package io.quarkiverse.operatorsdk.bundle.deployment.builders;

import io.fabric8.kubernetes.api.model.ContainerFluent;
import io.fabric8.kubernetes.api.model.EnvVarFluent;
import io.fabric8.kubernetes.api.model.GroupVersionKind;
import io.fabric8.kubernetes.api.model.PodSpecFluent;
import io.fabric8.kubernetes.api.model.PodTemplateSpecFluent;
import io.fabric8.kubernetes.api.model.ServiceAccount;
import io.fabric8.kubernetes.api.model.apps.Deployment;
import io.fabric8.kubernetes.api.model.apps.DeploymentSpec;
import io.fabric8.kubernetes.api.model.apps.DeploymentSpecBuilder;
import io.fabric8.kubernetes.api.model.apps.DeploymentSpecFluent;
import io.fabric8.kubernetes.api.model.rbac.ClusterRole;
import io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding;
import io.fabric8.kubernetes.api.model.rbac.PolicyRule;
import io.fabric8.kubernetes.api.model.rbac.PolicyRuleBuilder;
import io.fabric8.kubernetes.api.model.rbac.Role;
import io.fabric8.kubernetes.api.model.rbac.RoleBinding;
import io.fabric8.kubernetes.api.model.rbac.RoleRef;
import io.fabric8.kubernetes.api.model.rbac.Subject;
import io.fabric8.openshift.api.model.operatorhub.v1alpha1.CRDDescription;
import io.fabric8.openshift.api.model.operatorhub.v1alpha1.CRDDescriptionBuilder;
import io.fabric8.openshift.api.model.operatorhub.v1alpha1.ClusterServiceVersionBuilder;
import io.fabric8.openshift.api.model.operatorhub.v1alpha1.ClusterServiceVersionFluent;
import io.fabric8.openshift.api.model.operatorhub.v1alpha1.ClusterServiceVersionSpecFluent;
import io.fabric8.openshift.api.model.operatorhub.v1alpha1.NamedInstallStrategyFluent;
import io.fabric8.openshift.api.model.operatorhub.v1alpha1.StrategyDeploymentPermissionsFluent;
import io.fabric8.openshift.api.model.operatorhub.v1alpha1.StrategyDetailsDeploymentFluent;
import io.quarkiverse.operatorsdk.bundle.deployment.BundleGenerator;
import io.quarkiverse.operatorsdk.bundle.deployment.BundleProcessor;
import io.quarkiverse.operatorsdk.bundle.runtime.CSVMetadataHolder;
import io.quarkiverse.operatorsdk.common.ConfigurationUtils;
import io.quarkiverse.operatorsdk.common.ReconciledAugmentedClassInfo;
import io.quarkiverse.operatorsdk.common.ReconciledResourceAugmentedClassInfo;
import io.quarkiverse.operatorsdk.common.ReconcilerAugmentedClassInfo;
import io.quarkiverse.operatorsdk.runtime.BuildTimeOperatorConfiguration;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkiverse/operatorsdk/bundle/deployment/builders/CsvManifestsBuilder.class */
public class CsvManifestsBuilder extends ManifestsBuilder {
    private static final String DEFAULT_INSTALL_MODE = "AllNamespaces";
    private static final String DEPLOYMENT = "deployment";
    private static final String SERVICE_ACCOUNT_KIND = "ServiceAccount";
    private static final String CLUSTER_ROLE_KIND = "ClusterRole";
    private static final String ROLE_KIND = "Role";
    private static final String NO_SERVICE_ACCOUNT = "";
    private static final String IMAGE_PNG = "image/png";
    public static final String OLM_TARGET_NAMESPACES = "metadata.annotations['olm.targetNamespaces']";
    private ClusterServiceVersionBuilder csvBuilder;
    private final Set<CRDDescription> ownedCRs;
    private final Set<CRDDescription> requiredCRs;
    private final Path kubernetesResources;
    private final String deploymentName;
    private final List<ReconcilerAugmentedClassInfo> controllers;
    private static final Logger log = Logger.getLogger(CsvManifestsBuilder.class);
    private static final Logger LOGGER = Logger.getLogger(CsvManifestsBuilder.class.getName());

