin, AclBindingFilter.ANY);
        });
    }

    private Boolean equalAclBindings(Collection<AclBinding> collection, Collection<AclBinding> collection2) {
        return Boolean.valueOf(collection.size() == collection2.size() && collection.containsAll(collection2));
    }

    private Collection<AclBinding> describeAcls(ConfluentAdmin confluentAdmin, AclBindingFilter aclBindingFilter) {
        try {
            return (Collection) confluentAdmin.describeAcls(aclBindingFilter).values().get();
        } catch (InterruptedException | ExecutionException e) {
            throw new RuntimeException(e);
        }
    }

    private Uuid createClusterLink(String str, String str2) throws ExecutionException, InterruptedException, TimeoutException {
        HashMap hashMap = new HashMap();
        Properties securityProps = KafkaTestUtils.securityProps(this.physicalCluster.bootstrapServers(), SecurityProtocol.SASL_PLAINTEXT, "PLAIN", IntegrationTestHarness.clientPlainJaasConfig("APIKEY1", "pwd1"));
        securityProps.stringPropertyNames().forEach(str3 -> {
        });
        hashMap.put("request.timeout.ms", "10000");
        hashMap.put("metadata.max.age.ms", "1000");
        hashMap.put(ClusterLinkConfig$.MODULE$.AclFiltersProp(), str2);
        hashMap.put(ClusterLinkConfig$.MODULE$.AclSyncEnableProp(), "true");
        hashMap.put(ClusterLinkConfig$.MODULE$.AclSyncMsProp(), "100");
        NewClusterLink newClusterLink = new NewClusterLink(str, Utils.LC_META_ABC.logicalClusterId(), hashMap);
        this.destConfluentAdmin.createClusterLinks(Collections.singleton(newClusterLink), new CreateClusterLinksOptions().validateOnly(false).validateLink(true)).all().get();
        return ((ClusterLinkListing) ((Collection) this.destConfluentAdmin.listClusterLinks(new ListClusterLinksOptions()).result().get(15L, TimeUnit.SECONDS)).stream().filter(clusterLinkListing -> {
            return clusterLinkListing.linkName().equals(str);
        }).iterator().next()).clusterLinkId();
    }

    private AclBinding addLinkId(AclBinding aclBinding, Uuid... uuidArr) {
        ArrayList arrayList = new ArrayList(aclBinding.entry().clusterLinkIds());
        arrayList.addAll(Arrays.asList(uuidArr));
        return new AclBinding(aclBinding.pattern(), new AccessControlEntry(aclBinding.entry().principal(), aclBinding.entry().host(), aclBinding.entry().operation(), aclBinding.entry().permissionType(), arrayList));
    }

    private void updateResourceIdInAclConfig(AdminClient adminClient, String str) throws InterruptedException, ExecutionException {
        ConfigResource configResource = new ConfigResource(ConfigResource.Type.BROKER, "");
        Set singleton = Collections.singleton(new AlterConfigOp(new ConfigEntry("multitenant.authorizer.support.resource.ids", str), AlterConfigOp.OpType.SET));
        adminClient.createAcls(Collections.singleton(topicAcl("u-5"))).all().get();
        adminClient.incrementalAlterConfigs(Collections.singletonMap(configResource, singleton)).all().get();
        TestUtils.retryOnExceptionWithTimeout(() -> {
            Assertions.assertTrue(((Collection) adminClient.describeAcls(topicFilter("5")).values().get()).size() == (str.equals("true") ? 1 : 0));
        });
        adminClient.deleteAcls(Collections.singleton(topicFilter("u-5"))).all().get();
    }

    private AclCommandBuilder topicAclCommandBuilder(String str, String str2, String str3) {
        return this.physicalCluster.newAclCommandWithExternalListener(str3).addTopicAclArgs(new KafkaPrincipal("User", str), str2, AclOperation.READ, PatternType.LITERAL);
    }

    private AclBinding topicAcl(String str) {
        return topicAcl(str, "abcd1");
    }

    private AclBinding topicAcl(String str, String str2) {
        return new AclBinding(new ResourcePattern(ResourceType.TOPIC, str2, PatternType.LITERAL), new AccessControlEntry(new KafkaPrincipal("User", str).toString(), "*", AclOperation.ALL, AclPermissionType.ALLOW));
    }

    private AclBindingFilter topicFilter(String str) {
        return topicFilter(str, "User");
    }

    private AclBindingFilter topicFilter(String str, String str2) {
        return new AclBindingFilter(new ResourcePatternFilter(ResourceType.ANY, (String) null, PatternType.ANY), new AccessControlEntryFilter(new KafkaPrincipal(str2, str).toString(), (String) null, AclOperation.ANY, AclPermissionType.ANY));
    }

    private AclBindingFilter topicFilter(AclOperation aclOperation) {
        return new AclBindingFilter(new ResourcePatternFilter(ResourceType.ANY, (String) null, PatternType.ANY), new AccessControlEntryFilter((String) null, (String) null, aclOperation, AclPermissionType.ANY));
    }

    private List<NewTopic> topicsList(String str) {
        return Collections.singletonList(new NewTopic(str, 3, (short) 1));
    }

    private void loadApiKeys(PhysicalCluster physicalCluster, String str, String str2) throws Exception {
        try {
            physicalCluster.kafkaCluster().produceApiKeysData("_confluent-apikey", str2, org.apache.kafka.common.utils.Utils.readFullyToString((BufferedInputStream) JarResourceLoader.loadFileFromResource(FileBasedPlainSaslAuthenticatorTest.class, str).toURI().toURL().getContent()), true);
        } catch (IOException e) {
            throw new Exception("Couldn't read apikeys content");
        }
    }
}
