package com.netflix.spinnaker.clouddriver.kubernetes.v2.security;

import com.fasterxml.jackson.annotation.JsonIgnore;
import com.google.common.base.Supplier;
import com.google.common.base.Suppliers;
import com.netflix.spectator.api.Clock;
import com.netflix.spectator.api.Registry;
import com.netflix.spinnaker.clouddriver.kubernetes.config.CustomKubernetesResource;
import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesCredentials;
import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.KubernetesKind;
import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.KubernetesManifest;
import com.netflix.spinnaker.clouddriver.kubernetes.v2.op.job.KubectlJobExecutor;
import io.kubernetes.client.models.V1DeleteOptions;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import javax.validation.constraints.NotNull;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/netflix/spinnaker/clouddriver/kubernetes/v2/security/KubernetesV2Credentials.class */
public class KubernetesV2Credentials implements KubernetesCredentials {
    private static final Logger log = LoggerFactory.getLogger(KubernetesV2Credentials.class);
    private final KubectlJobExecutor jobExecutor;
    private final Registry registry;
    private final Clock clock;
    private final String accountName;
    private final List<String> namespaces;
    private final List<String> omitNamespaces;
    private final List<KubernetesKind> kinds;
    private final List<KubernetesKind> omitKinds;
    private final boolean serviceAccount;
    private static final int namespaceExpirySeconds = 30;
    private final Supplier<List<String>> liveNamespaceSupplier;
    private final List<CustomKubernetesResource> customResources;
    private final String kubectlExecutable;
    private final String kubeconfigFile;
    private final String context;

    @JsonIgnore
    private final String oAuthServiceAccount;

    @JsonIgnore
    private final List<String> oAuthScopes;
    private final String defaultNamespace = "default";
    private String cachedDefaultNamespace;
    private final Path serviceAccountNamespacePath;
    private final boolean debug;

    /* loaded from: input_file:com/netflix/spinnaker/clouddriver/kubernetes/v2/security/KubernetesV2Credentials$Builder.class */
    public static class Builder {
        String accountName;
        String kubeconfigFile;
        String context;
        String kubectlExecutable;
        String oAuthServiceAccount;
        List<String> oAuthScopes;
        String userAgent;
        List<String> namespaces = new ArrayList();
        List<String> omitNamespaces = new ArrayList();
        Registry registry;
        KubectlJobExecutor jobExecutor;
        List<CustomKubernetesResource> customResources;
        List<String> kinds;
        List<String> omitKinds;
        boolean debug;
        boolean serviceAccount;

        public Builder accountName(String str) {
            this.accountName = str;
            return this;
        }

        public Builder kubeconfigFile(String str) {
            this.kubeconfigFile = str;
            return this;
        }

        public Builder kubectlExecutable(String str) {
            this.kubectlExecutable = str;
            return this;
        }

        public Builder context(String str) {
            this.context = str;
            return this;
        }

        public Builder userAgent(String str) {
            this.userAgent = str;
            return this;
        }

        public Builder namespaces(List<String> list) {
            this.namespaces = list;
            return this;
        }

        public Builder omitNamespaces(List<String> list) {
            this.omitNamespaces = list;
            return this;
        }

        public Builder registry(Registry registry) {
            this.registry = registry;
            return this;
        }

        public Builder jobExecutor(KubectlJobExecutor kubectlJobExecutor) {
            this.jobExecutor = kubectlJobExecutor;
            return this;
        }

        public Builder customResources(List<CustomKubernetesResource> list) {
            this.customResources = list;
            return this;
        }

        public Builder debug(boolean z) {
            this.debug = z;
            return this;
        }

        public Builder serviceAccount(boolean z) {
            this.serviceAccount = z;
            return this;
        }

        public Builder oAuthServiceAccount(String str) {
            this.oAuthServiceAccount = str;
            return this;
        }

        public Builder oAuthScopes(List<String> list) {
            this.oAuthScopes = list;
            return this;
        }

        public Builder kinds(List<String> list) {
            this.kinds = list;
            return this;
        }

        public Builder omitKinds(List<String> list) {
            this.omitKinds = list;
            return this;
        }

