package com.netflix.spinnaker.clouddriver.kubernetes.security;

import com.netflix.spectator.api.Registry;
import com.netflix.spinnaker.clouddriver.kubernetes.KubernetesCloudProvider;
import com.netflix.spinnaker.clouddriver.kubernetes.config.CustomKubernetesResource;
import com.netflix.spinnaker.clouddriver.kubernetes.config.LinkedDockerRegistryConfiguration;
import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesCredentials;
import com.netflix.spinnaker.clouddriver.kubernetes.v1.security.KubernetesV1Credentials;
import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.KubernetesManifest;
import com.netflix.spinnaker.clouddriver.kubernetes.v2.op.job.KubectlJobExecutor;
import com.netflix.spinnaker.clouddriver.kubernetes.v2.security.KubernetesV2Credentials;
import com.netflix.spinnaker.clouddriver.names.NamerRegistry;
import com.netflix.spinnaker.clouddriver.security.AccountCredentials;
import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository;
import com.netflix.spinnaker.clouddriver.security.ProviderVersion;
import com.netflix.spinnaker.fiat.model.resources.Permissions;
import com.netflix.spinnaker.moniker.Namer;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.util.Collections;
import java.util.List;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesNamedAccountCredentials.class */
public class KubernetesNamedAccountCredentials<C extends KubernetesCredentials> implements AccountCredentials<C> {
    private final String cloudProvider = "kubernetes";
    private final String name;
    private final ProviderVersion providerVersion;
    private final String environment;
    private final String accountType;
    private final String context;
    private final String cluster;
    private final String user;
    private final String userAgent;
    private final String kubeconfigFile;
    private final String kubectlExecutable;
    private final Boolean serviceAccount;
    private List<String> namespaces;
    private List<String> omitNamespaces;
    private String skin;
    private final int cacheThreads;
    private C credentials;
    private final List<String> requiredGroupMembership;
    private final Permissions permissions;
    private final List<LinkedDockerRegistryConfiguration> dockerRegistries;
    private final Registry spectatorRegistry;
    private final AccountCredentialsRepository accountCredentialsRepository;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesNamedAccountCredentials$1, reason: invalid class name */
    /* loaded from: input_file:com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesNamedAccountCredentials$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$netflix$spinnaker$clouddriver$security$ProviderVersion = new int[ProviderVersion.values().length];

        static {
            try {
                $SwitchMap$com$netflix$spinnaker$clouddriver$security$ProviderVersion[ProviderVersion.v1.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$netflix$spinnaker$clouddriver$security$ProviderVersion[ProviderVersion.v2.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* loaded from: input_file:com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesNamedAccountCredentials$Builder.class */
    static class Builder<C extends KubernetesCredentials> {
        String name;
        ProviderVersion providerVersion;
        String environment;
        String accountType;
        String context;
        String cluster;
        String oAuthServiceAccount;
        List<String> oAuthScopes;
        String user;
        String userAgent;
        String kubeconfigFile;
        String kubeconfigContents;
        String kubectlExecutable;
        Boolean serviceAccount;
        Boolean configureImagePullSecrets;
        List<String> namespaces;
        List<String> omitNamespaces;
        String skin;
        int cacheThreads;
        C credentials;
        List<String> requiredGroupMembership;
        Permissions permissions;
        List<LinkedDockerRegistryConfiguration> dockerRegistries;
        Registry spectatorRegistry;
        AccountCredentialsRepository accountCredentialsRepository;
        KubectlJobExecutor jobExecutor;
        Namer namer;
        List<CustomKubernetesResource> customResources;
        List<String> kinds;
        List<String> omitKinds;
        boolean debug;

        Builder() {
        }

        Builder name(String str) {
            this.name = str;
            return this;
        }

        Builder providerVersion(ProviderVersion providerVersion) {
            this.providerVersion = providerVersion;
            return this;
        }

        Builder environment(String str) {
            this.environment = str;
            return this;
        }

        Builder accountType(String str) {
            this.accountType = str;
            return this;
        }

        Builder context(String str) {
            this.context = str;
            return this;
        }

        Builder cluster(String str) {
            this.cluster = str;
            return this;
        }

        Builder oAuthServiceAccount(String str) {
            this.oAuthServiceAccount = str;
            return this;
        }

        Builder oAuthScopes(List<String> list) {
            this.oAuthScopes = list;
            return this;
        }

