package org.finos.legend.engine.plan.execution.stores.relational.connection.test;

import java.io.IOException;
import java.util.Collections;
import java.util.Optional;
import javax.security.auth.Subject;
import org.eclipse.collections.api.list.MutableList;
import org.finos.legend.engine.authentication.LegendDefaultDatabaseAuthenticationFlowProvider;
import org.finos.legend.engine.authentication.LegendDefaultDatabaseAuthenticationFlowProviderConfiguration;
import org.finos.legend.engine.plan.execution.stores.relational.config.TemporaryTestDbConfiguration;
import org.finos.legend.engine.plan.execution.stores.relational.connection.manager.ConnectionManagerSelector;
import org.finos.legend.engine.protocol.pure.v1.model.packageableElement.store.relational.connection.DatabaseType;
import org.finos.legend.engine.protocol.pure.v1.model.packageableElement.store.relational.connection.RelationalDatabaseConnection;
import org.finos.legend.engine.protocol.pure.v1.model.packageableElement.store.relational.connection.authentication.GCPApplicationDefaultCredentialsAuthenticationStrategy;
import org.finos.legend.engine.protocol.pure.v1.model.packageableElement.store.relational.connection.authentication.GCPWorkloadIdentityFederationAuthenticationStrategy;
import org.finos.legend.engine.protocol.pure.v1.model.packageableElement.store.relational.connection.specification.BigQueryDatasourceSpecification;
import org.finos.legend.engine.shared.core.vault.EnvironmentVaultImplementation;
import org.finos.legend.engine.shared.core.vault.Vault;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/finos/legend/engine/plan/execution/stores/relational/connection/test/ExternalIntegration_TestConnectionAcquisitionWithFlowProvider_BigQuery.class */
public class ExternalIntegration_TestConnectionAcquisitionWithFlowProvider_BigQuery extends DbSpecificTests {
    public static final String GOOGLE_APPLICATION_CREDENTIALS = "GOOGLE_APPLICATION_CREDENTIALS";
    public static final String AWS_ACCESS_KEY_ID = "AWS_ACCESS_KEY_ID";
    public static final String AWS_SECRET_ACCESS_KEY = "AWS_SECRET_ACCESS_KEY";
    private static final LegendDefaultDatabaseAuthenticationFlowProviderConfiguration.AWSConfig awsConfig = new LegendDefaultDatabaseAuthenticationFlowProviderConfiguration.AWSConfig("us-east-1", "564704738649", "integration-wif-role1", AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY);
    private static final LegendDefaultDatabaseAuthenticationFlowProviderConfiguration.GCPWorkloadConfig gcpWorkloadConfig = new LegendDefaultDatabaseAuthenticationFlowProviderConfiguration.GCPWorkloadConfig("412074507462", "integration-wif-pool1", "integration-wif-pool1-provider");
    private ConnectionManagerSelector connectionManagerSelector;

    @BeforeClass
    public static void verifyTestSetup() {
        String str = System.getenv(GOOGLE_APPLICATION_CREDENTIALS);
        if (str == null || str.trim().isEmpty()) {
            Assert.fail(String.format("Tests cannot be run. GCP env variable %s has not been set", GOOGLE_APPLICATION_CREDENTIALS));
        }
        String str2 = System.getenv(AWS_ACCESS_KEY_ID);
        if (str2 == null || str2.trim().isEmpty()) {
            Assert.fail(String.format("Tests cannot be run. AWS env variable %s has not been set", AWS_ACCESS_KEY_ID));
        }
        String str3 = System.getenv(AWS_SECRET_ACCESS_KEY);
        if (str3 == null || str3.trim().isEmpty()) {
            Assert.fail(String.format("Tests cannot be run. AWS env variable %s has not been set", AWS_SECRET_ACCESS_KEY));
        }
    }

    @BeforeClass
    public static void setupTest() throws IOException {
        Vault.INSTANCE.registerImplementation(new EnvironmentVaultImplementation());
    }

    @Override // org.finos.legend.engine.plan.execution.stores.relational.connection.test.DbSpecificTests
    protected Subject getSubject() {
        return null;
    }