    public CsvManifestsBuilder(CSVMetadataHolder cSVMetadataHolder, BuildTimeOperatorConfiguration buildTimeOperatorConfiguration, List<ReconcilerAugmentedClassInfo> list, Path path, String str) {
        super(cSVMetadataHolder);
        this.ownedCRs = new HashSet();
        this.requiredCRs = new HashSet();
        this.deploymentName = str;
        this.controllers = list;
        this.kubernetesResources = path != null ? path.resolve("kubernetes") : null;
        this.csvBuilder = new ClusterServiceVersionBuilder();
        ClusterServiceVersionFluent.MetadataNested withName = this.csvBuilder.withNewMetadata().withName(cSVMetadataHolder.csvName);
        if (cSVMetadataHolder.annotations != null) {
            withName.addToAnnotations("olm.skipRange", cSVMetadataHolder.annotations.skipRange);
            withName.addToAnnotations("containerImage", cSVMetadataHolder.annotations.containerImage);
            withName.addToAnnotations("repository", cSVMetadataHolder.annotations.repository);
            withName.addToAnnotations("capabilities", cSVMetadataHolder.annotations.capabilities);
            withName.addToAnnotations("categories", cSVMetadataHolder.annotations.categories);
            withName.addToAnnotations("certified", String.valueOf(cSVMetadataHolder.annotations.certified));
            withName.addToAnnotations("alm-examples", cSVMetadataHolder.annotations.almExamples);
            if (cSVMetadataHolder.annotations.others != null) {
                Map map = cSVMetadataHolder.annotations.others;
                Objects.requireNonNull(withName);
                map.forEach(withName::addToAnnotations);
            }
        }
        this.csvBuilder = (ClusterServiceVersionBuilder) withName.endMetadata();
        ClusterServiceVersionFluent.SpecNested withMaturity = this.csvBuilder.editOrNewSpec().withDescription(cSVMetadataHolder.description).withDisplayName(defaultIfEmpty(cSVMetadataHolder.displayName, cSVMetadataHolder.csvName)).withKeywords(cSVMetadataHolder.keywords).withReplaces(cSVMetadataHolder.replaces).withVersion(cSVMetadataHolder.version).withMinKubeVersion(cSVMetadataHolder.minKubeVersion).withMaturity(cSVMetadataHolder.maturity);
        if (cSVMetadataHolder.providerName != null) {
            withMaturity.withNewProvider().withName(cSVMetadataHolder.providerName).withUrl(cSVMetadataHolder.providerURL).endProvider();
        }
        if (cSVMetadataHolder.maintainers != null) {
            for (CSVMetadataHolder.Maintainer maintainer : cSVMetadataHolder.maintainers) {
                withMaturity.addNewMaintainer(maintainer.email, maintainer.name);
            }
        }
        if (cSVMetadataHolder.links != null) {
            for (CSVMetadataHolder.Link link : cSVMetadataHolder.links) {
                withMaturity.addNewLink(link.name, link.url);
            }
        }
        String iconName = getIconName();
        String readIconAsBase64 = readIconAsBase64(iconName);
        if (readIconAsBase64 != null) {
            withMaturity.addNewIcon(readIconAsBase64, IMAGE_PNG);
        }
        if (cSVMetadataHolder.icon != null) {
            for (CSVMetadataHolder.Icon icon : cSVMetadataHolder.icon) {
                if (!icon.fileName.isBlank() && !iconName.equals(icon.fileName)) {
                    String readIconAsBase642 = readIconAsBase64(icon.fileName);
                    if (readIconAsBase642 == null) {
                        throw new IllegalArgumentException("Couldn't find '" + icon.fileName + "' in " + this.kubernetesResources);
                    }
                    withMaturity.addNewIcon().withBase64data(readIconAsBase642).withMediatype(icon.mediatype).endIcon();
                }
            }
        } else {
            try {
                InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(iconName);
                if (resourceAsStream != null) {
                    try {
                        log.warnv("Using icon found in the application's resource. It is now recommended to put icons in 'src/main/kubernetes' instead of resources and provide an explicit name / media type using the @CSVMetadata.Icon annotation. This avoids unduly bundling unneeded resources into the application.", new Object[0]);
                        withMaturity.addNewIcon(new String(Base64.getEncoder().encode(resourceAsStream.readAllBytes())), IMAGE_PNG);
                    } finally {
                    }
                }
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
            } catch (IOException e) {
            }
        }
        if (cSVMetadataHolder.installModes == null || cSVMetadataHolder.installModes.length == 0) {
            withMaturity.addNewInstallMode(true, DEFAULT_INSTALL_MODE);
        } else {
            for (CSVMetadataHolder.InstallMode installMode : cSVMetadataHolder.installModes) {
                withMaturity.addNewInstallMode(Boolean.valueOf(installMode.supported), installMode.type);
            }
        }
        ArrayList arrayList = new ArrayList();
        list.forEach(reconcilerAugmentedClassInfo -> {
            ReconciledAugmentedClassInfo associatedResourceInfo = reconcilerAugmentedClassInfo.associatedResourceInfo();
            if (associatedResourceInfo.isCR()) {
                ReconciledResourceAugmentedClassInfo<?> asResourceTargeting = associatedResourceInfo.asResourceTargeting();
                if (asResourceTargeting.isCR()) {
                    CRDDescription createCRDDescription = createCRDDescription(asResourceTargeting);
                    if (buildTimeOperatorConfiguration.isControllerOwningPrimary(reconcilerAugmentedClassInfo.nameOrFailIfUnset())) {
                        this.ownedCRs.add(createCRDDescription);
                    } else {
                        this.requiredCRs.add(createCRDDescription);
                    }
                } else {
                    arrayList.add(new GroupVersionKind(asResourceTargeting.group(), asResourceTargeting.kind(), asResourceTargeting.version()));
                }
            }
            Collection dependentResourceInfos = reconcilerAugmentedClassInfo.getDependentResourceInfos();
            if (dependentResourceInfos == null || dependentResourceInfos.isEmpty()) {
                return;
            }
            dependentResourceInfos.stream().map((v0) -> {
                return v0.associatedResourceInfo();
            }).filter((v0) -> {
                return v0.isResource();
            }).map((v0) -> {
                return v0.asResourceTargeting();
            }).forEach(reconciledResourceAugmentedClassInfo -> {
                if (reconciledResourceAugmentedClassInfo.isCR()) {
                    this.requiredCRs.add(createCRDDescription(reconciledResourceAugmentedClassInfo));
                } else {
                    arrayList.add(new GroupVersionKind(reconciledResourceAugmentedClassInfo.group(), reconciledResourceAugmentedClassInfo.kind(), reconciledResourceAugmentedClassInfo.version()));
                }
            });
        });
        if (cSVMetadataHolder.requiredCRDs != null) {
            for (CSVMetadataHolder.RequiredCRD requiredCRD : cSVMetadataHolder.requiredCRDs) {
                this.requiredCRs.add(new CRDDescriptionBuilder().withKind(requiredCRD.kind).withName(requiredCRD.name).withVersion(requiredCRD.version).build());
            }
        }
        Comparator nullsFirst = Comparator.nullsFirst((v0, v1) -> {
            return v0.compareTo(v1);
        });
        withMaturity.addAllToNativeAPIs(arrayList.stream().distinct().sorted(Comparator.comparing((v0) -> {
            return v0.getGroup();
        }, nullsFirst).thenComparing(Comparator.comparing((v0) -> {
            return v0.getKind();
        }, nullsFirst)).thenComparing(Comparator.comparing((v0) -> {
            return v0.getVersion();
        }, nullsFirst))).toList());
        ((ClusterServiceVersionFluent.SpecNested) withMaturity.editOrNewCustomresourcedefinitions().addAllToOwned(this.ownedCRs).addAllToRequired(this.requiredCRs).endCustomresourcedefinitions()).endSpec();
    }

