package io.digdag.core.agent;

import com.google.common.base.Optional;
import io.digdag.client.config.Config;
import io.digdag.client.config.ConfigFactory;
import io.digdag.core.config.YamlConfigLoader;
import io.digdag.core.database.DatabaseFactory;
import io.digdag.core.database.DatabaseTestingUtils;
import io.digdag.spi.SecretAccessContext;
import io.digdag.spi.SecretStore;
import junitparams.JUnitParamsRunner;
import junitparams.Parameters;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;

@RunWith(JUnitParamsRunner.class)
/* loaded from: input_file:io/digdag/core/agent/DefaultSecretProviderTest.class */
public class DefaultSecretProviderTest {
    private static final YamlConfigLoader YAML_CONFIG_LOADER = new YamlConfigLoader();
    private static final ConfigFactory CONFIG_FACTORY = DatabaseTestingUtils.createConfigFactory();
    private static final int SITE_ID = 1;
    private static final int PROJECT_ID = 2;

    @Mock
    SecretStore secretStore;
    private DatabaseFactory databaseFactory;

    @Rule
    public final ExpectedException exception = ExpectedException.none();
    private final SecretAccessContext secretAccessContext = SecretAccessContext.builder().siteId(SITE_ID).projectId(PROJECT_ID).revision("foo").workflowName("bar").operatorType("baz").taskName("quux").build();

    @Before
    public void setUp() throws Exception {
        MockitoAnnotations.initMocks(this);
        this.databaseFactory = DatabaseTestingUtils.setupDatabase();
    }

    @Test
    public void testDefaultAccessibleSecret() throws Exception {
        Config createConfig = DatabaseTestingUtils.createConfig();
        Mockito.when(this.secretStore.getSecret(PROJECT_ID, "project", "foo")).thenReturn(Optional.of("foo-secret"));
        String secret = new DefaultSecretProvider(this.secretAccessContext, createConfig, this.secretStore).getSecret("foo");
        ((SecretStore) Mockito.verify(this.secretStore)).getSecret(PROJECT_ID, "project", "foo");
        MatcherAssert.assertThat(secret, Matchers.is("foo-secret"));
    }

    @Test
    @Parameters({"foo        | foo: true                  | foo", "foo        | foo: bar                   | bar", "foo.secret | foo: true                  | foo.secret", "foo.secret | foo: bar                   | bar.secret", "foo.a.b    | foo: {a: true}             | foo.a.b", "foo.a.b    | foo: {a: bar.a\\, b: quux} | bar.a.b"})
    public void testUserGrantedSecret(String str, String str2, String str3) throws Exception {
        Config config = YAML_CONFIG_LOADER.loadString(str2).toConfig(CONFIG_FACTORY);
        Mockito.when(this.secretStore.getSecret(PROJECT_ID, "project", str3)).thenReturn(Optional.of("the-secret"));
        String secret = new DefaultSecretProvider(this.secretAccessContext, config, this.secretStore).getSecret(str);
        ((SecretStore) Mockito.verify(this.secretStore)).getSecret(PROJECT_ID, "project", str3);
        MatcherAssert.assertThat(secret, Matchers.is("the-secret"));
    }

    @Test
    public void verifyProjectScopePrecedence() throws Exception {
        Config createConfig = DatabaseTestingUtils.createConfig();
        Mockito.when(this.secretStore.getSecret(PROJECT_ID, "project", "foo")).thenReturn(Optional.of("project-secret"));
        Mockito.when(this.secretStore.getSecret(PROJECT_ID, "project-default", "foo")).thenReturn(Optional.of("project-default-secret"));
        String secret = new DefaultSecretProvider(this.secretAccessContext, createConfig, this.secretStore).getSecret("foo");
        ((SecretStore) Mockito.verify(this.secretStore)).getSecret(PROJECT_ID, "project", "foo");
        ((SecretStore) Mockito.verify(this.secretStore, Mockito.never())).getSecret(PROJECT_ID, "foo", "project-default");
        MatcherAssert.assertThat(secret, Matchers.is("project-secret"));
    }

    @Test
    public void verifyProjectDefaultScopeFallback() throws Exception {
        Config createConfig = DatabaseTestingUtils.createConfig();
        Mockito.when(this.secretStore.getSecret(PROJECT_ID, "project", "foo")).thenReturn(Optional.absent());
        Mockito.when(this.secretStore.getSecret(PROJECT_ID, "project-default", "foo")).thenReturn(Optional.of("project-default-secret"));
        String secret = new DefaultSecretProvider(this.secretAccessContext, createConfig, this.secretStore).getSecret("foo");
        ((SecretStore) Mockito.verify(this.secretStore)).getSecret(PROJECT_ID, "project", "foo");
        ((SecretStore) Mockito.verify(this.secretStore)).getSecret(PROJECT_ID, "project-default", "foo");
        MatcherAssert.assertThat(secret, Matchers.is("project-default-secret"));
    }
}