    @Before
    public void setup() {
        LegendDefaultDatabaseAuthenticationFlowProvider legendDefaultDatabaseAuthenticationFlowProvider = new LegendDefaultDatabaseAuthenticationFlowProvider();
        legendDefaultDatabaseAuthenticationFlowProvider.configure(LegendDefaultDatabaseAuthenticationFlowProviderConfiguration.Builder.newInstance().withAwsConfig(awsConfig).withGcpWorkloadConfig(gcpWorkloadConfig).build());
        assertBigQueryWithGCPADCFlowIsAvailable(legendDefaultDatabaseAuthenticationFlowProvider);
        assertBigQueryWithGCPWIFFlowIsAvailable(legendDefaultDatabaseAuthenticationFlowProvider);
        this.connectionManagerSelector = new ConnectionManagerSelector(new TemporaryTestDbConfiguration(-1), Collections.emptyList(), Optional.of(legendDefaultDatabaseAuthenticationFlowProvider));
    }

    public void assertBigQueryWithGCPADCFlowIsAvailable(LegendDefaultDatabaseAuthenticationFlowProvider legendDefaultDatabaseAuthenticationFlowProvider) {
        RelationalDatabaseConnection relationalDatabaseConnection = new RelationalDatabaseConnection(new BigQueryDatasourceSpecification(), new GCPApplicationDefaultCredentialsAuthenticationStrategy(), DatabaseType.BigQuery);
        relationalDatabaseConnection.type = DatabaseType.BigQuery;
        Assert.assertTrue("bigquery gcp adc flow does not exist ", legendDefaultDatabaseAuthenticationFlowProvider.lookupFlow(relationalDatabaseConnection).isPresent());
    }

    public void assertBigQueryWithGCPWIFFlowIsAvailable(LegendDefaultDatabaseAuthenticationFlowProvider legendDefaultDatabaseAuthenticationFlowProvider) {
        RelationalDatabaseConnection relationalDatabaseConnection = new RelationalDatabaseConnection(new BigQueryDatasourceSpecification(), new GCPWorkloadIdentityFederationAuthenticationStrategy(), DatabaseType.BigQuery);
        relationalDatabaseConnection.type = DatabaseType.BigQuery;
        Assert.assertTrue("BigQuery Workload Identity Federation Flow does not exist ", legendDefaultDatabaseAuthenticationFlowProvider.lookupFlow(relationalDatabaseConnection).isPresent());
    }

    @Test
    public void testBigQueryGCPADCConnection_subject() throws Exception {
        testConnection(this.connectionManagerSelector.getDatabaseConnection((Subject) null, bigQueryWithGCPADCSpec()), "select * from `legend-integration-testing.integration_dataset1.table1`");
    }

    @Test
    public void testBigQueryGCPWIFConnection_subject() throws Exception {
        testConnection(this.connectionManagerSelector.getDatabaseConnection((Subject) null, bigQueryWithGCPWIFSpec()), "select * from `legend-integration-testing.integration_dataset1.table1`");
    }

    @Test
    public void testBigQueryGCPADCConnection_profile() throws Exception {
        testConnection(this.connectionManagerSelector.getDatabaseConnection((MutableList) null, bigQueryWithGCPADCSpec()), "select * from `legend-integration-testing.integration_dataset1.table1`");
    }

    @Test
    public void testBigQueryGCPWIFConnection_profile() throws Exception {
        testConnection(this.connectionManagerSelector.getDatabaseConnection((MutableList) null, bigQueryWithGCPWIFSpec()), "select * from `legend-integration-testing.integration_dataset1.table1`");
    }

    private RelationalDatabaseConnection bigQueryWithGCPADCSpec() throws Exception {
        BigQueryDatasourceSpecification bigQueryDatasourceSpecification = new BigQueryDatasourceSpecification();
        bigQueryDatasourceSpecification.projectId = "legend-integration-testing";
        bigQueryDatasourceSpecification.defaultDataset = "integration_dataset1";
        return new RelationalDatabaseConnection(bigQueryDatasourceSpecification, new GCPApplicationDefaultCredentialsAuthenticationStrategy(), DatabaseType.BigQuery);
    }

    private RelationalDatabaseConnection bigQueryWithGCPWIFSpec() {
        BigQueryDatasourceSpecification bigQueryDatasourceSpecification = new BigQueryDatasourceSpecification();
        bigQueryDatasourceSpecification.projectId = "legend-integration-testing";
        bigQueryDatasourceSpecification.defaultDataset = "integration_dataset1";
        GCPWorkloadIdentityFederationAuthenticationStrategy gCPWorkloadIdentityFederationAuthenticationStrategy = new GCPWorkloadIdentityFederationAuthenticationStrategy();
        gCPWorkloadIdentityFederationAuthenticationStrategy.serviceAccountEmail = "integration-bq-sa1@legend-integration-testing.iam.gserviceaccount.com";
        return new RelationalDatabaseConnection(bigQueryDatasourceSpecification, gCPWorkloadIdentityFederationAuthenticationStrategy, DatabaseType.BigQuery);
    }
}