        public KubernetesV2Credentials build() {
            this.namespaces = this.namespaces == null ? new ArrayList<>() : this.namespaces;
            this.omitNamespaces = this.omitNamespaces == null ? new ArrayList<>() : this.omitNamespaces;
            this.customResources = this.customResources == null ? new ArrayList<>() : this.customResources;
            this.kinds = this.kinds == null ? new ArrayList<>() : this.kinds;
            this.omitKinds = this.omitKinds == null ? new ArrayList<>() : this.omitKinds;
            return new KubernetesV2Credentials(this.accountName, this.jobExecutor, this.namespaces, this.omitNamespaces, this.registry, this.kubeconfigFile, this.kubectlExecutable, this.context, this.oAuthServiceAccount, this.oAuthScopes, this.serviceAccount, this.customResources, KubernetesKind.registeredStringList(this.kinds), KubernetesKind.registeredStringList(this.omitKinds), this.debug);
        }
    }

    public boolean isValidKind(KubernetesKind kubernetesKind) {
        if (kubernetesKind == KubernetesKind.NONE) {
            return false;
        }
        return !this.kinds.isEmpty() ? this.kinds.contains(kubernetesKind) : this.omitKinds.isEmpty() || !this.omitKinds.contains(kubernetesKind);
    }

    public String getDefaultNamespace() {
        if (StringUtils.isEmpty(this.cachedDefaultNamespace)) {
            this.cachedDefaultNamespace = lookupDefaultNamespace();
        }
        return this.cachedDefaultNamespace;
    }

    public String lookupDefaultNamespace() {
        String str = "default";
        try {
            str = Files.lines(this.serviceAccountNamespacePath, StandardCharsets.UTF_8).findFirst().orElse("");
        } catch (IOException e) {
            try {
                str = this.jobExecutor.defaultNamespace(this);
            } catch (KubectlJobExecutor.KubectlException e2) {
                log.debug("Failure looking up desired namespace, defaulting to {}", "default", e2);
            }
        } catch (Exception e3) {
            log.debug("Error encountered looking up default namespace, defaulting to {}", "default", e3);
        }
        if (StringUtils.isEmpty(str)) {
            str = "default";
        }
        return str;
    }

    private KubernetesV2Credentials(@NotNull String str, @NotNull KubectlJobExecutor kubectlJobExecutor, @NotNull List<String> list, @NotNull List<String> list2, @NotNull Registry registry, String str2, String str3, String str4, String str5, List<String> list3, boolean z, @NotNull List<CustomKubernetesResource> list4, @NotNull List<KubernetesKind> list5, @NotNull List<KubernetesKind> list6, boolean z2) {
        this.defaultNamespace = "default";
        this.serviceAccountNamespacePath = Paths.get("/var/run/secrets/kubernetes.io/serviceaccount/namespace", new String[0]);
        this.registry = registry;
        this.clock = registry.clock();
        this.accountName = str;
        this.namespaces = list;
        this.omitNamespaces = list2;
        this.jobExecutor = kubectlJobExecutor;
        this.debug = z2;
        this.kubectlExecutable = str3;
        this.kubeconfigFile = str2;
        this.context = str4;
        this.oAuthServiceAccount = str5;
        this.oAuthScopes = list3;
        this.serviceAccount = z;
        this.customResources = list4;
        this.kinds = list5;
        this.omitKinds = list6;
        this.liveNamespaceSupplier = Suppliers.memoizeWithExpiration(() -> {
            return (List) kubectlJobExecutor.list(this, Collections.singletonList(KubernetesKind.NAMESPACE), "").stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toList());
        }, 30L, TimeUnit.SECONDS);
    }

    @Override // com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesCredentials
    public List<String> getDeclaredNamespaces() {
        List<String> list;
        if (this.namespaces.isEmpty()) {
            try {
                list = (List) this.liveNamespaceSupplier.get();
            } catch (KubectlJobExecutor.KubectlException e) {
                log.warn("Could not list namespaces for account {}: {}", this.accountName, e.getMessage());
                return new ArrayList();
            }
        } else {
            list = this.namespaces;
        }
        if (!this.omitNamespaces.isEmpty()) {
            list = (List) list.stream().filter(str -> {
                return !this.omitNamespaces.contains(str);
            }).collect(Collectors.toList());
        }
        return list;
    }

    public KubernetesManifest get(KubernetesKind kubernetesKind, String str, String str2) {
        return (KubernetesManifest) runAndRecordMetrics("get", kubernetesKind, str, () -> {
            return this.jobExecutor.get(this, kubernetesKind, str, str2);
        });
    }

