package com.yahoo.vespa.hosted.controller.api.role;

import com.yahoo.config.provision.SystemName;
import java.net.URI;
import java.util.Set;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/yahoo/vespa/hosted/controller/api/role/Policy.class */
public enum Policy {
    operator(Privilege.grant(Action.all()).on(PathGroup.allExcept(PathGroup.billingPaths())).in(SystemName.all()), Privilege.grant(Action.read).on(PathGroup.billingPathsNoToken()).in(SystemName.all()), Privilege.grant(Action.read).on(PathGroup.billingToken).in(SystemName.PublicCd)),
    supporter(Privilege.grant(Action.read).on(PathGroup.all()).in(SystemName.all())),
    tenantManager(Privilege.grant(Action.all()).on(PathGroup.tenantUsers).in(SystemName.all())),
    applicationManager(Privilege.grant(Action.all()).on(PathGroup.applicationUsers).in(SystemName.all())),
    user(Privilege.grant(Action.create, Action.update).on(PathGroup.user).in(SystemName.main, SystemName.cd, SystemName.dev)),
    tenantCreate(Privilege.grant(Action.create).on(PathGroup.tenant).in(SystemName.all())),
    tenantDelete(Privilege.grant(Action.delete).on(PathGroup.tenant).in(SystemName.all())),
    tenantUpdate(Privilege.grant(Action.update).on(PathGroup.tenantInfo).on(PathGroup.tenant).in(SystemName.all())),
    tenantRead(Privilege.grant(Action.read).on(PathGroup.tenant, PathGroup.tenantInfo, PathGroup.tenantUsers, PathGroup.applicationUsers).in(SystemName.all())),
    tenantArchiveAccessManagement(Privilege.grant(Action.update, Action.delete).on(PathGroup.tenantArchiveAccess).in(SystemName.all())),
    applicationCreate(Privilege.grant(Action.create).on(PathGroup.application).in(SystemName.all())),
    applicationRead(Privilege.grant(Action.read).on(PathGroup.application, PathGroup.applicationInfo, PathGroup.reindexing).in(SystemName.all())),
    applicationUpdate(Privilege.grant(Action.update).on(PathGroup.application, PathGroup.applicationInfo).in(SystemName.all())),
    applicationDelete(Privilege.grant(Action.delete).on(PathGroup.application).in(SystemName.all())),
    applicationOperations(Privilege.grant(Action.write()).on(PathGroup.applicationInfo, PathGroup.productionRestart, PathGroup.reindexing).in(SystemName.all())),
    keyManagement(Privilege.grant(Action.write()).on(PathGroup.tenantKeys, PathGroup.applicationKeys).in(SystemName.all())),
    keyRevokal(Privilege.grant(Action.delete).on(PathGroup.tenantKeys, PathGroup.applicationKeys).in(SystemName.all())),
    developmentDeployment(Privilege.grant(Action.all()).on(PathGroup.developmentDeployment, PathGroup.developmentRestart).in(SystemName.all())),
    deploymentRead(Privilege.grant(Action.read).on(PathGroup.developmentDeployment, PathGroup.productionDeployment).in(SystemName.all())),
    submission(Privilege.grant(Action.all()).on(PathGroup.submission).in(SystemName.all())),
    classifiedRead(Privilege.grant(Action.read).on(PathGroup.allExcept(PathGroup.classifiedOperator)).in(SystemName.main, SystemName.cd, SystemName.dev)),
    publicRead(Privilege.grant(Action.read).on(PathGroup.publicInfo).in(SystemName.all())),
    systemFlagsDeploy(Privilege.grant(Action.update).on(PathGroup.systemFlagsDeploy).in(SystemName.all())),
    systemFlagsDryrun(Privilege.grant(Action.update).on(PathGroup.systemFlagsDryrun).in(SystemName.all())),
    paymentProcessor(Privilege.grant(Action.create).on(PathGroup.paymentProcessor).in(SystemName.PublicCd)),
    paymentInstrumentRead(Privilege.grant(Action.read).on(PathGroup.billingInstrument).in(SystemName.PublicCd, SystemName.Public)),
    paymentInstrumentUpdate(Privilege.grant(Action.update).on(PathGroup.billingInstrument).in(SystemName.PublicCd, SystemName.Public)),
    paymentInstrumentDelete(Privilege.grant(Action.delete).on(PathGroup.billingInstrument).in(SystemName.PublicCd, SystemName.Public)),
    paymentInstrumentCreate(Privilege.grant(Action.read).on(PathGroup.billingToken).in(SystemName.PublicCd, SystemName.Public)),
    planUpdate(Privilege.grant(Action.update).on(PathGroup.billingPlan).in(SystemName.PublicCd, SystemName.Public)),
    collectionMethodUpdate(Privilege.grant(Action.update).on(PathGroup.billingCollection).in(SystemName.PublicCd, SystemName.Public)),
    billingInformationRead(Privilege.grant(Action.read).on(PathGroup.billingList).in(SystemName.PublicCd, SystemName.Public)),
    hostedAccountant(Privilege.grant(Action.all()).on(PathGroup.hostedAccountant).in(SystemName.PublicCd, SystemName.Public)),
    endpointCertificateRequestInfo(Privilege.grant(Action.read).on(PathGroup.endpointCertificateRequestInfo).in(SystemName.all())),
    secretStoreOperations(Privilege.grant(Action.all()).on(PathGroup.secretStore).in(SystemName.PublicCd, SystemName.Public));

    private final Set<Privilege> privileges;

    Policy(Privilege... privilegeArr) {
        this.privileges = Set.of((Object[]) privilegeArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean evaluate(Action action, URI uri, Context context, SystemName systemName) {
        return this.privileges.stream().anyMatch(privilege -> {
            return privilege.actions().contains(action) && privilege.systems().contains(systemName) && privilege.pathGroups().stream().anyMatch(pathGroup -> {
                return pathGroup.matches(uri, context);
            });
        });
    }
}