        Builder user(String str) {
            this.user = str;
            return this;
        }

        Builder userAgent(String str) {
            this.userAgent = str;
            return this;
        }

        Builder kubeconfigFile(String str) {
            this.kubeconfigFile = str;
            return this;
        }

        Builder kubeconfigContents(String str) {
            this.kubeconfigContents = str;
            return this;
        }

        Builder kubectlExecutable(String str) {
            this.kubectlExecutable = str;
            return this;
        }

        Builder serviceAccount(Boolean bool) {
            this.serviceAccount = bool;
            return this;
        }

        Builder configureImagePullSecrets(Boolean bool) {
            this.configureImagePullSecrets = bool;
            return this;
        }

        Builder requiredGroupMembership(List<String> list) {
            this.requiredGroupMembership = list;
            return this;
        }

        Builder permissions(Permissions permissions) {
            if (permissions.isRestricted()) {
                this.requiredGroupMembership = Collections.emptyList();
                this.permissions = permissions;
            }
            return this;
        }

        Builder dockerRegistries(List<LinkedDockerRegistryConfiguration> list) {
            this.dockerRegistries = list;
            return this;
        }

        Builder namespaces(List<String> list) {
            this.namespaces = list;
            return this;
        }

        Builder omitNamespaces(List<String> list) {
            this.omitNamespaces = list;
            return this;
        }

        Builder skin(String str) {
            this.skin = str;
            return this;
        }

        Builder cacheThreads(int i) {
            this.cacheThreads = i;
            return this;
        }

        Builder credentials(C c) {
            this.credentials = c;
            return this;
        }

        Builder spectatorRegistry(Registry registry) {
            this.spectatorRegistry = registry;
            return this;
        }

        Builder accountCredentialsRepository(AccountCredentialsRepository accountCredentialsRepository) {
            this.accountCredentialsRepository = accountCredentialsRepository;
            return this;
        }

        Builder jobExecutor(KubectlJobExecutor kubectlJobExecutor) {
            this.jobExecutor = kubectlJobExecutor;
            return this;
        }

        Builder debug(boolean z) {
            this.debug = z;
            return this;
        }

        Builder namer(Namer namer) {
            this.namer = namer;
            return this;
        }

        Builder customResources(List<CustomKubernetesResource> list) {
            this.customResources = list;
            return this;
        }

        Builder kinds(List<String> list) {
            this.kinds = list;
            return this;
        }

        Builder omitKinds(List<String> list) {
            this.omitKinds = list;
            return this;
        }

        private C buildCredentials() {
            switch (AnonymousClass1.$SwitchMap$com$netflix$spinnaker$clouddriver$security$ProviderVersion[this.providerVersion.ordinal()]) {
                case 1:
                    return new KubernetesV1Credentials(this.name, this.kubeconfigFile, this.context, this.cluster, this.user, this.userAgent, this.serviceAccount, this.configureImagePullSecrets.booleanValue(), this.namespaces, this.omitNamespaces, this.dockerRegistries, this.spectatorRegistry, this.accountCredentialsRepository);
                case 2:
                    NamerRegistry.lookup().withProvider(KubernetesCloudProvider.getID()).withAccount(this.name).setNamer(KubernetesManifest.class, this.namer);
                    return new KubernetesV2Credentials.Builder().accountName(this.name).kubeconfigFile(this.kubeconfigFile).kubectlExecutable(this.kubectlExecutable).context(this.context).oAuthServiceAccount(this.oAuthServiceAccount).oAuthScopes(this.oAuthScopes).serviceAccount(this.serviceAccount.booleanValue()).userAgent(this.userAgent).namespaces(this.namespaces).omitNamespaces(this.omitNamespaces).registry(this.spectatorRegistry).customResources(this.customResources).kinds(this.kinds).omitKinds(this.omitKinds).debug(this.debug).jobExecutor(this.jobExecutor).build();
                default:
                    throw new IllegalArgumentException("Unknown provider type: " + this.providerVersion);
            }
        }

