package org.apache.brooklyn.entity.software.base.test.location;

import com.google.common.base.Optional;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.util.List;
import java.util.Set;
import org.apache.brooklyn.api.entity.Entity;
import org.apache.brooklyn.api.entity.EntitySpec;
import org.apache.brooklyn.api.location.Location;
import org.apache.brooklyn.core.entity.EntityAsserts;
import org.apache.brooklyn.core.entity.trait.Startable;
import org.apache.brooklyn.core.internal.BrooklynProperties;
import org.apache.brooklyn.core.location.Locations;
import org.apache.brooklyn.core.test.BrooklynAppLiveTestSupport;
import org.apache.brooklyn.core.test.entity.LocalManagementContextForTests;
import org.apache.brooklyn.entity.software.base.EmptySoftwareProcess;
import org.apache.brooklyn.location.jclouds.JcloudsMachineLocation;
import org.apache.brooklyn.location.jclouds.networking.SecurityGroupDefinition;
import org.apache.brooklyn.location.jclouds.networking.SecurityGroupEditor;
import org.apache.brooklyn.location.ssh.SshMachineLocation;
import org.apache.brooklyn.util.collections.MutableMap;
import org.apache.brooklyn.util.text.Identifiers;
import org.jclouds.compute.ComputeService;
import org.jclouds.compute.domain.SecurityGroup;
import org.jclouds.compute.extensions.SecurityGroupExtension;
import org.jclouds.net.domain.IpPermission;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

@Test(groups = {"Live"})
/* loaded from: input_file:org/apache/brooklyn/entity/software/base/test/location/SecurityGroupLiveTest.class */
public class SecurityGroupLiveTest extends BrooklynAppLiveTestSupport {
    private static final Logger LOG = LoggerFactory.getLogger(SecurityGroupLiveTest.class);
    public static final String PROVIDER = "aws-ec2";
    public static final String REGION_NAME = "us-east-1";
    public static final String LOCATION_SPEC;
    public static final String UBUNTU_12 = "us-east-1/ami-d0f89fb9";
    private BrooklynProperties brooklynProperties;
    private Location loc;
    private List<Location> locs;
    private Entity testEntity;
    private JcloudsMachineLocation jcloudsMachineLocation;
    private ComputeService computeService;

    @BeforeMethod(alwaysRun = true)
    public void setUp() throws Exception {
        this.brooklynProperties = BrooklynProperties.Factory.newDefault();
        this.brooklynProperties.remove("brooklyn.jclouds.aws-ec2.image-description-regex");
        this.brooklynProperties.remove("brooklyn.jclouds.aws-ec2.image-name-regex");
        this.brooklynProperties.remove("brooklyn.jclouds.aws-ec2.image-id");
        this.brooklynProperties.remove("brooklyn.jclouds.aws-ec2.inboundPorts");
        this.brooklynProperties.remove("brooklyn.jclouds.aws-ec2.hardware-id");
        this.brooklynProperties.remove("brooklyn.ssh.config.scriptHeader");
        this.mgmt = new LocalManagementContextForTests(this.brooklynProperties);
        super.setUp();
        this.loc = this.mgmt.getLocationRegistry().getLocationManaged(LOCATION_SPEC, MutableMap.builder().put("tags", ImmutableList.of(getClass().getName())).putAll(ImmutableMap.of("imageId", UBUNTU_12, "loginUser", "ubuntu", "hardwareId", "m1.small")).build());
        this.testEntity = this.app.createAndManageChild(EntitySpec.create(EmptySoftwareProcess.class));
        this.app.start(ImmutableList.of(this.loc));
        EntityAsserts.assertAttributeEqualsEventually(MutableMap.of("timeout", 30000), this.testEntity, Startable.SERVICE_UP, true);
        this.jcloudsMachineLocation = (SshMachineLocation) Locations.findUniqueSshMachineLocation(this.testEntity.getLocations()).get();
        this.computeService = this.jcloudsMachineLocation.getParent().getComputeService();
    }

    @AfterMethod(alwaysRun = true)
    public void tearDown() throws Exception {
        try {
            if (this.app != null) {
                this.app.stop();
            }
        } catch (Exception e) {
            LOG.error("error stopping app; continuing with shutdown...", e);
        } finally {
            super.tearDown();
        }
    }

