package me.snowdrop.cloud.fabric8;

import com.fasterxml.jackson.dataformat.yaml.YAMLMapper;
import io.fabric8.kubernetes.api.builder.TypedVisitor;
import io.fabric8.kubernetes.api.model.CapabilitiesBuilder;
import io.fabric8.kubernetes.api.model.ConfigMap;
import io.fabric8.kubernetes.api.model.Container;
import io.fabric8.kubernetes.api.model.ContainerBuilder;
import io.fabric8.kubernetes.api.model.EmptyDirVolumeSourceBuilder;
import io.fabric8.kubernetes.api.model.EnvVar;
import io.fabric8.kubernetes.api.model.EnvVarSource;
import io.fabric8.kubernetes.api.model.KubernetesListBuilder;
import io.fabric8.kubernetes.api.model.ObjectFieldSelector;
import io.fabric8.kubernetes.api.model.PodSpecBuilder;
import io.fabric8.kubernetes.api.model.ResourceRequirements;
import io.fabric8.kubernetes.api.model.SecretVolumeSourceBuilder;
import io.fabric8.kubernetes.api.model.SecurityContextBuilder;
import io.fabric8.kubernetes.api.model.Volume;
import io.fabric8.kubernetes.api.model.VolumeBuilder;
import io.fabric8.kubernetes.api.model.VolumeMount;
import io.fabric8.kubernetes.api.model.VolumeMountBuilder;
import io.fabric8.kubernetes.client.KubernetesClient;
import io.fabric8.kubernetes.client.dsl.Resource;
import io.fabric8.maven.core.access.ClusterAccess;
import io.fabric8.maven.core.handler.DeploymentHandler;
import io.fabric8.maven.core.handler.HandlerHub;
import io.fabric8.maven.core.util.Configs;
import io.fabric8.maven.core.util.MavenUtil;
import io.fabric8.maven.enricher.api.BaseEnricher;
import io.fabric8.maven.enricher.api.EnricherContext;
import io.fabric8.openshift.api.model.DeploymentConfigBuilder;
import io.fabric8.openshift.api.model.DeploymentConfigFluent;
import io.fabric8.openshift.api.model.DeploymentConfigSpecFluent;
import io.fabric8.openshift.api.model.DeploymentTriggerPolicy;
import io.fabric8.openshift.api.model.DeploymentTriggerPolicyBuilder;
import io.fabric8.openshift.api.model.DeploymentTriggerPolicyFluent;
import io.fabric8.openshift.api.model.ImageStream;
import io.fabric8.openshift.api.model.ImageStreamBuilder;
import io.fabric8.openshift.api.model.ImageStreamFluent;
import io.fabric8.openshift.api.model.ImageStreamSpecFluent;
import io.fabric8.utils.Strings;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import me.snowdrop.istio.api.model.v1.mesh.AuthenticationPolicy;
import me.snowdrop.istio.api.model.v1.mesh.MeshConfig;
import me.snowdrop.istio.api.model.v1.mesh.ProxyConfig;

/* loaded from: input_file:me/snowdrop/cloud/fabric8/IstioEnricher.class */
public class IstioEnricher extends BaseEnricher {
    private static final String ISTIO_ANNOTATION_STATUS = "injected-version-releng@0d29a2c0d15f-VERSION-998e0e00d375688bcb2af042fc81a60ce5264009";
    private final DeploymentHandler deployHandler;
    private String clusterName;
    private KubernetesClient kubeClient;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:me/snowdrop/cloud/fabric8/IstioEnricher$Config.class */
    public enum Config implements Configs.Key {
        name("name"),
        enableCoreDump("yes"),
        withDebugImage("true"),
        istioVersion("0.6.0"),
        istioNamespace("istio-system"),
        istioConfigMapName("istio"),
        alpineVersion("3.5"),
        controlPlaneAuthPolicy("NONE"),
        proxyName("istio-proxy"),
        proxyDockerImageName("docker.io/istio/proxy"),
        proxyImageStreamName("proxy"),
        initName("istio-init"),
        initDockerImageName("docker.io/istio/proxy_init"),
        initImageStreamName("proxy_init"),
        coreDumpName("enable-core-dump"),
        coreDumpDockerImageName("alpine"),
        coreDumpImageStreamName("alpine"),
        imagePullPolicy("IfNotPresent"),
        replicaCount("1");

        private final String d;

        public String def() {
            return this.d;
        }

        Config(String str) {
            this.d = str;
        }
    }

    public IstioEnricher(EnricherContext enricherContext) {
        super(enricherContext, "fmp-istio-enricher");
        this.deployHandler = new HandlerHub(enricherContext.getProject()).getDeploymentHandler();
        this.kubeClient = new ClusterAccess(getConfig(Config.istioNamespace)).createDefaultClient(this.log);
    }

