package io.quarkiverse.operatorsdk.deployment;

import io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding;
import io.fabric8.kubernetes.api.model.rbac.ClusterRoleBindingBuilder;
import io.fabric8.kubernetes.api.model.rbac.RoleBinding;
import io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder;
import io.fabric8.kubernetes.api.model.rbac.RoleRef;
import io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder;
import io.javaoperatorsdk.operator.api.config.informer.InformerConfiguration;
import io.quarkiverse.operatorsdk.runtime.BuildTimeOperatorConfiguration;
import io.quarkiverse.operatorsdk.runtime.QuarkusControllerConfiguration;
import java.util.Collection;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkiverse/operatorsdk/deployment/RoleBindings.class */
public class RoleBindings {
    protected static final String SERVICE_ACCOUNT = "ServiceAccount";
    protected static final String RBAC_AUTHORIZATION_GROUP = "rbac.authorization.k8s.io";
    public static final String CLUSTER_ROLE = "ClusterRole";
    public static final RoleRef CRD_VALIDATING_ROLE_REF = new RoleRef(RBAC_AUTHORIZATION_GROUP, CLUSTER_ROLE, ClusterRoles.JOSDK_CRD_VALIDATING_CLUSTER_ROLE_NAME);
    private static final Logger log = Logger.getLogger(RoleBindings.class);
    private static final ConcurrentMap<QuarkusControllerConfiguration, BindingsHolder> cachedBindings = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/quarkiverse/operatorsdk/deployment/RoleBindings$BindingsHolder.class */
    public static class BindingsHolder {
        private List<RoleBinding> roleBindings;
        private List<ClusterRoleBinding> clusterRoleBindings;

        private BindingsHolder() {
        }

        public List<RoleBinding> getRoleBindings() {
            return this.roleBindings;
        }

        public void setRoleBindings(List<RoleBinding> list) {
            this.roleBindings = list;
        }

        public List<ClusterRoleBinding> getClusterRoleBindings() {
            return this.clusterRoleBindings;
        }

        public void setClusterRoleBindings(List<ClusterRoleBinding> list) {
            this.clusterRoleBindings = list;
        }
    }

    public static String getCRDValidatingBindingName(String str) {
        return str + "-crd-validating-role-binding";
    }

    public static String getClusterRoleBindingName(String str) {
        return str + "-cluster-role-binding";
    }

    public static String getRoleBindingName(String str) {
        return str + "-role-binding";
    }

    public static String getSpecificRoleBindingName(String str, String str2) {
        return str2 + "-" + getRoleBindingName(str);
    }

    public static String getSpecificRoleBindingName(String str, RoleRef roleRef) {
        return getSpecificRoleBindingName(str, roleRef.getName());
    }

    private static RoleRef createDefaultRoleRef(String str) {
        return new RoleRefBuilder().withApiGroup(RBAC_AUTHORIZATION_GROUP).withKind(CLUSTER_ROLE).withName(ClusterRoles.getClusterRoleName(str)).build();
    }

    private static RoleBinding createRoleBinding(String str, String str2, String str3, String str4, RoleRef roleRef) {
        log.infov("Creating ''{0}'' RoleBinding to be applied to {1}", str, (str4 == null ? "current" : "'" + str4 + "'") + " namespace");
        return ((RoleBindingBuilder) new RoleBindingBuilder().withNewMetadata().withName(str).withNamespace(str4).endMetadata()).withRoleRef(roleRef).addNewSubject((String) null, SERVICE_ACCOUNT, str2, str3).build();
    }

    private static ClusterRoleBinding createClusterRoleBinding(String str, String str2, String str3, String str4, String str5, RoleRef roleRef) {
        outputWarningIfNeeded(str3, str4, str, str5);
        RoleRef createDefaultRoleRef = roleRef == null ? createDefaultRoleRef(str4) : roleRef;
        log.infov("Creating ''{0}'' ClusterRoleBinding to be applied to ''{1}'' namespace", str, str3);
        return ((ClusterRoleBindingBuilder) ((ClusterRoleBindingBuilder) new ClusterRoleBindingBuilder().withNewMetadata().withName(str).endMetadata()).withRoleRef(createDefaultRoleRef).addNewSubject().withKind(SERVICE_ACCOUNT).withName(str2).withNamespace(str3).endSubject()).build();
    }

