package com.foilen.infra.resource.mongodb;

import com.foilen.databasetools.connection.JdbcUriConfigConnection;
import com.foilen.databasetools.manage.mongodb.MongodbManagerConfig;
import com.foilen.databasetools.manage.mongodb.MongodbManagerConfigCollectionPrivilege;
import com.foilen.databasetools.manage.mongodb.MongodbManagerConfigUser;
import com.foilen.databasetools.manage.mongodb.MongodbManagerConfigUserAndRoles;
import com.foilen.infra.plugin.v1.core.context.CommonServicesContext;
import com.foilen.infra.plugin.v1.core.eventhandler.ActionHandler;
import com.foilen.infra.plugin.v1.core.eventhandler.ChangesEventHandler;
import com.foilen.infra.plugin.v1.core.eventhandler.changes.ChangesInTransactionContext;
import com.foilen.infra.plugin.v1.core.eventhandler.utils.ChangesEventHandlerResourceStream;
import com.foilen.infra.plugin.v1.core.exception.IllegalUpdateException;
import com.foilen.infra.plugin.v1.core.exception.ProblemException;
import com.foilen.infra.plugin.v1.core.service.IPResourceService;
import com.foilen.infra.plugin.v1.core.visual.helper.CommonResourceLink;
import com.foilen.infra.plugin.v1.model.base.IPApplicationDefinition;
import com.foilen.infra.plugin.v1.model.base.IPApplicationDefinitionAssetsBundle;
import com.foilen.infra.plugin.v1.model.base.IPApplicationDefinitionVolume;
import com.foilen.infra.resource.application.Application;
import com.foilen.infra.resource.machine.Machine;
import com.foilen.infra.resource.unixuser.UnixUser;
import com.foilen.infra.resource.utils.ActionsHandlerUtils;
import com.foilen.smalltools.tools.AbstractBasics;
import com.foilen.smalltools.tools.CollectionsTools;
import com.foilen.smalltools.tools.JsonTools;
import com.foilen.smalltools.tools.SecureRandomTools;
import com.google.common.base.Strings;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.TreeMap;

/* loaded from: input_file:com/foilen/infra/resource/mongodb/MongoDBChangesEventHandler.class */
public class MongoDBChangesEventHandler extends AbstractBasics implements ChangesEventHandler {
    private static final String ROLE_NAME_WRITER = "writer";
    private static final String ROLE_NAME_READER = "reader";
    private static final String ROLE_NAME_ADMIN = "admin";
    private static final List<String> blacklistedDatabases = Collections.unmodifiableList(Arrays.asList(ROLE_NAME_ADMIN, "config", "local"));
    private static final List<String> blacklistedUsers = Collections.unmodifiableList(Arrays.asList("root"));
    private static final List<String> actionsForAdmin = Collections.unmodifiableList(Arrays.asList("enableProfiler", "killAnyCursor", "storageDetails", "compact", "validate"));
    private static final List<String> actionsForReaders = Collections.unmodifiableList(Arrays.asList("find", "useUUID", "viewRole", "changeStream", "collStats", "dbHash", "dbStats", "indexStats", "listCollections", "listIndexes"));
    private static final List<String> actionsForWriters = Collections.unmodifiableList(Arrays.asList("insert", "remove", "update", "bypassDocumentValidation", "createCollection", "createIndex", "dropCollection", "collMod", "convertToCapped", "dropIndex", "reIndex", "renameCollectionSameDB", "listCollections", "listIndexes"));

    private void addRoleForUser(Map<String, MongodbManagerConfigUserAndRoles> map, List<MongodbManagerConfigUserAndRoles> list, MongoDBUser mongoDBUser, String str, String str2) {
        MongodbManagerConfigUserAndRoles mongodbManagerConfigUserAndRoles = map.get(mongoDBUser.getName());
        if (mongodbManagerConfigUserAndRoles == null) {
            mongodbManagerConfigUserAndRoles = new MongodbManagerConfigUserAndRoles(ROLE_NAME_ADMIN, mongoDBUser.getName(), mongoDBUser.getPassword());
            mongodbManagerConfigUserAndRoles.setRolesByDatabase(new HashMap());
            map.put(mongoDBUser.getName(), mongodbManagerConfigUserAndRoles);
            list.add(mongodbManagerConfigUserAndRoles);
        }
        CollectionsTools.getOrCreateEmptyArrayList(mongodbManagerConfigUserAndRoles.getRolesByDatabase(), str, String.class).add(str2);
    }

    public List<ActionHandler> computeActionsToExecute(CommonServicesContext commonServicesContext, ChangesInTransactionContext changesInTransactionContext) {
