package org.apache.brooklyn.location.jclouds.networking;

import com.google.common.base.Optional;
import com.google.common.base.Predicate;
import com.google.common.base.Supplier;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import java.net.URI;
import java.util.Collections;
import org.apache.brooklyn.location.jclouds.JcloudsLocation;
import org.apache.brooklyn.util.collections.MutableMap;
import org.apache.brooklyn.util.net.Cidr;
import org.jclouds.aws.AWSResponseException;
import org.jclouds.aws.domain.AWSError;
import org.jclouds.compute.ComputeService;
import org.jclouds.compute.domain.SecurityGroup;
import org.jclouds.compute.domain.Template;
import org.jclouds.compute.extensions.SecurityGroupExtension;
import org.jclouds.compute.options.TemplateOptions;
import org.jclouds.domain.Location;
import org.jclouds.http.HttpCommand;
import org.jclouds.http.HttpResponse;
import org.jclouds.net.domain.IpPermission;
import org.jclouds.net.domain.IpProtocol;
import org.mockito.Answers;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/brooklyn/location/jclouds/networking/JcloudsLocationSecurityGroupCustomizerTest.class */
public class JcloudsLocationSecurityGroupCustomizerTest {
    JcloudsLocationSecurityGroupCustomizer customizer;
    ComputeService computeService;
    Location location;
    SecurityGroupExtension securityApi;

    /* loaded from: input_file:org/apache/brooklyn/location/jclouds/networking/JcloudsLocationSecurityGroupCustomizerTest$TestCidrSupplier.class */
    private static class TestCidrSupplier implements Supplier<Cidr> {
        private TestCidrSupplier() {
        }

        /* renamed from: get, reason: merged with bridge method [inline-methods] */
        public Cidr m32get() {
            return new Cidr("192.168.10.10/32");
        }
    }

    @BeforeMethod
    public void setUp() {
        this.customizer = new JcloudsLocationSecurityGroupCustomizer("testapp", new TestCidrSupplier());
        this.location = (Location) Mockito.mock(Location.class);
        this.securityApi = (SecurityGroupExtension) Mockito.mock(SecurityGroupExtension.class);
        this.computeService = (ComputeService) Mockito.mock(ComputeService.class, Answers.RETURNS_DEEP_STUBS.get());
        Mockito.when(this.computeService.getSecurityGroupExtension()).thenReturn(Optional.of(this.securityApi));
    }

    @Test
    public void testSameInstanceReturnedForSameApplication() {
        Assert.assertEquals(JcloudsLocationSecurityGroupCustomizer.getInstance("a"), JcloudsLocationSecurityGroupCustomizer.getInstance("a"));
        Assert.assertNotEquals(JcloudsLocationSecurityGroupCustomizer.getInstance("a"), JcloudsLocationSecurityGroupCustomizer.getInstance("b"));
    }

    @Test
    public void testSecurityGroupAddedWhenJcloudsLocationCustomised() {
        Template template = (Template) Mockito.mock(Template.class);
        TemplateOptions templateOptions = (TemplateOptions) Mockito.mock(TemplateOptions.class);
        Mockito.when(template.getLocation()).thenReturn(this.location);
        Mockito.when(template.getOptions()).thenReturn(templateOptions);
        SecurityGroup newGroup = newGroup("id");
        Mockito.when(this.securityApi.createSecurityGroup(Matchers.anyString(), (Location) Matchers.eq(this.location))).thenReturn(newGroup);
        JcloudsLocation jcloudsLocation = new JcloudsLocation(MutableMap.of("deferConstruction", true));
        JcloudsLocation jcloudsLocation2 = new JcloudsLocation(MutableMap.of("deferConstruction", true));
        this.customizer.customize(jcloudsLocation, this.computeService, template);
        this.customizer.customize(jcloudsLocation2, this.computeService, template);
        ((SecurityGroupExtension) Mockito.verify(this.securityApi)).createSecurityGroup(Matchers.anyString(), (Location) Matchers.eq(this.location));
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.times(4))).addIpPermission((IpPermission) Matchers.any(IpPermission.class), (SecurityGroup) Matchers.eq(newGroup));
        ((TemplateOptions) Mockito.verify(templateOptions, Mockito.times(2))).securityGroups(new String[]{Matchers.anyString()});
    }