    private CRDDescription createCRDDescription(ReconciledResourceAugmentedClassInfo<?> reconciledResourceAugmentedClassInfo) {
        return new CRDDescriptionBuilder().withName(reconciledResourceAugmentedClassInfo.fullResourceName()).withDisplayName((String) reconciledResourceAugmentedClassInfo.getExtendedInfo(BundleProcessor.CRD_DISPLAY_NAME, String.class)).withDescription((String) reconciledResourceAugmentedClassInfo.getExtendedInfo(BundleProcessor.CRD_DESCRIPTION, String.class)).withVersion(reconciledResourceAugmentedClassInfo.version()).withKind(reconciledResourceAugmentedClassInfo.kind()).build();
    }

    public Set<String> getOwnedCRs() {
        return (Set) this.ownedCRs.stream().map((v0) -> {
            return v0.getName();
        }).sorted().collect(Collectors.toCollection(LinkedHashSet::new));
    }

    public Set<String> getRequiredCRs() {
        return (Set) this.requiredCRs.stream().map((v0) -> {
            return v0.getName();
        }).sorted().collect(Collectors.toCollection(LinkedHashSet::new));
    }

    @Override // io.quarkiverse.operatorsdk.bundle.deployment.builders.ManifestsBuilder
    public String getManifestType() {
        return "CSV";
    }

