package com.amazonaws.athena.connectors.aws.cmdb.tables.ec2;

import com.amazonaws.athena.connector.lambda.QueryStatusChecker;
import com.amazonaws.athena.connector.lambda.data.BlockAllocator;
import com.amazonaws.athena.connector.lambda.data.BlockSpiller;
import com.amazonaws.athena.connector.lambda.data.FieldResolver;
import com.amazonaws.athena.connector.lambda.data.SchemaBuilder;
import com.amazonaws.athena.connector.lambda.domain.TableName;
import com.amazonaws.athena.connector.lambda.domain.predicate.ValueSet;
import com.amazonaws.athena.connector.lambda.metadata.GetTableRequest;
import com.amazonaws.athena.connector.lambda.metadata.GetTableResponse;
import com.amazonaws.athena.connector.lambda.records.ReadRecordsRequest;
import com.amazonaws.athena.connectors.aws.cmdb.tables.TableProvider;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.arrow.vector.types.Types;
import org.apache.arrow.vector.types.pojo.Schema;
import org.apache.logging.log4j.core.lookup.StructuredDataLookup;
import software.amazon.awssdk.services.ec2.Ec2Client;
import software.amazon.awssdk.services.ec2.model.DescribeSecurityGroupsRequest;
import software.amazon.awssdk.services.ec2.model.DescribeSecurityGroupsResponse;
import software.amazon.awssdk.services.ec2.model.IpPermission;
import software.amazon.awssdk.services.ec2.model.SecurityGroup;

/* loaded from: input_file:com/amazonaws/athena/connectors/aws/cmdb/tables/ec2/SecurityGroupsTableProvider.class */
public class SecurityGroupsTableProvider implements TableProvider {
    private static final String INGRESS = "ingress";
    private static final String EGRESS = "egress";
    private static final Schema SCHEMA = SchemaBuilder.newBuilder().addStringField(StructuredDataLookup.ID_KEY).addStringField("name").addStringField("description").addIntField("from_port").addIntField("to_port").addStringField("protocol").addStringField("direction").addListField("ipv4_ranges", Types.MinorType.VARCHAR.getType()).addListField("ipv6_ranges", Types.MinorType.VARCHAR.getType()).addListField("prefix_lists", Types.MinorType.VARCHAR.getType()).addListField("user_id_groups", Types.MinorType.VARCHAR.getType()).addMetadata(StructuredDataLookup.ID_KEY, "Security Group ID.").addMetadata("name", "Name of the security group.").addMetadata("description", "Description of the security group.").addMetadata("from_port", "Beginging of the port range covered by this security group.").addMetadata("to_port", "Ending of the port range covered by this security group.").addMetadata("protocol", "The network protocol covered by this security group.").addMetadata("direction", "Notes if the rule applies inbound (ingress) or outbound (egress).").addMetadata("ipv4_ranges", "The ip v4 ranges covered by this security group.").addMetadata("ipv6_ranges", "The ip v6 ranges covered by this security group.").addMetadata("prefix_lists", "The prefix lists covered by this security group.").addMetadata("user_id_groups", "The user id groups covered by this security group.").build();
    private Ec2Client ec2;

    public SecurityGroupsTableProvider(Ec2Client ec2Client) {
        this.ec2 = ec2Client;
    }

    @Override // com.amazonaws.athena.connectors.aws.cmdb.tables.TableProvider
    public String getSchema() {
        return "ec2";
    }

    @Override // com.amazonaws.athena.connectors.aws.cmdb.tables.TableProvider
    public TableName getTableName() {
        return new TableName(getSchema(), "security_groups");
    }

    @Override // com.amazonaws.athena.connectors.aws.cmdb.tables.TableProvider
    public GetTableResponse getTable(BlockAllocator blockAllocator, GetTableRequest getTableRequest) {
        return new GetTableResponse(getTableRequest.getCatalogName(), getTableName(), SCHEMA);
    }

    @Override // com.amazonaws.athena.connectors.aws.cmdb.tables.TableProvider
    public void readWithConstraint(BlockSpiller blockSpiller, ReadRecordsRequest readRecordsRequest, QueryStatusChecker queryStatusChecker) {
        boolean z = false;
        DescribeSecurityGroupsRequest.Builder builder = DescribeSecurityGroupsRequest.builder();
        ValueSet valueSet = readRecordsRequest.getConstraints().getSummary().get(StructuredDataLookup.ID_KEY);
        if (valueSet != null && valueSet.isSingleValue()) {
            builder.groupIds(Collections.singletonList(valueSet.getSingleValue().toString()));
        }
        ValueSet valueSet2 = readRecordsRequest.getConstraints().getSummary().get("name");
        if (valueSet2 != null && valueSet2.isSingleValue()) {
            builder.groupNames(Collections.singletonList(valueSet2.getSingleValue().toString()));
        }
        while (!z) {
            DescribeSecurityGroupsResponse describeSecurityGroups = this.ec2.describeSecurityGroups((DescribeSecurityGroupsRequest) builder.mo2981build());
            for (SecurityGroup securityGroup : describeSecurityGroups.securityGroups()) {
                Iterator<IpPermission> it = securityGroup.ipPermissions().iterator();
                while (it.hasNext()) {
                    instanceToRow(securityGroup, it.next(), INGRESS, blockSpiller);
                }
                Iterator<IpPermission> it2 = securityGroup.ipPermissionsEgress().iterator();
                while (it2.hasNext()) {
                    instanceToRow(securityGroup, it2.next(), EGRESS, blockSpiller);
                }
            }
            builder.nextToken(describeSecurityGroups.nextToken());
            if (describeSecurityGroups.nextToken() == null || !queryStatusChecker.isQueryRunning()) {
                z = true;
            }
        }
    }

    private void instanceToRow(SecurityGroup securityGroup, IpPermission ipPermission, String str, BlockSpiller blockSpiller) {
        blockSpiller.writeRows((block, i) -> {
            return ((((((((((true & block.offerValue(StructuredDataLookup.ID_KEY, i, securityGroup.groupId())) & block.offerValue("name", i, securityGroup.groupName())) & block.offerValue("description", i, securityGroup.description())) & block.offerValue("from_port", i, ipPermission.fromPort())) & block.offerValue("to_port", i, ipPermission.toPort())) & block.offerValue("protocol", i, ipPermission.ipProtocol())) & block.offerValue("direction", i, str)) & block.offerComplexValue("ipv4_ranges", i, FieldResolver.DEFAULT, (List) ipPermission.ipRanges().stream().map(ipRange -> {
                return ipRange.cidrIp() + ":" + ipRange.description();
            }).collect(Collectors.toList()))) & block.offerComplexValue("ipv6_ranges", i, FieldResolver.DEFAULT, (List) ipPermission.ipv6Ranges().stream().map(ipv6Range -> {
                return ipv6Range.cidrIpv6() + ":" + ipv6Range.description();
            }).collect(Collectors.toList()))) & block.offerComplexValue("prefix_lists", i, FieldResolver.DEFAULT, (List) ipPermission.prefixListIds().stream().map(prefixListId -> {
                return prefixListId.prefixListId() + ":" + prefixListId.description();
            }).collect(Collectors.toList()))) & block.offerComplexValue("user_id_groups", i, FieldResolver.DEFAULT, (List) ipPermission.userIdGroupPairs().stream().map(userIdGroupPair -> {
                return userIdGroupPair.userId() + ":" + userIdGroupPair.groupId();
            }).collect(Collectors.toList())) ? 1 : 0;
        });
    }
}
