package software.tnb.splunk.resource.openshift;

import com.google.auto.service.AutoService;
import com.google.common.io.Resources;
import cz.xtf.core.openshift.OpenShiftWaiters;
import cz.xtf.core.openshift.helpers.ResourceParsers;
import io.fabric8.kubernetes.api.model.DeletionPropagation;
import io.fabric8.kubernetes.api.model.HasMetadata;
import io.fabric8.kubernetes.api.model.IntOrString;
import io.fabric8.kubernetes.api.model.Pod;
import io.fabric8.kubernetes.api.model.PodList;
import io.fabric8.kubernetes.api.model.apiextensions.v1.CustomResourceDefinition;
import io.fabric8.kubernetes.api.model.apiextensions.v1beta1.CustomResourceDefinitionVersion;
import io.fabric8.kubernetes.api.model.rbac.ClusterRole;
import io.fabric8.kubernetes.client.dsl.CascadingDeletable;
import io.fabric8.kubernetes.client.dsl.FilterWatchListDeletable;
import io.fabric8.kubernetes.client.dsl.PodResource;
import io.fabric8.kubernetes.client.dsl.Resource;
import io.fabric8.kubernetes.client.dsl.base.CustomResourceDefinitionContext;
import io.fabric8.openshift.api.model.Route;
import io.fabric8.openshift.api.model.RouteBuilder;
import io.fabric8.openshift.api.model.RouteFluent;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.tnb.common.account.AccountFactory;
import software.tnb.common.deployment.OpenshiftDeployable;
import software.tnb.common.openshift.OpenshiftClient;
import software.tnb.common.utils.HTTPUtils;
import software.tnb.common.utils.WaitUtils;
import software.tnb.splunk.account.SplunkAccount;
import software.tnb.splunk.service.Splunk;
import software.tnb.splunk.service.configuration.SplunkConfiguration;
import software.tnb.splunk.service.configuration.SplunkProtocol;

@AutoService({Splunk.class})
/* loaded from: input_file:software/tnb/splunk/resource/openshift/OpenshiftSplunk.class */
public class OpenshiftSplunk extends Splunk implements OpenshiftDeployable {
    private static final Logger LOG = LoggerFactory.getLogger(OpenshiftSplunk.class);
    private static final String CRD_API = "v4";
    private static final String SERVICE_NAME = "splunk-s1-standalone-service";
    private static final String SERVICE_API_PORT = "https-splunkd";
    private static final String ROUTE_NAME = "api";
    private static List<HasMetadata> createdResources;
    private CustomResourceDefinitionContext crdContext;
    private Route apiRoute;
    private String sccName;

    public OpenshiftSplunk() {
        ((SplunkConfiguration) getConfiguration()).protocol(SplunkProtocol.HTTPS);
    }

    private Map<String, Object> getSplunkCr() {
        HashMap hashMap = new HashMap(Map.of("apiVersion", "enterprise.splunk.com/v4", "kind", "Standalone", "metadata", Map.of("name", "s1")));
        if (((SplunkConfiguration) getConfiguration()).getProtocol().equals(SplunkProtocol.HTTP)) {
            hashMap.put("spec", Map.of("extraEnv", List.of(Map.of("name", "SPLUNKD_SSL_ENABLE", "value", "false"))));
        }
        return hashMap;
    }

    public void create() {
        LOG.info("Deploying OpenShift Splunk");
        this.sccName = "tnb-splunk-" + OpenshiftClient.get().getNamespace();
        OpenshiftClient.get().addUsersToSecurityContext(OpenshiftClient.get().createSecurityContext(this.sccName, "nonroot", new String[0]), new String[]{OpenshiftClient.get().getServiceAccountRef("splunk-operator-controller-manager"), OpenshiftClient.get().getServiceAccountRef("default")});
        try {
            if (getSplunkCrd() == null || getSplunkCrd().getSpec().getVersions().stream().noneMatch(customResourceDefinitionVersion -> {
                return CRD_API.equals(customResourceDefinitionVersion.getName());
            })) {
                LOG.info("Creating Splunk CRD's from splunk-crds.yaml");
                OpenshiftClient.get().load(getClass().getResourceAsStream("/splunk-crds.yaml")).createOrReplace();
            }
            InputStream inputStream = IOUtils.toInputStream(Resources.toString((URL) Objects.requireNonNull(getClass().getResource("/splunk-operator-namespace.yaml")), StandardCharsets.UTF_8).replace("DESIRED_NAMESPACE", OpenshiftClient.get().getNamespace()).replace("SPLUNK_IMAGE", image()), "UTF-8");
            LOG.info("Creating Splunk openshift resources from splunk-operator-namespace.yaml");
            createdResources = (List) OpenshiftClient.get().load(inputStream).createOrReplace();
            try {
                OpenshiftClient.get().customResource(createSplunkContext()).inNamespace(OpenshiftClient.get().getNamespace()).delete();
                OpenshiftClient.get().customResource(createSplunkContext()).inNamespace(OpenshiftClient.get().getNamespace()).create(getSplunkCr());
            } catch (IOException e) {
                throw new RuntimeException("Unable to create Splunk CR: ", e);
            }
        } catch (IOException e2) {
            throw new RuntimeException("Unable to read splunk-operator-namespace.yml or splunk-crds.yaml resource: ", e2);
        }
    }