        KubernetesNamedAccountCredentials build() {
            if (StringUtils.isEmpty(this.name)) {
                throw new IllegalArgumentException("Account name for Kubernetes provider missing.");
            }
            if (this.omitNamespaces != null && !this.omitNamespaces.isEmpty() && this.namespaces != null && !this.namespaces.isEmpty()) {
                throw new IllegalArgumentException("At most one of 'namespaces' and 'omitNamespaces' can be specified");
            }
            if (this.omitKinds != null && !this.omitKinds.isEmpty() && this.kinds != null && !this.kinds.isEmpty()) {
                throw new IllegalArgumentException("At most one of 'kinds' and 'omitKinds' can be specified");
            }
            if (this.cacheThreads == 0) {
                this.cacheThreads = 1;
            }
            if (this.providerVersion == null) {
                this.providerVersion = ProviderVersion.v1;
            }
            if (StringUtils.isEmpty(this.kubeconfigFile)) {
                if (StringUtils.isEmpty(this.kubeconfigContents)) {
                    this.kubeconfigFile = System.getProperty("user.home") + "/.kube/config";
                } else {
                    try {
                        File createTempFile = File.createTempFile("kube", "config");
                        BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(createTempFile));
                        bufferedWriter.write(this.kubeconfigContents);
                        bufferedWriter.close();
                        this.kubeconfigFile = createTempFile.getAbsolutePath();
                    } catch (IOException e) {
                        throw new RuntimeException("Unable to persist 'kubeconfigContents' parameter to disk: " + e.getMessage(), e);
                    }
                }
            }
            if (this.requiredGroupMembership == null || this.requiredGroupMembership.isEmpty()) {
                this.requiredGroupMembership = Collections.emptyList();
            } else {
                this.requiredGroupMembership = Collections.unmodifiableList(this.requiredGroupMembership);
            }
            if (this.configureImagePullSecrets == null) {
                this.configureImagePullSecrets = true;
            }
            if (this.serviceAccount == null) {
                this.serviceAccount = false;
            }
            if (this.credentials == null) {
                this.credentials = buildCredentials();
            }
            return new KubernetesNamedAccountCredentials(this.name, this.providerVersion, this.accountCredentialsRepository, this.userAgent, this.environment, this.accountType, this.context, this.cluster, this.user, this.kubeconfigFile, this.kubectlExecutable, this.serviceAccount, this.namespaces, this.omitNamespaces, this.skin, this.cacheThreads, this.dockerRegistries, this.requiredGroupMembership, this.permissions, this.spectatorRegistry, this.credentials);
        }
    }

    KubernetesNamedAccountCredentials(String str, ProviderVersion providerVersion, AccountCredentialsRepository accountCredentialsRepository, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, Boolean bool, List<String> list, List<String> list2, String str10, int i, List<LinkedDockerRegistryConfiguration> list3, List<String> list4, Permissions permissions, Registry registry, C c) {
        this.name = str;
        this.providerVersion = providerVersion;
        this.environment = str3;
        this.accountType = str4;
        this.context = str5;
        this.cluster = str6;
        this.user = str7;
        this.userAgent = str2;
        this.kubeconfigFile = str8;
        this.kubectlExecutable = str9;
        this.serviceAccount = bool;
        this.namespaces = list;
        this.omitNamespaces = list2;
        this.skin = str10;
        this.cacheThreads = i;
        this.requiredGroupMembership = list4;
        this.permissions = permissions;
        this.dockerRegistries = list3;
        this.accountCredentialsRepository = accountCredentialsRepository;
        this.spectatorRegistry = registry;
        this.credentials = c;
    }

    public List<String> getNamespaces() {
        return this.credentials.getDeclaredNamespaces();
    }

    public String getName() {
        return this.name;
    }

    public ProviderVersion getProviderVersion() {
        return this.providerVersion;
    }

    public String getSkin() {
        return this.skin != null ? this.skin : getProviderVersion().toString();
    }

    public String getEnvironment() {
        return this.environment;
    }

    public String getAccountType() {
        return this.accountType;
    }

    /* renamed from: getCredentials, reason: merged with bridge method [inline-methods] */
    public C m4getCredentials() {
        return this.credentials;
    }

    public String getKubectlExecutable() {
        return this.kubectlExecutable;
    }

    public String getCloudProvider() {
        return "kubernetes";
    }

    public int getCacheThreads() {
        return this.cacheThreads;
    }

    public List<LinkedDockerRegistryConfiguration> getDockerRegistries() {
        return this.dockerRegistries;
    }

    public Permissions getPermissions() {
        return this.permissions;
    }

    public List<String> getRequiredGroupMembership() {
        return this.requiredGroupMembership;
    }
}