    public void addMissingResources(KubernetesListBuilder kubernetesListBuilder) {
        final String config = getConfig(Config.istioVersion);
        String findByRelease = ProxyArgs.findByRelease(config);
        if (findByRelease == null) {
            throw new IllegalArgumentException("Unknown Istio release: " + config);
        }
        this.clusterName = getConfig(Config.name, MavenUtil.createDefaultResourceName(getProject(), new String[0]));
        ProxyConfig defaultConfig = fetchConfigMap(this.kubeClient, getConfig(Config.istioNamespace)).getDefaultConfig();
        AuthenticationPolicy controlPlaneAuthPolicy = defaultConfig.getControlPlaneAuthPolicy() == null ? AuthenticationPolicy.NONE : defaultConfig.getControlPlaneAuthPolicy();
        try {
            AuthenticationPolicy valueOf = AuthenticationPolicy.valueOf(getConfig(Config.controlPlaneAuthPolicy));
            if (!controlPlaneAuthPolicy.equals(valueOf)) {
                throw new IllegalArgumentException(String.format("Configured AuthenticationPolicy %s via 'controlPlaneAuthPolicy' parameter doesn't match Istio ConfigMap configuration %s", valueOf, controlPlaneAuthPolicy));
            }
            final List asList = Arrays.asList(String.format(findByRelease, this.clusterName, defaultConfig.getDiscoveryAddress(), defaultConfig.getZipkinAddress(), defaultConfig.getStatsdUdpAddress(), controlPlaneAuthPolicy.toString()).split(","));
            kubernetesListBuilder.accept(new TypedVisitor<PodSpecBuilder>() { // from class: me.snowdrop.cloud.fabric8.IstioEnricher.1
                public void visit(PodSpecBuilder podSpecBuilder) {
                    ((PodSpecBuilder) podSpecBuilder.addNewContainer().withName(IstioEnricher.this.getConfig(Config.proxyName)).withResources(new ResourceRequirements()).withTerminationMessagePath("/dev/termination-log").withImage(IstioEnricher.this.getConfig(Config.proxyImageStreamName)).withImagePullPolicy(IstioEnricher.this.getConfig(Config.imagePullPolicy)).withArgs(asList).withEnv(IstioEnricher.this.proxyEnvVars()).withSecurityContext(new SecurityContextBuilder().withRunAsUser(1337L).withPrivileged(true).withReadOnlyRootFilesystem(false).build()).withVolumeMounts(IstioEnricher.this.istioVolumeMounts()).endContainer()).withVolumes(IstioEnricher.this.istioVolumes(IstioEnricher.this.getServiceAccountName(podSpecBuilder))).withInitContainers(IstioEnricher.this.populateInitContainers());
                }
            });
            kubernetesListBuilder.accept(new TypedVisitor<DeploymentConfigBuilder>() { // from class: me.snowdrop.cloud.fabric8.IstioEnricher.2
                public void visit(DeploymentConfigBuilder deploymentConfigBuilder) {
                    ((DeploymentConfigFluent.SpecNested) ((DeploymentConfigSpecFluent.TemplateNested) deploymentConfigBuilder.editOrNewSpec().editOrNewTemplate().editOrNewMetadata().addToAnnotations("sidecar.istio.io/status", IstioEnricher.ISTIO_ANNOTATION_STATUS.replace("VERSION", config)).endMetadata()).endTemplate()).withReplicas(Integer.valueOf(Integer.parseInt(IstioEnricher.this.getConfig(Config.replicaCount)))).withTriggers(IstioEnricher.this.populateTriggers(config)).endSpec();
                }
            });
            kubernetesListBuilder.addAllToImageStreamItems(istioImageStream(config)).build();
        } catch (IllegalArgumentException e) {
            throw new IllegalArgumentException("Unknown AuthenticationPolicy for 'controlPlaneAuthPolicy' parameter");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<DeploymentTriggerPolicy> populateTriggers(String str) {
        ArrayList arrayList = new ArrayList();
        DeploymentTriggerPolicyBuilder deploymentTriggerPolicyBuilder = new DeploymentTriggerPolicyBuilder();
        ((DeploymentTriggerPolicyBuilder) ((DeploymentTriggerPolicyFluent.ImageChangeParamsNested) deploymentTriggerPolicyBuilder.withType("ImageChange").withNewImageChangeParams().withAutomatic(true).withNewFrom().withKind("ImageStreamTag").withName(getConfig(Config.initImageStreamName) + ":" + str).endFrom()).withContainerNames(new String[]{getConfig(Config.initName)}).endImageChangeParams()).build();
        arrayList.add(deploymentTriggerPolicyBuilder.build());
        ((DeploymentTriggerPolicyBuilder) ((DeploymentTriggerPolicyFluent.ImageChangeParamsNested) deploymentTriggerPolicyBuilder.withType("ImageChange").withNewImageChangeParams().withAutomatic(true).withNewFrom().withKind("ImageStreamTag").withName(istioImageName(getConfig(Config.proxyImageStreamName)) + ":" + str).endFrom()).withContainerNames(new String[]{getConfig(Config.proxyName)}).endImageChangeParams()).build();
        arrayList.add(deploymentTriggerPolicyBuilder.build());
        if ("true".equalsIgnoreCase(getConfig(Config.enableCoreDump))) {
            ((DeploymentTriggerPolicyBuilder) ((DeploymentTriggerPolicyFluent.ImageChangeParamsNested) deploymentTriggerPolicyBuilder.withType("ImageChange").withNewImageChangeParams().withAutomatic(true).withNewFrom().withKind("ImageStreamTag").withName(getConfig(Config.coreDumpImageStreamName) + ":" + getConfig(Config.alpineVersion)).endFrom()).withContainerNames(new String[]{"enable-core-dump"}).endImageChangeParams()).build();
            arrayList.add(deploymentTriggerPolicyBuilder.build());
        }
        ((DeploymentTriggerPolicyBuilder) ((DeploymentTriggerPolicyFluent.ImageChangeParamsNested) deploymentTriggerPolicyBuilder.withType("ImageChange").withNewImageChangeParams().withAutomatic(true).withNewFrom().withKind("ImageStreamTag").withName(this.clusterName + ":latest").endFrom()).withContainerNames(new String[]{"spring-boot"}).endImageChangeParams()).build();
        arrayList.add(deploymentTriggerPolicyBuilder.build());
        return arrayList;
    }