    @Test
    public void testCreateGroupAddPermissionsAndDelete() {
        SecurityGroupDefinition allowingPublicPort = new SecurityGroupDefinition().allowingInternalPorts(8097, 8098, new int[0]).allowingInternalPortRange(6000, 7999).allowingPublicPort(8099);
        String makeRandomLowercaseId = Identifiers.makeRandomLowercaseId(15);
        SecurityGroupEditor makeEditor = makeEditor();
        SecurityGroup createTestGroup = createTestGroup(makeRandomLowercaseId, makeEditor);
        Assert.assertEquals(createTestGroup.getName(), "jclouds#" + makeRandomLowercaseId);
        SecurityGroup addPermissions = makeEditor.addPermissions(createTestGroup, allowingPublicPort.getPermissions());
        Optional findSecurityGroupByName = makeEditor.findSecurityGroupByName(makeRandomLowercaseId);
        Assert.assertTrue(findSecurityGroupByName.isPresent());
        assertPermissionsEqual(addPermissions.getIpPermissions(), ((SecurityGroup) findSecurityGroupByName.get()).getIpPermissions());
        makeEditor.removeSecurityGroup(addPermissions);
        Assert.assertFalse(makeEditor.findSecurityGroupByName(makeRandomLowercaseId).isPresent());
    }

    @Test
    public void testGroupAddIsIdempotent() {
        SecurityGroupDefinition allowingPublicPort = new SecurityGroupDefinition().allowingInternalPorts(8097, 8098, new int[0]).allowingInternalPortRange(6000, 7999).allowingPublicPort(8099);
        String makeRandomLowercaseId = Identifiers.makeRandomLowercaseId(15);
        SecurityGroupEditor makeEditor = makeEditor();
        SecurityGroup createTestGroup = createTestGroup(makeRandomLowercaseId, makeEditor);
        Assert.assertEquals(createTestGroup.getName(), "jclouds#" + makeRandomLowercaseId);
        SecurityGroup addPermissions = makeEditor.addPermissions(createTestGroup, allowingPublicPort.getPermissions());
        SecurityGroup createTestGroup2 = createTestGroup(makeRandomLowercaseId, makeEditor);
        Assert.assertEquals(createTestGroup2.getName(), addPermissions.getName());
        assertPermissionsEqual(createTestGroup2.getIpPermissions(), addPermissions.getIpPermissions());
        makeEditor.removeSecurityGroup(createTestGroup2);
        Assert.assertFalse(makeEditor.findSecurityGroupByName(makeRandomLowercaseId).isPresent());
    }

    @Test
    public void testPermissionsAddIsIdempotent() {
        SecurityGroupDefinition allowingPublicPort = new SecurityGroupDefinition().allowingInternalPorts(8097, 8098, new int[0]).allowingInternalPortRange(6000, 7999).allowingPublicPort(8099);
        String makeRandomLowercaseId = Identifiers.makeRandomLowercaseId(15);
        SecurityGroupEditor makeEditor = makeEditor();
        SecurityGroup createTestGroup = createTestGroup(makeRandomLowercaseId, makeEditor);
        Assert.assertEquals(createTestGroup.getName(), "jclouds#" + makeRandomLowercaseId);
        SecurityGroup addPermissions = makeEditor.addPermissions(createTestGroup, allowingPublicPort.getPermissions());
        assertPermissionsEqual(ImmutableSet.copyOf(allowingPublicPort.getPermissions()), addPermissions.getIpPermissions());
        try {
            assertPermissionsEqual(addPermissions.getIpPermissions(), makeEditor.addPermissions(addPermissions, allowingPublicPort.getPermissions()).getIpPermissions());
        } catch (Exception e) {
            Assert.fail("Exception repeating group permissions", e);
        }
        makeEditor.removeSecurityGroup(createTestGroup);
        Assert.assertFalse(makeEditor.findSecurityGroupByName(makeRandomLowercaseId).isPresent());
    }

    private void assertPermissionsEqual(Set<IpPermission> set, Set<IpPermission> set2) {
        Assert.assertEquals(set.size(), set2.size());
        Assert.assertTrue(set.containsAll(set2));
    }

    private SecurityGroupEditor makeEditor() {
        org.jclouds.domain.Location location = this.jcloudsMachineLocation.getNode().getLocation();
        ComputeService computeService = this.jcloudsMachineLocation.getParent().getComputeService();
        Optional securityGroupExtension = computeService.getSecurityGroupExtension();
        if (securityGroupExtension.isPresent()) {
            return new SecurityGroupEditor(location, (SecurityGroupExtension) securityGroupExtension.get());
        }
        throw new IllegalArgumentException("Expected SecurityGroupExtension not found in " + computeService);
    }

    private SecurityGroup createTestGroup(String str, SecurityGroupEditor securityGroupEditor) {
        LOG.info("Creating security group {} in {}", str, this.jcloudsMachineLocation);
        return securityGroupEditor.createSecurityGroup(str);
    }

    static {
        LOCATION_SPEC = "aws-ec2" + ("us-east-1" == 0 ? "" : ":us-east-1");
    }
}