        ArrayList arrayList = new ArrayList();
        ChangesEventHandlerResourceStream changesEventHandlerResourceStream = new ChangesEventHandlerResourceStream(MongoDBDatabase.class);
        changesEventHandlerResourceStream.resourcesAddOfType(changesInTransactionContext.getLastAddedResources());
        changesEventHandlerResourceStream.resourcesAddNextOfType(changesInTransactionContext.getLastUpdatedResources());
        changesEventHandlerResourceStream.getResourcesStream().forEach(mongoDBDatabase -> {
            arrayList.add((commonServicesContext2, changesContext) -> {
                if (blacklistedDatabases.contains(mongoDBDatabase.getName().toLowerCase())) {
                    throw new IllegalUpdateException("That database name " + mongoDBDatabase.getName() + "is blacklisted");
                }
            });
        });
        ChangesEventHandlerResourceStream changesEventHandlerResourceStream2 = new ChangesEventHandlerResourceStream(MongoDBUser.class);
        changesEventHandlerResourceStream2.resourcesAddOfType(changesInTransactionContext.getLastAddedResources());
        changesEventHandlerResourceStream2.resourcesAddNextOfType(changesInTransactionContext.getLastUpdatedResources());
        changesEventHandlerResourceStream2.getResourcesStream().forEach(mongoDBUser -> {
            arrayList.add((commonServicesContext2, changesContext) -> {
                if (blacklistedUsers.contains(mongoDBUser.getName().toLowerCase())) {
                    throw new IllegalUpdateException("That database user name " + mongoDBUser.getName() + "is blacklisted");
                }
            });
        });
        changesEventHandlerResourceStream2.sortedAndDistinct();
        changesEventHandlerResourceStream.resourcesAdd(changesEventHandlerResourceStream2.streamFromResourceAndLinkTypesAndToResourceClass(commonServicesContext, new String[]{"CAN_ADMIN", "CAN_READ", "CAN_WRITE"}, MongoDBDatabase.class));
        changesEventHandlerResourceStream.resourcesAddNextOfType(changesInTransactionContext.getLastUpdatedResources());
        changesEventHandlerResourceStream.linksAddTo(changesInTransactionContext.getLastAddedLinks(), new String[]{"CAN_ADMIN", "CAN_READ", "CAN_WRITE"});
        changesEventHandlerResourceStream.linksAddTo(changesInTransactionContext.getLastDeletedLinks(), new String[]{"CAN_ADMIN", "CAN_READ", "CAN_WRITE"});
        changesEventHandlerResourceStream.sortedAndDistinct();
        ChangesEventHandlerResourceStream streamFromResourceAndLinkTypeAndToResourceClass = changesEventHandlerResourceStream.streamFromResourceAndLinkTypeAndToResourceClass(commonServicesContext, "INSTALLED_ON", MongoDBServer.class);
        streamFromResourceAndLinkTypeAndToResourceClass.resourcesAddOfType(changesInTransactionContext.getLastAddedResources());
        streamFromResourceAndLinkTypeAndToResourceClass.resourcesAddOfType(changesInTransactionContext.getLastRefreshedResources());
        streamFromResourceAndLinkTypeAndToResourceClass.resourcesAddNextOfType(changesInTransactionContext.getLastUpdatedResources());
        streamFromResourceAndLinkTypeAndToResourceClass.linksAddFromAndTo(changesInTransactionContext.getLastAddedLinks());
        streamFromResourceAndLinkTypeAndToResourceClass.linksAddFromAndTo(changesInTransactionContext.getLastDeletedLinks());
        streamFromResourceAndLinkTypeAndToResourceClass.getResourcesStream().map(mongoDBServer -> {
            return mongoDBServer.getName();
        }).sorted().distinct().forEach(str -> {
            arrayList.add((commonServicesContext2, changesContext) -> {
                this.logger.info("Processing mongodb server {}", str);
                IPResourceService resourceService = commonServicesContext.getResourceService();
                Optional resourceFindByPk = resourceService.resourceFindByPk(new MongoDBServer(str));
                if (!resourceFindByPk.isPresent()) {
                    this.logger.info("{} is not present. Skipping", str);
                    return;
                }
                MongoDBServer mongoDBServer2 = (MongoDBServer) resourceFindByPk.get();
                if (Strings.isNullOrEmpty(mongoDBServer2.getRootPassword())) {