    public List<KubernetesManifest> list(KubernetesKind kubernetesKind, String str) {
        return (List) runAndRecordMetrics("list", kubernetesKind, str, () -> {
            return this.jobExecutor.list(this, Collections.singletonList(kubernetesKind), str);
        });
    }

    public List<KubernetesManifest> list(List<KubernetesKind> list, String str) {
        return list.isEmpty() ? new ArrayList() : (List) runAndRecordMetrics("list", list, str, () -> {
            return this.jobExecutor.list(this, list, str);
        });
    }

    public String logs(String str, String str2, String str3) {
        return (String) runAndRecordMetrics("logs", KubernetesKind.POD, str, () -> {
            return this.jobExecutor.logs(this, str, str2, str3);
        });
    }

    public void scale(KubernetesKind kubernetesKind, String str, String str2, int i) {
        runAndRecordMetrics("scale", kubernetesKind, str, () -> {
            return this.jobExecutor.scale(this, kubernetesKind, str, str2, i);
        });
    }

    public List<String> delete(KubernetesKind kubernetesKind, String str, String str2, KubernetesSelectorList kubernetesSelectorList, V1DeleteOptions v1DeleteOptions) {
        return (List) runAndRecordMetrics("delete", kubernetesKind, str, () -> {
            return this.jobExecutor.delete(this, kubernetesKind, str, str2, kubernetesSelectorList, v1DeleteOptions);
        });
    }

    public void deploy(KubernetesManifest kubernetesManifest) {
        runAndRecordMetrics("deploy", kubernetesManifest.getKind(), kubernetesManifest.getNamespace(), () -> {
            return this.jobExecutor.deploy(this, kubernetesManifest);
        });
    }

    public List<Integer> historyRollout(KubernetesKind kubernetesKind, String str, String str2) {
        return (List) runAndRecordMetrics("historyRollout", kubernetesKind, str, () -> {
            return this.jobExecutor.historyRollout(this, kubernetesKind, str, str2);
        });
    }

    public void undoRollout(KubernetesKind kubernetesKind, String str, String str2, int i) {
        runAndRecordMetrics("undoRollout", kubernetesKind, str, () -> {
            return this.jobExecutor.undoRollout(this, kubernetesKind, str, str2, i);
        });
    }

    public void pauseRollout(KubernetesKind kubernetesKind, String str, String str2) {
        runAndRecordMetrics("pauseRollout", kubernetesKind, str, () -> {
            return this.jobExecutor.pauseRollout(this, kubernetesKind, str, str2);
        });
    }

    public void resumeRollout(KubernetesKind kubernetesKind, String str, String str2) {
        runAndRecordMetrics("resumeRollout", kubernetesKind, str, () -> {
            return this.jobExecutor.resumeRollout(this, kubernetesKind, str, str2);
        });
    }

    private <T> T runAndRecordMetrics(String str, KubernetesKind kubernetesKind, String str2, java.util.function.Supplier<T> supplier) {
        return (T) runAndRecordMetrics(str, Collections.singletonList(kubernetesKind), str2, supplier);
    }

