package io.quarkus.vault.runtime;

import io.quarkus.vault.VaultKubernetesAuthReactiveService;
import io.quarkus.vault.auth.VaultKubernetesAuthConfig;
import io.quarkus.vault.auth.VaultKubernetesAuthRole;
import io.quarkus.vault.runtime.client.VaultClient;
import io.quarkus.vault.runtime.client.VaultClientException;
import io.quarkus.vault.runtime.client.authmethod.VaultInternalKubernetesAuthMethod;
import io.quarkus.vault.runtime.client.dto.auth.VaultKubernetesAuthConfigData;
import io.quarkus.vault.runtime.client.dto.auth.VaultKubernetesAuthListRolesData;
import io.quarkus.vault.runtime.client.dto.auth.VaultKubernetesAuthRoleData;
import io.smallrye.mutiny.Uni;
import java.util.Collections;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/vault/runtime/VaultKubernetesAuthManager.class */
public class VaultKubernetesAuthManager implements VaultKubernetesAuthReactiveService {

    @Inject
    private VaultClient vaultClient;

    @Inject
    private VaultAuthManager vaultAuthManager;

    @Inject
    private VaultInternalKubernetesAuthMethod vaultInternalKubernetesAuthMethod;

    @Override // io.quarkus.vault.VaultKubernetesAuthReactiveService
    public Uni<Void> configure(VaultKubernetesAuthConfig vaultKubernetesAuthConfig) {
        return this.vaultAuthManager.getClientToken(this.vaultClient).flatMap(str -> {
            return this.vaultInternalKubernetesAuthMethod.configureAuth(this.vaultClient, str, new VaultKubernetesAuthConfigData().setIssuer(vaultKubernetesAuthConfig.issuer).setKubernetesCaCert(vaultKubernetesAuthConfig.kubernetesCaCert).setKubernetesHost(vaultKubernetesAuthConfig.kubernetesHost).setPemKeys(vaultKubernetesAuthConfig.pemKeys).setTokenReviewerJwt(vaultKubernetesAuthConfig.tokenReviewerJwt));
        });
    }

    @Override // io.quarkus.vault.VaultKubernetesAuthReactiveService
    public Uni<VaultKubernetesAuthConfig> getConfig() {
        return this.vaultAuthManager.getClientToken(this.vaultClient).flatMap(str -> {
            return this.vaultInternalKubernetesAuthMethod.readAuthConfig(this.vaultClient, str).map(vaultKubernetesAuthConfigResult -> {
                return new VaultKubernetesAuthConfig().setKubernetesCaCert(((VaultKubernetesAuthConfigData) vaultKubernetesAuthConfigResult.data).kubernetesCaCert).setKubernetesHost(((VaultKubernetesAuthConfigData) vaultKubernetesAuthConfigResult.data).kubernetesHost).setIssuer(((VaultKubernetesAuthConfigData) vaultKubernetesAuthConfigResult.data).issuer).setPemKeys(((VaultKubernetesAuthConfigData) vaultKubernetesAuthConfigResult.data).pemKeys).setTokenReviewerJwt(((VaultKubernetesAuthConfigData) vaultKubernetesAuthConfigResult.data).tokenReviewerJwt);
            });
        });
    }

    @Override // io.quarkus.vault.VaultKubernetesAuthReactiveService
    public Uni<VaultKubernetesAuthRole> getRole(String str) {
        return this.vaultAuthManager.getClientToken(this.vaultClient).flatMap(str2 -> {
            return this.vaultInternalKubernetesAuthMethod.getVaultAuthRole(this.vaultClient, str2, str).map(vaultKubernetesAuthReadRoleResult -> {
                VaultKubernetesAuthRoleData vaultKubernetesAuthRoleData = (VaultKubernetesAuthRoleData) vaultKubernetesAuthReadRoleResult.data;
                return new VaultKubernetesAuthRole().setBoundServiceAccountNames(vaultKubernetesAuthRoleData.boundServiceAccountNames).setBoundServiceAccountNamespaces(vaultKubernetesAuthRoleData.boundServiceAccountNamespaces).setAudience(vaultKubernetesAuthRoleData.audience).setTokenTtl(vaultKubernetesAuthRoleData.tokenTtl).setTokenMaxTtl(vaultKubernetesAuthRoleData.tokenMaxTtl).setTokenPolicies(vaultKubernetesAuthRoleData.tokenPolicies).setTokenBoundCidrs(vaultKubernetesAuthRoleData.tokenBoundCidrs).setTokenExplicitMaxTtl(vaultKubernetesAuthRoleData.tokenExplicitMaxTtl).setTokenNoDefaultPolicy(vaultKubernetesAuthRoleData.tokenNoDefaultPolicy).setTokenNumUses(vaultKubernetesAuthRoleData.tokenNumUses).setTokenPeriod(vaultKubernetesAuthRoleData.tokenPeriod).setTokenType(vaultKubernetesAuthRoleData.tokenType);
            });
        });
    }

    @Override // io.quarkus.vault.VaultKubernetesAuthReactiveService
    public Uni<Void> createRole(String str, VaultKubernetesAuthRole vaultKubernetesAuthRole) {
        VaultKubernetesAuthRoleData tokenType = new VaultKubernetesAuthRoleData().setBoundServiceAccountNames(vaultKubernetesAuthRole.boundServiceAccountNames).setBoundServiceAccountNamespaces(vaultKubernetesAuthRole.boundServiceAccountNamespaces).setAudience(vaultKubernetesAuthRole.audience).setTokenTtl(vaultKubernetesAuthRole.tokenTtl).setTokenMaxTtl(vaultKubernetesAuthRole.tokenMaxTtl).setTokenPolicies(vaultKubernetesAuthRole.tokenPolicies).setTokenBoundCidrs(vaultKubernetesAuthRole.tokenBoundCidrs).setTokenExplicitMaxTtl(vaultKubernetesAuthRole.tokenExplicitMaxTtl).setTokenNoDefaultPolicy(vaultKubernetesAuthRole.tokenNoDefaultPolicy).setTokenNumUses(vaultKubernetesAuthRole.tokenNumUses).setTokenPeriod(vaultKubernetesAuthRole.tokenPeriod).setTokenType(vaultKubernetesAuthRole.tokenType);
        return this.vaultAuthManager.getClientToken(this.vaultClient).flatMap(str2 -> {
            return this.vaultInternalKubernetesAuthMethod.createAuthRole(this.vaultClient, str2, str, tokenType);
        });
    }

    @Override // io.quarkus.vault.VaultKubernetesAuthReactiveService
    public Uni<List<String>> getRoles() {
        return this.vaultAuthManager.getClientToken(this.vaultClient).flatMap(str -> {
            return this.vaultInternalKubernetesAuthMethod.listAuthRoles(this.vaultClient, str).map(vaultKubernetesAuthListRolesResult -> {
                return ((VaultKubernetesAuthListRolesData) vaultKubernetesAuthListRolesResult.data).keys;
            }).onFailure(VaultClientException.class).recoverWithUni(th -> {
                return ((VaultClientException) th).getStatus() == 404 ? Uni.createFrom().item(Collections.emptyList()) : Uni.createFrom().failure(th);
            });
        });
    }

    @Override // io.quarkus.vault.VaultKubernetesAuthReactiveService
    public Uni<Void> deleteRole(String str) {
        return this.vaultAuthManager.getClientToken(this.vaultClient).flatMap(str2 -> {
            return this.vaultInternalKubernetesAuthMethod.deleteAuthRoles(this.vaultClient, str2, str);
        });
    }
}