    @Override // io.quarkiverse.operatorsdk.bundle.deployment.builders.ManifestsBuilder
    public Path getFileName() {
        return Path.of(BundleGenerator.MANIFESTS, getName() + ".clusterserviceversion.yaml");
    }

    private String getIconName() {
        return getName() + ".icon.png";
    }

    private String readIconAsBase64(String str) {
        if (this.kubernetesResources == null) {
            return null;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(this.kubernetesResources.resolve(str).toFile());
            try {
                String str2 = new String(Base64.getEncoder().encode(fileInputStream.readAllBytes()));
                fileInputStream.close();
                return str2;
            } finally {
            }
        } catch (IOException e) {
            return null;
        }
    }

    @Override // io.quarkiverse.operatorsdk.bundle.deployment.builders.ManifestsBuilder
    public byte[] getManifestData(List<ServiceAccount> list, List<ClusterRoleBinding> list2, List<ClusterRole> list3, List<RoleBinding> list4, List<Role> list5, List<Deployment> list6) throws IOException {
        ClusterServiceVersionFluent.SpecNested editOrNewSpec = this.csvBuilder.editOrNewSpec();
        String str = NO_SERVICE_ACCOUNT;
        if (!list.isEmpty()) {
            str = list.get(0).getMetadata().getName();
        }
        NamedInstallStrategyFluent<?>.SpecNested<?> editOrNewSpec2 = editOrNewSpec.editOrNewInstall().withStrategy(DEPLOYMENT).editOrNewSpec();
        handleClusterPermissions(list2, list3, list5, str, editOrNewSpec2);
        handlePermissions(list3, list4, list5, str, editOrNewSpec2);
        handleDeployments(list6, editOrNewSpec2);
        ((ClusterServiceVersionSpecFluent.InstallNested) editOrNewSpec2.endSpec()).endInstall();
        editOrNewSpec.endSpec();
        return YAML_MAPPER.writeValueAsBytes(this.csvBuilder.build());
    }

    private void handleDeployments(List<Deployment> list, NamedInstallStrategyFluent<?>.SpecNested<?> specNested) {
        list.forEach(deployment -> {
            handleDeployment(deployment, specNested);
        });
    }

    private void handlePermissions(List<ClusterRole> list, List<RoleBinding> list2, List<Role> list3, String str, NamedInstallStrategyFluent<?>.SpecNested<?> specNested) {
        HashMap hashMap = new HashMap();
        if (this.metadata.permissionRules != null) {
            for (CSVMetadataHolder.PermissionRule permissionRule : this.metadata.permissionRules) {
                ((List) hashMap.computeIfAbsent(defaultIfEmpty(permissionRule.serviceAccountName, str), str2 -> {
                    return new LinkedList();
                })).add(new PolicyRuleBuilder().addAllToApiGroups(Arrays.asList(permissionRule.apiGroups)).addAllToResources(Arrays.asList(permissionRule.resources)).addAllToVerbs(Arrays.asList(permissionRule.verbs)).build());
            }
        }
        for (RoleBinding roleBinding : list2) {
            String findServiceAccountFromSubjects = findServiceAccountFromSubjects(roleBinding.getSubjects(), str);
            if (NO_SERVICE_ACCOUNT.equals(findServiceAccountFromSubjects)) {
                LOGGER.warnf("Role '%s' was not added because the service account is missing", roleBinding.getRoleRef().getName());
            } else {
                LinkedList linkedList = new LinkedList(findRules(roleBinding.getRoleRef(), list, list3));
                Optional ofNullable = Optional.ofNullable((List) hashMap.remove(findServiceAccountFromSubjects));
                Objects.requireNonNull(linkedList);
                ofNullable.ifPresent((v1) -> {
                    r1.addAll(v1);
                });
                handlerPermission(linkedList, findServiceAccountFromSubjects, specNested);
            }
        }
    }

    private void handleClusterPermissions(List<ClusterRoleBinding> list, List<ClusterRole> list2, List<Role> list3, String str, NamedInstallStrategyFluent<?>.SpecNested<?> specNested) {
        for (ClusterRoleBinding clusterRoleBinding : list) {
            String findServiceAccountFromSubjects = findServiceAccountFromSubjects(clusterRoleBinding.getSubjects(), str);
            if (NO_SERVICE_ACCOUNT.equals(findServiceAccountFromSubjects)) {
                LOGGER.warnf("Cluster Role '%s' was not added because the service account is missing", clusterRoleBinding.getRoleRef().getName());
            } else {
                handleClusterPermission(findRules(clusterRoleBinding.getRoleRef(), list2, list3), findServiceAccountFromSubjects, specNested);
            }
        }
    }

