package io.quarkiverse.operatorsdk.deployment;

import io.dekorate.kubernetes.decorator.ResourceProvidingDecorator;
import io.fabric8.kubernetes.api.model.HasMetadata;
import io.fabric8.kubernetes.api.model.KubernetesListBuilder;
import io.fabric8.kubernetes.api.model.rbac.ClusterRoleBindingBuilder;
import io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder;
import io.quarkiverse.operatorsdk.runtime.QuarkusControllerConfiguration;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;

/* loaded from: input_file:io/quarkiverse/operatorsdk/deployment/AddRoleBindingsDecorator.class */
public class AddRoleBindingsDecorator extends ResourceProvidingDecorator<KubernetesListBuilder> {
    private final Map<String, QuarkusControllerConfiguration> configs;
    private final boolean validateCRDs;
    private static final ConcurrentMap<String, Object> alreadyLogged = new ConcurrentHashMap();

    public AddRoleBindingsDecorator(Map<String, QuarkusControllerConfiguration> map, boolean z) {
        this.configs = map;
        this.validateCRDs = z;
    }

    public void visit(KubernetesListBuilder kubernetesListBuilder) {
        String name = getMandatoryDeploymentMetadata(kubernetesListBuilder).getName();
        for (Map.Entry<String, QuarkusControllerConfiguration> entry : this.configs.entrySet()) {
            String key = entry.getKey();
            QuarkusControllerConfiguration value = entry.getValue();
            if (value.watchCurrentNamespace()) {
                kubernetesListBuilder.addToItems(new HasMetadata[]{((RoleBindingBuilder) new RoleBindingBuilder().withNewMetadata().withName(key + "-role-binding").endMetadata()).withNewRoleRef("rbac.authorization.k8s.io", "ClusterRole", AddClusterRolesDecorator.getClusterRoleName(key)).addNewSubject((String) null, "ServiceAccount", name, (String) null).build()});
            } else if (value.watchAllNamespaces()) {
                String str = key + "-cluster-role-binding";
                if (alreadyLogged.putIfAbsent(key, new Object()) != null) {
                    OperatorSDKProcessor.log.warnv("''{0}'' controller is configured to watch all namespaces, this requires a ClusterRoleBinding for which we MUST specify the namespace of the operator ServiceAccount. However, at this information is not known at build time, we are leaving it blank and needs to be provided by the user by editing the ''{1}'' ClusterRoleBinding to provide the namespace in which the operator will be deployed.", key, str);
                }
                kubernetesListBuilder.addToItems(new HasMetadata[]{((ClusterRoleBindingBuilder) new ClusterRoleBindingBuilder().withNewMetadata().withName(str).endMetadata()).withNewRoleRef("rbac.authorization.k8s.io", "ClusterRole", AddClusterRolesDecorator.getClusterRoleName(key)).addNewSubject((String) null, "ServiceAccount", name, (String) null).build()});
            } else {
                value.getEffectiveNamespaces().forEach(obj -> {
                    kubernetesListBuilder.addToItems(new HasMetadata[]{((RoleBindingBuilder) new RoleBindingBuilder().withNewMetadata().withName(key + "-role-binding").withNamespace((String) obj).endMetadata()).withNewRoleRef("rbac.authorization.k8s.io", "ClusterRole", AddClusterRolesDecorator.getClusterRoleName(key)).addNewSubject((String) null, "ServiceAccount", name, (String) null).build()});
                });
            }
            if (this.validateCRDs) {
                kubernetesListBuilder.addToItems(new HasMetadata[]{((RoleBindingBuilder) new RoleBindingBuilder().withNewMetadata().withName(key + "-crd-validating-role-binding").endMetadata()).withNewRoleRef("rbac.authorization.k8s.io", "ClusterRole", "josdk-crd-validating-cluster-role").addNewSubject((String) null, "ServiceAccount", name, (String) null).build()});
            }
        }
    }
}