    protected List<Container> populateInitContainers() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(istioInitContainer());
        if ("true".equalsIgnoreCase(getConfig(Config.enableCoreDump))) {
            arrayList.add(coreDumpInitContainer());
        }
        return arrayList;
    }

    private MeshConfig fetchConfigMap(KubernetesClient kubernetesClient, String str) {
        String config = getConfig(Config.istioConfigMapName);
        ConfigMap configMap = (ConfigMap) ((Resource) kubernetesClient.configMaps().withName(config)).get();
        if (configMap == null) {
            throw new IllegalArgumentException("Couldn't find an ConfigMap named " + config + " in namespace " + str + ". Are you sure Istio was installed correctly?");
        }
        YAMLMapper yAMLMapper = new YAMLMapper();
        String str2 = (String) configMap.getData().get("mesh");
        if (str2 == null) {
            throw new IllegalArgumentException("Couldn't find an Istio Mesh configuration in " + config + " ConfigMap in namespace " + str);
        }
        try {
            return (MeshConfig) yAMLMapper.readValue(str2, MeshConfig.class);
        } catch (IOException e) {
            throw new IllegalArgumentException("Couldn't parse Istio Mesh configuration", e);
        }
    }

    private List<ImageStream> istioImageStream(String str) {
        ArrayList arrayList = new ArrayList();
        ImageStreamBuilder imageStreamBuilder = new ImageStreamBuilder();
        ((ImageStreamBuilder) ((ImageStreamFluent.SpecNested) ((ImageStreamSpecFluent.TagsNested) ((ImageStreamBuilder) imageStreamBuilder.withNewMetadata().withName(getConfig(Config.initImageStreamName)).endMetadata()).withNewSpec().addNewTag().withNewFrom().withKind("DockerImage").withName(getConfig(Config.initDockerImageName) + ":" + str).endFrom()).withName(str).endTag()).endSpec()).build();
        arrayList.add(imageStreamBuilder.build());
        if ("true".equalsIgnoreCase(getConfig(Config.enableCoreDump))) {
            ImageStreamBuilder imageStreamBuilder2 = new ImageStreamBuilder();
            ((ImageStreamBuilder) ((ImageStreamFluent.SpecNested) ((ImageStreamSpecFluent.TagsNested) ((ImageStreamBuilder) imageStreamBuilder2.withNewMetadata().withName(getConfig(Config.coreDumpImageStreamName)).endMetadata()).withNewSpec().addNewTag().withNewFrom().withKind("DockerImage").withName(getConfig(Config.coreDumpDockerImageName) + ":" + getConfig(Config.alpineVersion)).endFrom()).withName(getConfig(Config.alpineVersion)).endTag()).endSpec()).build();
            arrayList.add(imageStreamBuilder2.build());
        }
        ImageStreamBuilder imageStreamBuilder3 = new ImageStreamBuilder();
        ((ImageStreamBuilder) ((ImageStreamFluent.SpecNested) ((ImageStreamSpecFluent.TagsNested) ((ImageStreamBuilder) imageStreamBuilder3.withNewMetadata().withName(istioImageName(getConfig(Config.proxyImageStreamName))).endMetadata()).withNewSpec().addNewTag().withNewFrom().withKind("DockerImage").withName(istioImageName(getConfig(Config.proxyDockerImageName)) + ":" + str).endFrom()).withName(str).endTag()).endSpec()).build();
        arrayList.add(imageStreamBuilder3.build());
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getServiceAccountName(PodSpecBuilder podSpecBuilder) {
        return Strings.isNotBlank(podSpecBuilder.getServiceAccountName()) ? podSpecBuilder.getServiceAccountName() : Strings.isNotBlank(podSpecBuilder.getServiceAccount()) ? podSpecBuilder.getServiceAccount() : "default";
    }

