package io.quarkiverse.operatorsdk.deployment;

import io.fabric8.kubernetes.api.model.HasMetadata;
import io.fabric8.kubernetes.api.model.rbac.ClusterRole;
import io.fabric8.kubernetes.api.model.rbac.ClusterRoleBuilder;
import io.fabric8.kubernetes.api.model.rbac.PolicyRule;
import io.fabric8.kubernetes.api.model.rbac.PolicyRuleBuilder;
import io.javaoperatorsdk.operator.api.config.ConfigurationService;
import io.javaoperatorsdk.operator.api.config.Utils;
import io.javaoperatorsdk.operator.api.reconciler.dependent.Deleter;
import io.javaoperatorsdk.operator.processing.dependent.Creator;
import io.javaoperatorsdk.operator.processing.dependent.Updater;
import io.javaoperatorsdk.operator.processing.dependent.kubernetes.GenericKubernetesDependentResource;
import io.javaoperatorsdk.operator.processing.dependent.kubernetes.GroupVersionKindPlural;
import io.javaoperatorsdk.operator.processing.dependent.kubernetes.KubernetesDependentResource;
import io.javaoperatorsdk.operator.processing.dependent.kubernetes.KubernetesDependentResourceConfig;
import io.quarkiverse.operatorsdk.annotations.RBACVerbs;
import io.quarkiverse.operatorsdk.runtime.QuarkusControllerConfiguration;
import java.util.ArrayList;
import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.TreeSet;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkiverse/operatorsdk/deployment/ClusterRoles.class */
public class ClusterRoles {
    public static final String JOSDK_CRD_VALIDATING_CLUSTER_ROLE_NAME = "josdk-crd-validating-cluster-role";
    private static final ClusterRole CRD_VALIDATING_CLUSTER_ROLE = ((ClusterRoleBuilder) new ClusterRoleBuilder().withNewMetadata().withName(JOSDK_CRD_VALIDATING_CLUSTER_ROLE_NAME).endMetadata()).addToRules(new PolicyRule[]{new PolicyRuleBuilder().addToApiGroups(new String[]{"apiextensions.k8s.io"}).addToResources(new String[]{"customresourcedefinitions"}).addToVerbs(new String[]{"get", "list"}).build()}).build();
    private static final Logger log = Logger.getLogger(ClusterRoles.class);
    private static final String ADD_CLUSTER_ROLES_DECORATOR = "AddClusterRolesDecorator";

    public static List<ClusterRole> createClusterRoles(Collection<QuarkusControllerConfiguration<?>> collection, boolean z) {
        ArrayList arrayList = new ArrayList(collection.size() + 1);
        collection.forEach(quarkusControllerConfiguration -> {
            arrayList.add(createClusterRole(quarkusControllerConfiguration));
        });
        if (z) {
            arrayList.add(CRD_VALIDATING_CLUSTER_ROLE);
        }
        return arrayList;
    }

    public static ClusterRole createClusterRole(QuarkusControllerConfiguration<?> quarkusControllerConfiguration) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        PolicyRule clusterRolePolicyRuleFromPrimaryResource = getClusterRolePolicyRuleFromPrimaryResource(quarkusControllerConfiguration);
        linkedHashMap.put(getKeyFor(clusterRolePolicyRuleFromPrimaryResource), clusterRolePolicyRuleFromPrimaryResource);
        collectAndMergeIfNeededRulesFrom(getClusterRolePolicyRulesFromDependentResources(quarkusControllerConfiguration), linkedHashMap);
        collectAndMergeIfNeededRulesFrom(quarkusControllerConfiguration.getAdditionalRBACRules(), linkedHashMap);
        return ((ClusterRoleBuilder) new ClusterRoleBuilder().withNewMetadata().withName(getClusterRoleName(quarkusControllerConfiguration.getName())).endMetadata()).addAllToRules(linkedHashMap.values()).build();
    }

    private static void collectAndMergeIfNeededRulesFrom(Collection<PolicyRule> collection, Map<String, PolicyRule> map) {
        collection.forEach(policyRule -> {
            map.merge(getKeyFor(policyRule), policyRule, (policyRule, policyRule2) -> {
                TreeSet treeSet = new TreeSet(policyRule.getVerbs());
                treeSet.addAll(policyRule2.getVerbs());
                policyRule.setVerbs(new ArrayList(treeSet));
                return policyRule;
            });
        });
    }