    @Test
    public void testSharedGroupLoadedWhenItExistsButIsNotCached() {
        Template template = (Template) Mockito.mock(Template.class);
        TemplateOptions templateOptions = (TemplateOptions) Mockito.mock(TemplateOptions.class);
        Mockito.when(template.getLocation()).thenReturn(this.location);
        Mockito.when(template.getOptions()).thenReturn(templateOptions);
        JcloudsLocation jcloudsLocation = new JcloudsLocation(MutableMap.of("deferConstruction", true));
        SecurityGroup newGroup = newGroup(this.customizer.getNameForSharedSecurityGroup());
        Mockito.when(this.securityApi.listSecurityGroupsInLocation(this.location)).thenReturn(ImmutableSet.of(newGroup("irrelevant"), newGroup));
        this.customizer.customize(jcloudsLocation, this.computeService, template);
        ((SecurityGroupExtension) Mockito.verify(this.securityApi)).listSecurityGroupsInLocation(this.location);
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.never())).createSecurityGroup(Matchers.anyString(), (Location) Matchers.any(Location.class));
    }

    @Test
    public void testAddPermissionsToNode() {
        IpPermission newPermission = newPermission(22);
        IpPermission newPermission2 = newPermission(31001);
        SecurityGroup newGroup = newGroup(this.customizer.getNameForSharedSecurityGroup());
        SecurityGroup newGroup2 = newGroup("id");
        Mockito.when(this.securityApi.listSecurityGroupsForNode("node")).thenReturn(ImmutableSet.of(newGroup, newGroup2));
        Mockito.when(this.computeService.getContext().unwrap().getId()).thenReturn("aws-ec2");
        this.customizer.addPermissionsToLocation(ImmutableList.of(newPermission, newPermission2), "node", this.computeService);
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.never())).createSecurityGroup(Matchers.anyString(), (Location) Matchers.any(Location.class));
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.times(1))).addIpPermission(newPermission, newGroup2);
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.times(1))).addIpPermission(newPermission2, newGroup2);
    }

    @Test
    public void testRemovePermissionsFromNode() {
        IpPermission newPermission = newPermission(22);
        IpPermission newPermission2 = newPermission(31001);
        SecurityGroup newGroup = newGroup(this.customizer.getNameForSharedSecurityGroup());
        SecurityGroup newGroup2 = newGroup("id");
        Mockito.when(this.securityApi.listSecurityGroupsForNode("node")).thenReturn(ImmutableSet.of(newGroup, newGroup2));
        Mockito.when(this.computeService.getContext().unwrap().getId()).thenReturn("aws-ec2");
        this.customizer.addPermissionsToLocation(ImmutableList.of(newPermission, newPermission2), "node", this.computeService);
        this.customizer.removePermissionsFromLocation(ImmutableList.of(newPermission2), "node", this.computeService);
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.never())).removeIpPermission(newPermission, newGroup2);
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.times(1))).removeIpPermission(newPermission2, newGroup2);
    }

    @Test
    public void testRemoveMultiplePermissionsFromNode() {
        IpPermission newPermission = newPermission(22);
        IpPermission newPermission2 = newPermission(31001);
        SecurityGroup newGroup = newGroup(this.customizer.getNameForSharedSecurityGroup());
        SecurityGroup newGroup2 = newGroup("id");
        Mockito.when(this.securityApi.listSecurityGroupsForNode("node")).thenReturn(ImmutableSet.of(newGroup, newGroup2));
        Mockito.when(this.computeService.getContext().unwrap().getId()).thenReturn("aws-ec2");
        this.customizer.addPermissionsToLocation(ImmutableList.of(newPermission, newPermission2), "node", this.computeService);
        this.customizer.removePermissionsFromLocation(ImmutableList.of(newPermission, newPermission2), "node", this.computeService);
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.times(1))).removeIpPermission(newPermission, newGroup2);
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.times(1))).removeIpPermission(newPermission2, newGroup2);
    }

    @Test
    public void testAddPermissionWhenNoExtension() {
        IpPermission newPermission = newPermission(22);
        IpPermission newPermission2 = newPermission(31001);
        Mockito.when(this.securityApi.listSecurityGroupsForNode("node")).thenReturn(Collections.emptySet());
        RuntimeException runtimeException = null;
        try {
            this.customizer.addPermissionsToLocation(ImmutableList.of(newPermission, newPermission2), "node", this.computeService);
        } catch (RuntimeException e) {
            runtimeException = e;
        }
        Assert.assertNotNull(runtimeException);
    }

