package software.tnb.aws.iam.validation;

import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.NoSuchEntityException;
import software.tnb.common.validation.Validation;

/* loaded from: input_file:software/tnb/aws/iam/validation/IAMValidation.class */
public class IAMValidation implements Validation {
    private static final Logger LOG = LoggerFactory.getLogger(IAMValidation.class);
    private final IamClient client;

    public IAMValidation(IamClient iamClient) {
        this.client = iamClient;
    }

    public String createRole(String str, String str2, String str3) {
        if (roleExists(str)) {
            LOG.debug("Role {} already exists, skipping creation.", str);
            return getRoleArn(str).get();
        }
        LOG.debug("Creating IAM role {}", str);
        return this.client.createRole(builder -> {
            builder.roleName(str).description(str2).assumeRolePolicyDocument(str3);
        }).role().arn();
    }

    public String createPolicy(String str, String str2) {
        return this.client.createPolicy(builder -> {
            builder.policyName(str).policyDocument(str2);
        }).policy().arn();
    }

    public void attachPolicy(String str, String str2) {
        if (this.client.listAttachedRolePolicies(builder -> {
            builder.roleName(str);
        }).attachedPolicies().stream().filter(attachedPolicy -> {
            return str2.equals(attachedPolicy.policyArn());
        }).findFirst().isEmpty()) {
            LOG.debug("Attaching policy {} to role {}", str2, str);
            this.client.attachRolePolicy(builder2 -> {
                builder2.roleName(str).policyArn(str2);
            });
        }
    }

    public boolean roleExists(String str) {
        return getRoleArn(str).isPresent();
    }

    public Optional<String> getRoleArn(String str) {
        try {
            return Optional.of(this.client.getRole(builder -> {
                builder.roleName(str);
            }).role().arn());
        } catch (NoSuchEntityException e) {
            return Optional.empty();
        }
    }

    public void deleteRole(String str) {
        LOG.debug("Deleting role {}", str);
        this.client.deleteRole(builder -> {
            builder.roleName(str);
        });
    }
}