    private static String getKeyFor(PolicyRule policyRule) {
        return ((String) policyRule.getApiGroups().stream().sorted().collect(Collectors.joining("-"))) + "/" + ((String) policyRule.getResources().stream().sorted().collect(Collectors.joining("-")));
    }

    private static Set<PolicyRule> getClusterRolePolicyRulesFromDependentResources(QuarkusControllerConfiguration<?> quarkusControllerConfiguration) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        quarkusControllerConfiguration.dependentsMetadata().forEach((str, dependentResourceSpecMetadata) -> {
            Class dependentResourceClass = dependentResourceSpecMetadata.getDependentResourceClass();
            Class resourceClass = dependentResourceSpecMetadata.getResourceClass();
            if (HasMetadata.class.isAssignableFrom(resourceClass)) {
                String group = HasMetadata.getGroup(resourceClass);
                String plural = HasMetadata.getPlural(resourceClass);
                TreeSet treeSet = new TreeSet(List.of((Object[]) RBACVerbs.READ_VERBS));
                if (Updater.class.isAssignableFrom(dependentResourceClass)) {
                    treeSet.addAll(List.of((Object[]) RBACVerbs.UPDATE_VERBS));
                }
                if (Deleter.class.isAssignableFrom(dependentResourceClass)) {
                    treeSet.add("delete");
                }
                boolean isAssignableFrom = Creator.class.isAssignableFrom(dependentResourceClass);
                if (isAssignableFrom) {
                    treeSet.add("create");
                }
                boolean z = false;
                if (KubernetesDependentResource.class.isAssignableFrom(dependentResourceClass)) {
                    if (isAssignableFrom) {
                        ConfigurationService configurationService = quarkusControllerConfiguration.getConfigurationService();
                        Optional configuration = dependentResourceSpecMetadata.getConfiguration();
                        Class<KubernetesDependentResourceConfig> cls = KubernetesDependentResourceConfig.class;
                        Objects.requireNonNull(KubernetesDependentResourceConfig.class);
                        if (configurationService.shouldUseSSA(dependentResourceClass, resourceClass, (KubernetesDependentResourceConfig) configuration.filter(cls::isInstance).orElse(null))) {
                            treeSet.add("patch");
                        }
                    }
                    try {
                        GenericKubernetesDependentResource genericKubernetesDependentResource = (KubernetesDependentResource) Utils.instantiate(dependentResourceClass, KubernetesDependentResource.class, ADD_CLUSTER_ROLES_DECORATOR);
                        if (genericKubernetesDependentResource instanceof GenericKubernetesDependentResource) {
                            GroupVersionKindPlural groupVersionKind = genericKubernetesDependentResource.getGroupVersionKind();
                            group = groupVersionKind.getGroup();
                            plural = groupVersionKind.getPluralOrDefault();
                        }
                    } catch (Exception e) {
                        z = true;
                        log.warn(" Ignoring dependent " + dependentResourceClass.getName() + " because it couldn't be instantiated as it doesn't provide a no-arg constructor, preventing its group and plural from being determined.");
                    }
                }
                if (z) {
                    return;
                }
                PolicyRuleBuilder addToResources = new PolicyRuleBuilder().addToApiGroups(new String[]{group}).addToResources(new String[]{plural});
                addToResources.addToVerbs((String[]) treeSet.toArray(i -> {
                    return new String[i];
                }));
                linkedHashSet.add(addToResources.build());
            }
        });
        return linkedHashSet;
    }

    private static PolicyRule getClusterRolePolicyRuleFromPrimaryResource(QuarkusControllerConfiguration<?> quarkusControllerConfiguration) {
        PolicyRuleBuilder policyRuleBuilder = new PolicyRuleBuilder();
        Class resourceClass = quarkusControllerConfiguration.getResourceClass();
        String plural = HasMetadata.getPlural(resourceClass);
        policyRuleBuilder.addToResources(new String[]{plural});
        if (quarkusControllerConfiguration.isStatusPresentAndNotVoid()) {
            policyRuleBuilder.addToResources(new String[]{plural + "/status"});
        }
        policyRuleBuilder.addToResources(new String[]{plural + "/finalizers"});
        policyRuleBuilder.addToApiGroups(new String[]{HasMetadata.getGroup(resourceClass)}).addToVerbs(RBACVerbs.ALL_COMMON_VERBS).build();
        return policyRuleBuilder.build();
    }

    public static String getClusterRoleName(String str) {
        return str + "-cluster-role";
    }
}