    private void handleDeployment(Deployment deployment, NamedInstallStrategyFluent<?>.SpecNested<?> specNested) {
        if (deployment != null) {
            String name = deployment.getMetadata().getName();
            DeploymentSpec spec = deployment.getSpec();
            if (name.equals(this.deploymentName)) {
                PodSpecFluent.ContainersNested editFirstContainer = new DeploymentSpecBuilder(spec).editTemplate().editSpec().editFirstContainer();
                this.controllers.stream().map((v0) -> {
                    return v0.nameOrFailIfUnset();
                }).forEach(str -> {
                    ((ContainerFluent.EnvNested) ((EnvVarFluent.ValueFromNested) editFirstContainer.addNewEnv().withName(ConfigurationUtils.getNamespacesPropertyName(str, true)).withNewValueFrom().withNewFieldRef().withFieldPath(OLM_TARGET_NAMESPACES).endFieldRef()).endValueFrom()).endEnv();
                });
                spec = ((DeploymentSpecBuilder) ((DeploymentSpecFluent.TemplateNested) ((PodTemplateSpecFluent.SpecNested) editFirstContainer.endContainer()).endSpec()).endTemplate()).build();
            }
            specNested.addNewDeployment().withName(name).withSpec(spec).endDeployment();
        }
    }

    private void handlerPermission(List<PolicyRule> list, String str, NamedInstallStrategyFluent<?>.SpecNested<?> specNested) {
        if (list.isEmpty()) {
            return;
        }
        Predicate predicate = strategyDeploymentPermissionsBuilder -> {
            return str.equals(strategyDeploymentPermissionsBuilder.getServiceAccountName());
        };
        if (!specNested.hasMatchingPermission(predicate)) {
            specNested.addNewPermission().withServiceAccountName(str).addAllToRules(list).endPermission();
            return;
        }
        StrategyDetailsDeploymentFluent.PermissionsNested editMatchingPermission = specNested.editMatchingPermission(predicate);
        appendRulesInPermission(editMatchingPermission, list);
        editMatchingPermission.endPermission();
    }

    private void handleClusterPermission(List<PolicyRule> list, String str, NamedInstallStrategyFluent<?>.SpecNested<?> specNested) {
        Predicate predicate = strategyDeploymentPermissionsBuilder -> {
            return str.equals(strategyDeploymentPermissionsBuilder.getServiceAccountName());
        };
        if (!specNested.hasMatchingClusterPermission(predicate)) {
            specNested.addNewClusterPermission().withServiceAccountName(str).addAllToRules(list).endClusterPermission();
            return;
        }
        StrategyDetailsDeploymentFluent.ClusterPermissionsNested editMatchingClusterPermission = specNested.editMatchingClusterPermission(predicate);
        appendRulesInPermission(editMatchingClusterPermission, list);
        editMatchingClusterPermission.endClusterPermission();
    }

    private String findServiceAccountFromSubjects(List<Subject> list, String str) {
        return (String) list.stream().filter(subject -> {
            return SERVICE_ACCOUNT_KIND.equalsIgnoreCase(subject.getKind());
        }).map((v0) -> {
            return v0.getName();
        }).findFirst().orElse(str);
    }

    private List<PolicyRule> findRules(RoleRef roleRef, List<ClusterRole> list, List<Role> list2) {
        if (roleRef == null) {
            return Collections.emptyList();
        }
        String kind = roleRef.getKind();
        String name = roleRef.getName();
        if (CLUSTER_ROLE_KIND.equals(kind)) {
            for (ClusterRole clusterRole : list) {
                if (name.equals(clusterRole.getMetadata().getName())) {
                    return clusterRole.getRules();
                }
            }
        } else if (ROLE_KIND.equals(kind)) {
            for (Role role : list2) {
                if (name.equals(role.getMetadata().getName())) {
                    return role.getRules();
                }
            }
        }
        return Collections.emptyList();
    }

    private void appendRulesInPermission(StrategyDeploymentPermissionsFluent strategyDeploymentPermissionsFluent, List<PolicyRule> list) {
        for (PolicyRule policyRule : list) {
            if (!strategyDeploymentPermissionsFluent.hasMatchingRule(obj -> {
                return obj.equals(policyRule);
            })) {
                strategyDeploymentPermissionsFluent.addToRules(new PolicyRule[]{policyRule});
            }
        }
    }

    private static String defaultIfEmpty(String str, String str2) {
        return (String) Optional.ofNullable(str).filter(str3 -> {
            return (str3.isBlank() || str3.isEmpty()) ? false : true;
        }).orElse(str2);
    }
}
