package io.quarkiverse.operatorsdk.deployment;

import io.dekorate.kubernetes.decorator.ResourceProvidingDecorator;
import io.fabric8.kubernetes.api.model.HasMetadata;
import io.fabric8.kubernetes.api.model.KubernetesListBuilder;
import io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding;
import io.fabric8.kubernetes.api.model.rbac.ClusterRoleBindingBuilder;
import io.fabric8.kubernetes.api.model.rbac.RoleBinding;
import io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder;
import io.quarkiverse.operatorsdk.runtime.BuildTimeOperatorConfiguration;
import io.quarkiverse.operatorsdk.runtime.QuarkusControllerConfiguration;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.eclipse.microprofile.config.ConfigProvider;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkiverse/operatorsdk/deployment/AddRoleBindingsDecorator.class */
public class AddRoleBindingsDecorator extends ResourceProvidingDecorator<KubernetesListBuilder> {
    protected static final String RBAC_AUTHORIZATION_GROUP = "rbac.authorization.k8s.io";
    protected static final String CLUSTER_ROLE = "ClusterRole";
    protected static final String SERVICE_ACCOUNT = "ServiceAccount";
    private final Collection<QuarkusControllerConfiguration> configs;
    private final BuildTimeOperatorConfiguration operatorConfiguration;
    private static final Logger log = Logger.getLogger(AddRoleBindingsDecorator.class);
    private static final ConcurrentMap<QuarkusControllerConfiguration, List<HasMetadata>> cachedBindings = new ConcurrentHashMap();
    private static final Optional<String> deployNamespace = ConfigProvider.getConfig().getOptionalValue("quarkus.kubernetes.namespace", String.class);

    public AddRoleBindingsDecorator(Collection<QuarkusControllerConfiguration> collection, BuildTimeOperatorConfiguration buildTimeOperatorConfiguration) {
        this.configs = collection;
        this.operatorConfiguration = buildTimeOperatorConfiguration;
    }

    public void visit(KubernetesListBuilder kubernetesListBuilder) {
        String name = getMandatoryDeploymentMetadata(kubernetesListBuilder).getName();
        this.configs.forEach(quarkusControllerConfiguration -> {
            kubernetesListBuilder.addAllToItems(cachedBindings.computeIfAbsent(quarkusControllerConfiguration, quarkusControllerConfiguration -> {
                return bindingsFor(quarkusControllerConfiguration, name);
            }));
        });
    }

    private List<HasMetadata> bindingsFor(QuarkusControllerConfiguration<?> quarkusControllerConfiguration, String str) {
        ArrayList arrayList;
        String name = quarkusControllerConfiguration.getName();
        Set namespaces = quarkusControllerConfiguration.getNamespaces();
        if (this.operatorConfiguration.crd.validate.booleanValue()) {
            ClusterRoleBinding createClusterRoleBinding = createClusterRoleBinding(str, name, name + "-crd-validating-role-binding", "validate CRDs", "josdk-crd-validating-cluster-role");
            arrayList = new ArrayList(namespaces.size() + 1);
            arrayList.add(createClusterRoleBinding);
        } else {
            arrayList = new ArrayList(namespaces.size());
        }
        String roleBindingName = getRoleBindingName(name);
        if (quarkusControllerConfiguration.watchCurrentNamespace()) {
            arrayList.add(createRoleBinding(roleBindingName, name, str, null));
        } else if (quarkusControllerConfiguration.watchAllNamespaces()) {
            arrayList.add(createClusterRoleBinding(str, name, name + "-cluster-role-binding", "watch all namespaces", AddClusterRolesDecorator.getClusterRoleName(name)));
        } else {
            ArrayList arrayList2 = arrayList;
            namespaces.forEach(str2 -> {
                arrayList2.add(createRoleBinding(roleBindingName, name, str, str2));
            });
        }
        return arrayList;
    }

    public static String getRoleBindingName(String str) {
        return str + "-role-binding";
    }

    private static RoleBinding createRoleBinding(String str, String str2, String str3, String str4) {
        log.infov("Creating ''{0}'' RoleBinding to be applied to {1}", str, (str4 == null ? "current" : "'" + str4 + "'") + " namespace");
        return ((RoleBindingBuilder) new RoleBindingBuilder().withNewMetadata().withName(str).withNamespace(deployNamespace.orElse(str4)).endMetadata()).withNewRoleRef(RBAC_AUTHORIZATION_GROUP, CLUSTER_ROLE, AddClusterRolesDecorator.getClusterRoleName(str2)).addNewSubject((String) null, SERVICE_ACCOUNT, str3, deployNamespace.orElse(null)).build();
    }

    private static ClusterRoleBinding createClusterRoleBinding(String str, String str2, String str3, String str4, String str5) {
        outputWarningIfNeeded(str2, str3, str4);
        String orElse = deployNamespace.orElse(null);
        log.infov("Creating ''{0}'' ClusterRoleBinding to be applied to ''{1}'' namespace", str3, orElse);
        return ((ClusterRoleBindingBuilder) ((ClusterRoleBindingBuilder) new ClusterRoleBindingBuilder().withNewMetadata().withName(str3).endMetadata()).withNewRoleRef(RBAC_AUTHORIZATION_GROUP, CLUSTER_ROLE, str5).addNewSubject().withKind(SERVICE_ACCOUNT).withName(str).withNamespace(orElse).endSubject()).build();
    }

    private static void outputWarningIfNeeded(String str, String str2, String str3) {
        if (deployNamespace.isEmpty()) {
            log.warnv("''{0}'' controller is configured to " + str3 + ", this requires a ClusterRoleBinding for which we MUST specify the namespace of the operator ServiceAccount. This can be specified by setting the ''quarkus.kubernetes.namespace'' property. However, as this property is not set, we are leaving the namespace blank to be provided by the user by editing the ''{1}'' ClusterRoleBinding to provide the namespace in which the operator will be deployed.", str, str2);
        }
    }
}
