package io.fabric8.istio.api.examples.v1beta1;

import io.fabric8.istio.api.security.v1beta1.AuthorizationPolicyAction;
import io.fabric8.istio.api.security.v1beta1.AuthorizationPolicyBuilder;
import io.fabric8.istio.api.security.v1beta1.AuthorizationPolicyList;
import io.fabric8.istio.api.security.v1beta1.Condition;
import io.fabric8.istio.api.security.v1beta1.ConditionBuilder;
import io.fabric8.istio.api.security.v1beta1.OperationBuilder;
import io.fabric8.istio.api.security.v1beta1.Rule;
import io.fabric8.istio.api.security.v1beta1.RuleBuilder;
import io.fabric8.istio.api.security.v1beta1.RuleFrom;
import io.fabric8.istio.api.security.v1beta1.RuleFromBuilder;
import io.fabric8.istio.api.security.v1beta1.RuleTo;
import io.fabric8.istio.api.security.v1beta1.RuleToBuilder;
import io.fabric8.istio.api.security.v1beta1.SourceBuilder;
import io.fabric8.istio.api.type.v1beta1.WorkloadSelectorBuilder;
import io.fabric8.istio.client.IstioClient;
import io.fabric8.kubernetes.client.KubernetesClientException;
import io.fabric8.kubernetes.client.dsl.NonNamespaceOperation;
import java.util.Collections;

/* loaded from: input_file:io/fabric8/istio/api/examples/v1beta1/AuthorizationPolicyExample.class */
public class AuthorizationPolicyExample {
    private static final String NAMESPACE = "test";

    public static void main(String[] strArr) {
        try {
            createResource(ClientFactory.newClient(strArr));
            System.exit(0);
        } catch (KubernetesClientException e) {
            System.err.println("Failed with " + e.getMessage());
            System.exit(1);
        }
    }

    public static void createResource(IstioClient istioClient) {
        System.out.println("Creating a AuthorizationPolicy entry");
        ((NonNamespaceOperation) istioClient.v1beta1().authorizationPolicies().inNamespace(NAMESPACE)).create(((AuthorizationPolicyBuilder) ((AuthorizationPolicyBuilder) new AuthorizationPolicyBuilder().withNewMetadata().withName("httpbin").endMetadata()).withNewSpec().withSelector(new WorkloadSelectorBuilder().withMatchLabels(Collections.singletonMap("app", "httpbin")).build()).withAction(AuthorizationPolicyAction.DENY).withRules(new Rule[]{new RuleBuilder().withFrom(new RuleFrom[]{new RuleFromBuilder().withSource(new SourceBuilder().withPrincipals(new String[]{"cluster.local/ns/default/sa/sleep"}).build()).build(), new RuleFromBuilder().withSource(new SourceBuilder().withNamespaces(new String[]{"dev"}).build()).build()}).withTo(new RuleTo[]{new RuleToBuilder().withOperation(new OperationBuilder().withMethods(new String[]{"GET"}).build()).build()}).withWhen(new Condition[]{new ConditionBuilder().withKey("request.auth.claims[iss]").withValues(new String[]{"https://accounts.google.com"}).build()}).build()}).endSpec()).build());
        System.out.println("Listing AuthorizationPolicy instances:");
        ((AuthorizationPolicyList) ((NonNamespaceOperation) istioClient.v1beta1().authorizationPolicies().inNamespace(NAMESPACE)).list()).getItems().forEach(authorizationPolicy -> {
            System.out.println(authorizationPolicy.getMetadata().getName());
        });
        System.out.println("Done");
    }
}