    private static void outputWarningIfNeeded(String str, String str2, String str3, String str4) {
        if (str == null || str.isEmpty()) {
            log.warnv("''{0}'' controller is configured to " + str4 + ", this requires a ClusterRoleBinding which REQUIRES a namespace for the operator ServiceAccount, which has NOT been provided. You can specify the ServiceAccount's namespace using the ''quarkus.kubernetes.rbac.service-accounts.<service account name>.namespace=<service account namespace>'' property (or, alternatively, ''quarkus.kubernetes.namespace'', though using this property will use the specified namespace for ALL your resources. Leaving the namespace blank to be provided by the user by editing the ''{1}'' ClusterRoleBinding to provide the namespace in which the operator will be deployed.", str2, str3);
        }
    }

    public static List<RoleBinding> createRoleBindings(Collection<QuarkusControllerConfiguration<?>> collection, BuildTimeOperatorConfiguration buildTimeOperatorConfiguration, String str, String str2) {
        return collection.stream().flatMap(quarkusControllerConfiguration -> {
            return bindingsFor(quarkusControllerConfiguration, buildTimeOperatorConfiguration, str, str2).getRoleBindings().stream();
        }).toList();
    }

    public static List<ClusterRoleBinding> createClusterRoleBindings(Collection<QuarkusControllerConfiguration<?>> collection, BuildTimeOperatorConfiguration buildTimeOperatorConfiguration, String str, String str2) {
        return collection.stream().flatMap(quarkusControllerConfiguration -> {
            return bindingsFor(quarkusControllerConfiguration, buildTimeOperatorConfiguration, str, str2).getClusterRoleBindings().stream();
        }).toList();
    }

    private static BindingsHolder bindingsFor(QuarkusControllerConfiguration<?> quarkusControllerConfiguration, BuildTimeOperatorConfiguration buildTimeOperatorConfiguration, String str, String str2) {
        BindingsHolder bindingsHolder = cachedBindings.get(quarkusControllerConfiguration);
        if (bindingsHolder != null) {
            return bindingsHolder;
        }
        BindingsHolder bindingsHolder2 = new BindingsHolder();
        cachedBindings.put(quarkusControllerConfiguration, bindingsHolder2);
        String name = quarkusControllerConfiguration.getName();
        InformerConfiguration informerConfig = quarkusControllerConfiguration.getInformerConfig();
        Set namespaces = informerConfig.getNamespaces();
        LinkedList linkedList = new LinkedList();
        LinkedList linkedList2 = new LinkedList();
        if (buildTimeOperatorConfiguration.crd().validate().booleanValue()) {
            linkedList2.add(createClusterRoleBinding(getCRDValidatingBindingName(name), str, str2, name, "validate CRDs", CRD_VALIDATING_ROLE_REF));
        }
        String roleBindingName = getRoleBindingName(name);
        if (informerConfig.watchCurrentNamespace()) {
            linkedList.add(createRoleBinding(roleBindingName, str, str2, null, createDefaultRoleRef(name)));
            quarkusControllerConfiguration.getAdditionalRBACRoleRefs().forEach(roleRef -> {
                linkedList.add(createRoleBinding(getSpecificRoleBindingName(name, roleRef), str, str2, null, roleRef));
            });
        } else if (informerConfig.watchAllNamespaces()) {
            linkedList2.add(createClusterRoleBinding(getClusterRoleBindingName(name), str, str2, name, "watch all namespaces", null));
            quarkusControllerConfiguration.getAdditionalRBACRoleRefs().forEach(roleRef2 -> {
                if (CLUSTER_ROLE.equals(roleRef2.getKind())) {
                    linkedList2.add(createClusterRoleBinding(roleRef2.getName() + "-" + getClusterRoleBindingName(name), str, str2, name, "watch all namespaces", roleRef2));
                } else {
                    log.warnv("Cannot create a ClusterRoleBinding for RoleRef ''{0}'' because it's not a ClusterRole", roleRef2);
                }
            });
        } else {
            namespaces.forEach(str3 -> {
                linkedList.add(createRoleBinding(roleBindingName, str, str2, str3, createDefaultRoleRef(name)));
                quarkusControllerConfiguration.getAdditionalRBACRoleRefs().forEach(roleRef3 -> {
                    linkedList.add(createRoleBinding(getSpecificRoleBindingName(name, roleRef3), str, str2, str3, roleRef3));
                });
            });
        }
        bindingsHolder2.setRoleBindings(linkedList);
        bindingsHolder2.setClusterRoleBindings(linkedList2);
        return bindingsHolder2;
    }
}