                    mongoDBServer2.setRootPassword(SecureRandomTools.randomHexString(25));
                    changesContext.resourceUpdate(mongoDBServer2);
                }
                List linkFindAllByFromResourceAndLinkTypeAndToResourceClass = resourceService.linkFindAllByFromResourceAndLinkTypeAndToResourceClass(mongoDBServer2, "RUN_AS", UnixUser.class);
                List linkFindAllByFromResourceAndLinkTypeAndToResourceClass2 = resourceService.linkFindAllByFromResourceAndLinkTypeAndToResourceClass(mongoDBServer2, "INSTALLED_ON", Machine.class);
                ArrayList arrayList2 = new ArrayList();
                this.logger.debug("[{}] Running as {} on {}", str, linkFindAllByFromResourceAndLinkTypeAndToResourceClass, linkFindAllByFromResourceAndLinkTypeAndToResourceClass2);
                MongodbManagerConfig mongodbManagerConfig = new MongodbManagerConfig();
                mongodbManagerConfig.setConnection(new JdbcUriConfigConnection().setJdbcUri("jdbc:mongodb://root:" + mongoDBServer2.getRootPassword() + "@127.0.0.1:27017/"));
                mongodbManagerConfig.setDatabases(new ArrayList());
                mongodbManagerConfig.setGlobalClusterRoles(new TreeMap());
                mongodbManagerConfig.setGlobalDatabaseRoles(new TreeMap());
                mongodbManagerConfig.setRoleByDatabase(new TreeMap());
                mongodbManagerConfig.setUsersPermissions(new ArrayList());
                mongodbManagerConfig.setUsersToIgnore(Arrays.asList(new MongodbManagerConfigUser(ROLE_NAME_ADMIN, "root")));
                HashMap hashMap = new HashMap();
                hashMap.put(ROLE_NAME_ADMIN, Collections.singletonList(new MongodbManagerConfigCollectionPrivilege("", actionsForAdmin)));
                hashMap.put(ROLE_NAME_READER, Collections.singletonList(new MongodbManagerConfigCollectionPrivilege("", actionsForReaders)));
                hashMap.put(ROLE_NAME_WRITER, Collections.singletonList(new MongodbManagerConfigCollectionPrivilege("", actionsForWriters)));
                HashMap hashMap2 = new HashMap();
                resourceService.linkFindAllByFromResourceClassAndLinkTypeAndToResource(MongoDBDatabase.class, "INSTALLED_ON", mongoDBServer2).forEach(mongoDBDatabase2 -> {
                    String name = mongoDBDatabase2.getName();
                    this.logger.debug("[{}] Has database {}", str, name);
                    mongodbManagerConfig.getDatabases().add(name);
                    mongodbManagerConfig.getRoleByDatabase().put(name, hashMap);
                    resourceService.linkFindAllByFromResourceClassAndLinkTypeAndToResource(MongoDBUser.class, "CAN_ADMIN", mongoDBDatabase2).forEach(mongoDBUser2 -> {
                        this.logger.debug("[{}] Database {} has user {} as ADMIN", str, name, mongoDBUser2.getName());
                        addRoleForUser(hashMap2, mongodbManagerConfig.getUsersPermissions(), mongoDBUser2, name, ROLE_NAME_ADMIN);
                    });
                    resourceService.linkFindAllByFromResourceClassAndLinkTypeAndToResource(MongoDBUser.class, "CAN_READ", mongoDBDatabase2).forEach(mongoDBUser3 -> {
                        this.logger.debug("[{}] Database {} has user {} as READ", str, name, mongoDBUser3.getName());
                        addRoleForUser(hashMap2, mongodbManagerConfig.getUsersPermissions(), mongoDBUser3, name, ROLE_NAME_READER);
                    });
                    resourceService.linkFindAllByFromResourceClassAndLinkTypeAndToResource(MongoDBUser.class, "CAN_WRITE", mongoDBDatabase2).forEach(mongoDBUser4 -> {
                        this.logger.debug("[{}] Database {} has user {} as WRITE", str, name, mongoDBUser4.getName());
                        addRoleForUser(hashMap2, mongodbManagerConfig.getUsersPermissions(), mongoDBUser4, name, ROLE_NAME_WRITER);
                    });
                });
                if (linkFindAllByFromResourceAndLinkTypeAndToResourceClass.size() > 1) {
                    throw new ProblemException("Cannot run as more than 1 unix user");
                }
                if (linkFindAllByFromResourceAndLinkTypeAndToResourceClass2.size() > 1) {