    protected String istioImageName(String str) {
        StringBuilder sb = new StringBuilder(str);
        return ("true".equalsIgnoreCase(getConfig(Config.withDebugImage)) ? sb.append("_debug") : sb).toString();
    }

    protected Container istioInitContainer() {
        return new ContainerBuilder().withName(getConfig(Config.initName)).withImage(getConfig(Config.initImageStreamName)).withImagePullPolicy("IfNotPresent").withTerminationMessagePath("/dev/termination-log").withTerminationMessagePolicy("File").withArgs(new String[]{"-p", "15001", "-u", "1337"}).withSecurityContext(new SecurityContextBuilder().withPrivileged(true).withCapabilities(new CapabilitiesBuilder().addToAdd(new String[]{"NET_ADMIN"}).build()).build()).build();
    }

    protected Container coreDumpInitContainer() {
        return new ContainerBuilder().withName(getConfig(Config.coreDumpName)).withImage(getConfig(Config.coreDumpImageStreamName)).withImagePullPolicy("IfNotPresent").withCommand(new String[]{"/bin/sh"}).withArgs(new String[]{"-c", "sysctl -w kernel.core_pattern=/etc/istio/proxy/core.%e.%p.%t && ulimit -c unlimited"}).withTerminationMessagePath("/dev/termination-log").withTerminationMessagePolicy("File").withSecurityContext(new SecurityContextBuilder().withPrivileged(true).build()).build();
    }

    protected List<VolumeMount> istioVolumeMounts() {
        ArrayList arrayList = new ArrayList();
        VolumeMountBuilder volumeMountBuilder = new VolumeMountBuilder();
        volumeMountBuilder.withMountPath("/etc/istio/proxy").withName("istio-envoy").build();
        VolumeMountBuilder volumeMountBuilder2 = new VolumeMountBuilder();
        volumeMountBuilder2.withMountPath("/etc/certs").withName("istio-certs").withReadOnly(true).build();
        arrayList.add(volumeMountBuilder.build());
        arrayList.add(volumeMountBuilder2.build());
        return arrayList;
    }

    protected List<Volume> istioVolumes(String str) {
        ArrayList arrayList = new ArrayList();
        VolumeBuilder volumeBuilder = new VolumeBuilder();
        volumeBuilder.withEmptyDir(new EmptyDirVolumeSourceBuilder().withMedium("Memory").build()).withName("istio-envoy").build();
        VolumeBuilder volumeBuilder2 = new VolumeBuilder();
        volumeBuilder2.withName("istio-certs").withSecret(new SecretVolumeSourceBuilder().withSecretName("istio." + str).withDefaultMode(420).build()).build();
        arrayList.add(volumeBuilder.build());
        arrayList.add(volumeBuilder2.build());
        return arrayList;
    }

    protected List<EnvVar> proxyEnvVars() {
        ArrayList arrayList = new ArrayList();
        EnvVarSource envVarSource = new EnvVarSource();
        envVarSource.setFieldRef(new ObjectFieldSelector((String) null, "metadata.name"));
        arrayList.add(new EnvVar("POD_NAME", (String) null, envVarSource));
        EnvVarSource envVarSource2 = new EnvVarSource();
        envVarSource2.setFieldRef(new ObjectFieldSelector((String) null, "metadata.namespace"));
        arrayList.add(new EnvVar("POD_NAMESPACE", (String) null, envVarSource2));
        EnvVarSource envVarSource3 = new EnvVarSource();
        envVarSource3.setFieldRef(new ObjectFieldSelector((String) null, "status.podIP"));
        arrayList.add(new EnvVar("INSTANCE_IP", (String) null, envVarSource3));
        return arrayList;
    }
}