    private <T> T runAndRecordMetrics(String str, List<KubernetesKind> list, String str2, java.util.function.Supplier<T> supplier) {
        T t = null;
        Throwable th = null;
        long monotonicTime = this.clock.monotonicTime();
        try {
            try {
                t = supplier.get();
                HashMap hashMap = new HashMap();
                hashMap.put("action", str);
                if (list.size() == 1) {
                    hashMap.put("kind", list.get(0).toString());
                } else {
                    hashMap.put("kinds", String.join(",", (Iterable<? extends CharSequence>) list.stream().map((v0) -> {
                        return v0.toString();
                    }).collect(Collectors.toList())));
                }
                hashMap.put("account", this.accountName);
                hashMap.put("namespace", StringUtils.isEmpty(str2) ? "none" : str2);
                if (0 == 0) {
                    hashMap.put("success", "true");
                } else {
                    hashMap.put("success", "false");
                    hashMap.put("reason", th.getClass().getSimpleName() + ": " + th.getMessage());
                }
                this.registry.timer(this.registry.createId("kubernetes.api", hashMap)).record(this.clock.monotonicTime() - monotonicTime, TimeUnit.NANOSECONDS);
                if (0 != 0) {
                    throw new KubectlJobExecutor.KubectlException("Failure running " + str + " on " + list + ": " + th.getMessage(), null);
                }
                if (0 != 0) {
                    throw null;
                }
                return t;
            } catch (KubectlJobExecutor.KubectlException e) {
                HashMap hashMap2 = new HashMap();
                hashMap2.put("action", str);
                if (list.size() == 1) {
                    hashMap2.put("kind", list.get(0).toString());
                } else {
                    hashMap2.put("kinds", String.join(",", (Iterable<? extends CharSequence>) list.stream().map((v0) -> {
                        return v0.toString();
                    }).collect(Collectors.toList())));
                }
                hashMap2.put("account", this.accountName);
                hashMap2.put("namespace", StringUtils.isEmpty(str2) ? "none" : str2);
                if (0 == 0) {
                    hashMap2.put("success", "true");
                } else {
                    hashMap2.put("success", "false");
                    hashMap2.put("reason", th.getClass().getSimpleName() + ": " + th.getMessage());
                }
                this.registry.timer(this.registry.createId("kubernetes.api", hashMap2)).record(this.clock.monotonicTime() - monotonicTime, TimeUnit.NANOSECONDS);
                if (0 != 0) {
                    throw new KubectlJobExecutor.KubectlException("Failure running " + str + " on " + list + ": " + th.getMessage(), null);
                }
                if (e != null) {
                    throw e;
                }
                return t;
            } catch (Exception e2) {
                HashMap hashMap3 = new HashMap();
                hashMap3.put("action", str);
                if (list.size() == 1) {
                    hashMap3.put("kind", list.get(0).toString());
                } else {
                    hashMap3.put("kinds", String.join(",", (Iterable<? extends CharSequence>) list.stream().map((v0) -> {
                        return v0.toString();
                    }).collect(Collectors.toList())));
                }
                hashMap3.put("account", this.accountName);
                hashMap3.put("namespace", StringUtils.isEmpty(str2) ? "none" : str2);
                if (e2 == null) {
                    hashMap3.put("success", "true");
                } else {
                    hashMap3.put("success", "false");
                    hashMap3.put("reason", e2.getClass().getSimpleName() + ": " + e2.getMessage());
                }
                this.registry.timer(this.registry.createId("kubernetes.api", hashMap3)).record(this.clock.monotonicTime() - monotonicTime, TimeUnit.NANOSECONDS);
                if (e2 != null) {
                    throw new KubectlJobExecutor.KubectlException("Failure running " + str + " on " + list + ": " + e2.getMessage(), e2);
                }
                if (0 != 0) {
                    throw null;
                }
                return t;
            }
        } catch (Throwable th2) {
            HashMap hashMap4 = new HashMap();
            hashMap4.put("action", str);
            if (list.size() == 1) {
                hashMap4.put("kind", list.get(0).toString());
            } else {
                hashMap4.put("kinds", String.join(",", (Iterable<? extends CharSequence>) list.stream().map((v0) -> {
                    return v0.toString();
                }).collect(Collectors.toList())));
            }
            hashMap4.put("account", this.accountName);
            hashMap4.put("namespace", StringUtils.isEmpty(str2) ? "none" : str2);
            if (0 == 0) {
                hashMap4.put("success", "true");
            } else {
                hashMap4.put("success", "false");
                hashMap4.put("reason", th.getClass().getSimpleName() + ": " + th.getMessage());
            }
            this.registry.timer(this.registry.createId("kubernetes.api", hashMap4)).record(this.clock.monotonicTime() - monotonicTime, TimeUnit.NANOSECONDS);
            if (0 != 0) {
                throw new KubectlJobExecutor.KubectlException("Failure running " + str + " on " + list + ": " + th.getMessage(), null);
            }
            if (0 != 0) {
                throw null;
            }
            return t;
        }
    }

    public List<String> getNamespaces() {
        return this.namespaces;
    }

    public List<String> getOmitNamespaces() {
        return this.omitNamespaces;
    }

    public boolean isServiceAccount() {
        return this.serviceAccount;
    }

    public List<CustomKubernetesResource> getCustomResources() {
        return this.customResources;
    }

    public String getKubectlExecutable() {
        return this.kubectlExecutable;
    }

    public String getKubeconfigFile() {
        return this.kubeconfigFile;
    }

    public String getContext() {
        return this.context;
    }

    public String getOAuthServiceAccount() {
        return this.oAuthServiceAccount;
    }

    public List<String> getOAuthScopes() {
        return this.oAuthScopes;
    }

    public boolean isDebug() {
        return this.debug;
    }
}