    @Test
    public void testAddPermissionsToNodeUsesUncachedSecurityGroup() {
        JcloudsLocation jcloudsLocation = new JcloudsLocation(MutableMap.of("deferConstruction", true));
        IpPermission newPermission = newPermission(22);
        SecurityGroup newGroup = newGroup(this.customizer.getNameForSharedSecurityGroup());
        SecurityGroup newGroup2 = newGroup("unique");
        Template template = (Template) Mockito.mock(Template.class);
        TemplateOptions templateOptions = (TemplateOptions) Mockito.mock(TemplateOptions.class);
        Mockito.when(template.getLocation()).thenReturn(this.location);
        Mockito.when(template.getOptions()).thenReturn(templateOptions);
        Mockito.when(this.securityApi.createSecurityGroup(Matchers.anyString(), (Location) Matchers.eq(this.location))).thenReturn(newGroup);
        Mockito.when(this.computeService.getContext().unwrap().getId()).thenReturn("aws-ec2");
        this.customizer.customize(jcloudsLocation, this.computeService, template);
        Mockito.reset(new SecurityGroupExtension[]{this.securityApi});
        Mockito.when(this.securityApi.listSecurityGroupsForNode("nodeId")).thenReturn(ImmutableSet.of(newGroup2, newGroup));
        this.customizer.addPermissionsToLocation(ImmutableSet.of(newPermission), "nodeId", this.computeService);
        ((SecurityGroupExtension) Mockito.verify(this.securityApi)).addIpPermission(newPermission, newGroup2);
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.never())).addIpPermission((IpPermission) Matchers.any(IpPermission.class), (SecurityGroup) Matchers.eq(newGroup));
    }

    @Test
    public void testSecurityGroupsLoadedWhenAddingPermissionsToUncachedNode() {
        IpPermission newPermission = newPermission(22);
        SecurityGroup newGroup = newGroup(this.customizer.getNameForSharedSecurityGroup());
        SecurityGroup newGroup2 = newGroup("unique");
        Mockito.when(this.securityApi.listSecurityGroupsForNode("nodeId")).thenReturn(ImmutableSet.of(newGroup, newGroup2));
        Mockito.when(this.computeService.getContext().unwrap().getId()).thenReturn("aws-ec2");
        this.customizer.addPermissionsToLocation(ImmutableSet.of(newPermission), "nodeId", this.computeService);
        this.customizer.addPermissionsToLocation(ImmutableSet.of(newPermission), "nodeId", this.computeService);
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.times(1))).listSecurityGroupsForNode("nodeId");
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.times(2))).addIpPermission(newPermission, newGroup2);
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.never())).addIpPermission((IpPermission) Matchers.any(IpPermission.class), (SecurityGroup) Matchers.eq(newGroup));
    }

    @Test
    public void testAddRuleNotRetriedByDefault() {
        IpPermission newPermission = newPermission(22);
        SecurityGroup newGroup = newGroup(this.customizer.getNameForSharedSecurityGroup());
        SecurityGroup newGroup2 = newGroup("unique");
        Mockito.when(this.securityApi.listSecurityGroupsForNode("node")).thenReturn(ImmutableSet.of(newGroup, newGroup2));
        Mockito.when(this.securityApi.addIpPermission((IpPermission) Matchers.eq(newPermission), (SecurityGroup) Matchers.eq(newGroup2))).thenThrow(new Throwable[]{new RuntimeException("exception creating " + newPermission)});
        Mockito.when(this.computeService.getContext().unwrap().getId()).thenReturn("aws-ec2");
        try {
            this.customizer.addPermissionsToLocation(ImmutableList.of(newPermission), "node", this.computeService);
        } catch (Exception e) {
            Assert.assertTrue(e.getMessage().contains("repeated errors from provider"), "message=" + e.getMessage());
        }
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.never())).createSecurityGroup(Matchers.anyString(), (Location) Matchers.any(Location.class));
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.times(1))).addIpPermission(newPermission, newGroup2);
    }