    public void undeploy() {
        LOG.info("Undeploying Splunk resources");
        OpenshiftClient.get().customResource(createSplunkContext()).inNamespace(OpenshiftClient.get().getNamespace()).delete();
        WaitUtils.waitFor(() -> {
            return servicePod() == null;
        }, "Waiting until the pod is removed");
        ((CascadingDeletable) OpenshiftClient.get().resourceList((Collection) createdResources.stream().filter(hasMetadata -> {
            return ((hasMetadata instanceof CustomResourceDefinition) || (hasMetadata instanceof CustomResourceDefinitionVersion) || (hasMetadata instanceof ClusterRole)) ? false : true;
        }).collect(Collectors.toList())).withPropagationPolicy(DeletionPropagation.BACKGROUND)).delete();
        ((Resource) OpenshiftClient.get().securityContextConstraints().withName(this.sccName)).delete();
        ((FilterWatchListDeletable) OpenshiftClient.get().persistentVolumeClaims().withLabel("app.kubernetes.io/name", "standalone")).delete();
        OpenShiftWaiters.get(OpenshiftClient.get(), () -> {
            return false;
        }).areNoPodsPresent("name", "splunk-operator").timeout(120000L).waitFor();
    }

    public void openResources() {
        if (((SplunkConfiguration) getConfiguration()).getProtocol().equals(SplunkProtocol.HTTPS)) {
            this.apiRoute = (Route) OpenshiftClient.get().routes().createOrReplace(new Route[]{((RouteBuilder) ((RouteFluent.SpecNested) ((RouteFluent.SpecNested) ((RouteFluent.SpecNested) ((RouteBuilder) new RouteBuilder().editOrNewMetadata().withName(ROUTE_NAME).endMetadata()).editOrNewSpec().withNewTo().withKind("Service").withName(SERVICE_NAME).withWeight(100).endTo()).withNewPort().withTargetPort(new IntOrString(SERVICE_API_PORT)).endPort()).withNewTls().withTermination("reencrypt").withDestinationCACertificate(OpenshiftClient.get().podShell(OpenshiftClient.get().getAnyPod("app.kubernetes.io/instance", "splunk-s1-standalone")).execute(new String[]{"cat", "/opt/splunk/etc/auth/cacert.pem"}).getOutput()).endTls()).endSpec()).build()});
            WaitUtils.waitFor(() -> {
                return HTTPUtils.getInstance().get("https://" + this.apiRoute.getSpec().getHost()).isSuccessful();
            }, "Waiting until the Splunk API route is ready");
        } else if (((SplunkConfiguration) getConfiguration()).getProtocol().equals(SplunkProtocol.HTTP)) {
            this.apiRoute = (Route) OpenshiftClient.get().routes().createOrReplace(new Route[]{((RouteBuilder) ((RouteFluent.SpecNested) ((RouteFluent.SpecNested) ((RouteBuilder) new RouteBuilder().editOrNewMetadata().withName(ROUTE_NAME).endMetadata()).editOrNewSpec().withNewTo().withKind("Service").withName(SERVICE_NAME).withWeight(100).endTo()).withNewPort().withTargetPort(new IntOrString(SERVICE_API_PORT)).endPort()).endSpec()).build()});
            WaitUtils.waitFor(() -> {
                return HTTPUtils.getInstance().get("http://" + this.apiRoute.getSpec().getHost()).isSuccessful();
            }, "Waiting until the Splunk API route is ready");
        }
    }

    public void restart() {
        super.restart();
    }

    public void closeResources() {
        if (this.apiRoute != null) {
            OpenshiftClient.get().routes().delete(new Route[]{this.apiRoute});
        }
        this.validation = null;
        this.client = null;
    }

    public boolean isReady() {
        PodResource servicePod = servicePod();
        return servicePod != null && servicePod.isReady() && OpenshiftClient.get().getLogs((Pod) servicePod.get()).contains("Ansible playbook complete");
    }

    public boolean isDeployed() {
        List items = ((PodList) ((FilterWatchListDeletable) OpenshiftClient.get().pods().withLabel("name", "splunk-operator")).list()).getItems();
        return items.size() == 1 && ResourceParsers.isPodReady((Pod) items.get(0));
    }

    public Predicate<Pod> podSelector() {
        return pod -> {
            return OpenshiftClient.get().hasLabels(pod, Map.of("app.kubernetes.io/instance", "splunk-s1-standalone"));
        };
    }

    public String externalHostname() {
        return this.apiRoute.getSpec().getHost();
    }

    @Override // software.tnb.splunk.service.Splunk
    public SplunkAccount account() {
        if (this.account == null) {
            this.account = (SplunkAccount) AccountFactory.create(SplunkAccount.class);
            this.account.setPassword(new String(Base64.getDecoder().decode((String) OpenshiftClient.get().getSecret("splunk-s1-standalone-secret-v1").getData().get("password"))));
        }
        return this.account;
    }

    private CustomResourceDefinition getSplunkCrd() {
        return (CustomResourceDefinition) ((Resource) OpenshiftClient.get().apiextensions().v1().customResourceDefinitions().withName("standalones.enterprise.splunk.com")).get();
    }

    private CustomResourceDefinitionContext createSplunkContext() {
        if (this.crdContext == null) {
            CustomResourceDefinition splunkCrd = getSplunkCrd();
            this.crdContext = new CustomResourceDefinitionContext.Builder().withGroup(splunkCrd.getSpec().getGroup()).withPlural(splunkCrd.getSpec().getNames().getPlural()).withScope(splunkCrd.getSpec().getScope()).withVersion(CRD_API).build();
        }
        return this.crdContext;
    }

    @Override // software.tnb.splunk.service.Splunk
    public int apiPort() {
        return ((SplunkConfiguration) getConfiguration()).getProtocol().equals(SplunkProtocol.HTTPS) ? 443 : 80;
    }
}