                    throw new ProblemException("Cannot be installed on multiple machines");
                }
                if (linkFindAllByFromResourceAndLinkTypeAndToResourceClass.size() == 1) {
                    UnixUser unixUser = (UnixUser) linkFindAllByFromResourceAndLinkTypeAndToResourceClass.get(0);
                    Application orCreateAnApplication = ActionsHandlerUtils.getOrCreateAnApplication(resourceService, str);
                    arrayList2.add(orCreateAnApplication);
                    orCreateAnApplication.setDescription(mongoDBServer2.getDescription());
                    IPApplicationDefinition iPApplicationDefinition = new IPApplicationDefinition();
                    orCreateAnApplication.setApplicationDefinition(iPApplicationDefinition);
                    iPApplicationDefinition.setFrom("foilen/fcloud-docker-mongodb:" + mongoDBServer2.getVersion());
                    iPApplicationDefinition.setCommand("/mongodb-start.sh");
                    IPApplicationDefinitionAssetsBundle addAssetsBundle = iPApplicationDefinition.addAssetsBundle();
                    iPApplicationDefinition.addContainerUserToChangeId("mongodb", unixUser.getId());
                    iPApplicationDefinition.addPortEndpoint(27017, "MONGODB_TCP");
                    iPApplicationDefinition.setRunAs(unixUser.getId());
                    if (unixUser.getHomeFolder() != null) {
                        iPApplicationDefinition.addVolume(new IPApplicationDefinitionVolume(unixUser.getHomeFolder() + "/mongodb/" + str, "/var/lib/mongodb", unixUser.getId(), unixUser.getId(), "770"));
                    }
                    addAssetsBundle.addAssetContent("/newPass", mongoDBServer2.getRootPassword());
                    ActionsHandlerUtils.addOrUpdate(orCreateAnApplication, changesContext);
                    CommonResourceLink.syncToLinks(commonServicesContext, changesContext, orCreateAnApplication, "INSTALLED_ON", Machine.class, linkFindAllByFromResourceAndLinkTypeAndToResourceClass2);
                    CommonResourceLink.syncToLinks(commonServicesContext, changesContext, orCreateAnApplication, "RUN_AS", UnixUser.class, linkFindAllByFromResourceAndLinkTypeAndToResourceClass);
                    if (!linkFindAllByFromResourceAndLinkTypeAndToResourceClass2.isEmpty()) {
                        Application orCreateAnApplication2 = ActionsHandlerUtils.getOrCreateAnApplication(resourceService, str + "_manager");
                        arrayList2.add(orCreateAnApplication2);
                        orCreateAnApplication2.setDescription(mongoDBServer2.getDescription());
                        IPApplicationDefinition iPApplicationDefinition2 = new IPApplicationDefinition();
                        orCreateAnApplication2.setApplicationDefinition(iPApplicationDefinition2);
                        iPApplicationDefinition2.setFrom("foilen/database-tools:0.4.1");
                        iPApplicationDefinition2.setCommand("/app/bin/database-tools mongodb-manage --configFiles /manager-config.json --keepAlive");
                        iPApplicationDefinition2.addPortRedirect(27017, ((Machine) linkFindAllByFromResourceAndLinkTypeAndToResourceClass2.get(0)).getName(), str, "MONGODB_TCP");
                        iPApplicationDefinition2.setRunAs(unixUser.getId());
                        iPApplicationDefinition2.addCopyWhenStartedContent("/manager-config.json", JsonTools.prettyPrint(mongodbManagerConfig));
                        ActionsHandlerUtils.addOrUpdate(orCreateAnApplication2, changesContext);
                        CommonResourceLink.syncToLinks(commonServicesContext, changesContext, orCreateAnApplication2, "INSTALLED_ON", Machine.class, linkFindAllByFromResourceAndLinkTypeAndToResourceClass2);
                        CommonResourceLink.syncToLinks(commonServicesContext, changesContext, orCreateAnApplication2, "RUN_AS", UnixUser.class, linkFindAllByFromResourceAndLinkTypeAndToResourceClass);
                    }
                }
                CommonResourceLink.syncToLinks(commonServicesContext, changesContext, mongoDBServer2, "MANAGES", Application.class, arrayList2);
            });
        });
        return arrayList;
    }
}