    @Test
    public void testCustomExceptionRetryablePredicate() {
        this.customizer.setRetryExceptionPredicate(new Predicate<Exception>() { // from class: org.apache.brooklyn.location.jclouds.networking.JcloudsLocationSecurityGroupCustomizerTest.1
            public boolean apply(Exception exc) {
                Throwable th = exc;
                while (true) {
                    Throwable th2 = th;
                    if (th2 == null) {
                        return false;
                    }
                    if (th2.getMessage().contains("testCustomExceptionRetryablePredicate")) {
                        return true;
                    }
                    th = th2.getCause();
                }
            }
        });
        Mockito.when(this.computeService.getContext().unwrap().getId()).thenReturn("aws-ec2");
        IpPermission newPermission = newPermission(22);
        SecurityGroup newGroup = newGroup(this.customizer.getNameForSharedSecurityGroup());
        SecurityGroup newGroup2 = newGroup("unique");
        Mockito.when(this.securityApi.listSecurityGroupsForNode("node")).thenReturn(ImmutableSet.of(newGroup, newGroup2));
        Mockito.when(this.securityApi.addIpPermission((IpPermission) Matchers.eq(newPermission), (SecurityGroup) Matchers.eq(newGroup2))).thenThrow(new Throwable[]{new RuntimeException(new Exception("testCustomExceptionRetryablePredicate"))}).thenThrow(new Throwable[]{new RuntimeException(new Exception("testCustomExceptionRetryablePredicate"))}).thenReturn(newGroup);
        this.customizer.addPermissionsToLocation(ImmutableList.of(newPermission), "node", this.computeService);
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.never())).createSecurityGroup(Matchers.anyString(), (Location) Matchers.any(Location.class));
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.times(3))).addIpPermission(newPermission, newGroup2);
    }

    @Test
    public void testAddRuleRetriedOnAwsFailure() {
        IpPermission newPermission = newPermission(22);
        SecurityGroup newGroup = newGroup(this.customizer.getNameForSharedSecurityGroup());
        SecurityGroup newGroup2 = newGroup("unique");
        this.customizer.setRetryExceptionPredicate(JcloudsLocationSecurityGroupCustomizer.newAwsExceptionRetryPredicate());
        Mockito.when(this.securityApi.listSecurityGroupsForNode("nodeId")).thenReturn(ImmutableSet.of(newGroup, newGroup2));
        Mockito.when(this.securityApi.addIpPermission((IpPermission) Matchers.any(IpPermission.class), (SecurityGroup) Matchers.eq(newGroup2))).thenThrow(new Throwable[]{newAwsResponseExceptionWithCode("InvalidGroup.InUse")}).thenThrow(new Throwable[]{newAwsResponseExceptionWithCode("DependencyViolation")}).thenThrow(new Throwable[]{newAwsResponseExceptionWithCode("RequestLimitExceeded")}).thenThrow(new Throwable[]{newAwsResponseExceptionWithCode("Blocked")}).thenReturn(newGroup);
        Mockito.when(this.computeService.getContext().unwrap().getId()).thenReturn("aws-ec2");
        try {
            this.customizer.addPermissionsToLocation(ImmutableList.of(newPermission), "nodeId", this.computeService);
        } catch (Exception e) {
            Assert.assertTrue(e.getMessage().contains("repeated errors from provider"), "expected exception message to contain repeated errors from provider, was: " + e.getMessage());
        }
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.never())).createSecurityGroup(Matchers.anyString(), (Location) Matchers.any(Location.class));
        ((SecurityGroupExtension) Mockito.verify(this.securityApi, Mockito.times(4))).addIpPermission(newPermission, newGroup2);
    }

    private SecurityGroup newGroup(String str) {
        return new SecurityGroup("providerId", str, str, this.location, (URI) null, Collections.emptyMap(), ImmutableSet.of(), ImmutableSet.of(), (String) null);
    }

    private IpPermission newPermission(int i) {
        return IpPermission.builder().ipProtocol(IpProtocol.TCP).fromPort(i).toPort(i).cidrBlock("0.0.0.0/0").build();
    }

    private AWSError newAwsErrorWithCode(String str) {
        AWSError aWSError = new AWSError();
        aWSError.setCode(str);
        return aWSError;
    }

    private Exception newAwsResponseExceptionWithCode(String str) {
        return new RuntimeException((Throwable) new AWSResponseException("irrelevant message", (HttpCommand) null, (HttpResponse) null, newAwsErrorWithCode(str)));
    }
}
