package org.apache.pulsar.broker.admin.impl;

import com.google.common.collect.Lists;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.broker.admin.AdminResource;
import org.apache.pulsar.broker.admin.ZkAdminPaths;
import org.apache.pulsar.broker.web.RestException;
import org.apache.pulsar.common.naming.NamedEntity;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.Watcher;
import org.apache.zookeeper.data.Stat;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/pulsar/broker/admin/impl/TenantsBase.class */
public class TenantsBase extends AdminResource {
    private static final Logger log = LoggerFactory.getLogger(TenantsBase.class);

    @GET
    @ApiResponses({@ApiResponse(code = 403, message = "The requester doesn't have admin permissions"), @ApiResponse(code = 404, message = "Tenant doesn't exist")})
    @ApiOperation(value = "Get the list of existing tenants.", response = String.class, responseContainer = "List")
    public List<String> getTenants() {
        validateSuperUserAccess();
        try {
            List<String> children = globalZk().getChildren(path(ZkAdminPaths.POLICIES), false);
            children.sort(null);
            return children;
        } catch (Exception e) {
            log.error("[{}] Failed to get tenants list", clientAppId(), e);
            throw new RestException(e);
        }
    }

    @GET
    @ApiResponses({@ApiResponse(code = 403, message = "The requester doesn't have admin permissions"), @ApiResponse(code = 404, message = "Tenant does not exist")})
    @Path("/{tenant}")
    @ApiOperation("Get the admin configuration for a given tenant.")
    public TenantInfo getTenantAdmin(@PathParam("tenant") @ApiParam("The tenant name") String str) {
        validateSuperUserAccess();
        try {
            return (TenantInfo) tenantsCache().get(path(ZkAdminPaths.POLICIES, str)).orElseThrow(() -> {
                return new RestException(Response.Status.NOT_FOUND, "Tenant does not exist");
            });
        } catch (Exception e) {
            log.error("[{}] Failed to get tenant {}", new Object[]{clientAppId(), str, e});
            throw new RestException(e);
        }
    }

    @ApiResponses({@ApiResponse(code = 403, message = "The requester doesn't have admin permissions"), @ApiResponse(code = 409, message = "Tenant already exists"), @ApiResponse(code = 412, message = "Tenant name is not valid"), @ApiResponse(code = 412, message = "Clusters can not be empty"), @ApiResponse(code = 412, message = "Clusters do not exist")})
    @Path("/{tenant}")
    @ApiOperation(value = "Create a new tenant.", notes = "This operation requires Pulsar super-user privileges.")
    @PUT
    public void createTenant(@PathParam("tenant") @ApiParam("The tenant name") String str, @ApiParam("TenantInfo") TenantInfo tenantInfo) {
        List children;
        validateSuperUserAccess();
        validatePoliciesReadOnlyAccess();
        validateClusters(tenantInfo);
        try {
            NamedEntity.checkName(str);
            int maxTenants = pulsar().getConfiguration().getMaxTenants();
            if (maxTenants > 0 && (children = globalZk().getChildren(path(ZkAdminPaths.POLICIES), false)) != null && children.size() >= maxTenants) {
                throw new RestException(Response.Status.PRECONDITION_FAILED, "Exceed the maximum number of tenants");
            }
            zkCreate(path(ZkAdminPaths.POLICIES, str), jsonMapper().writeValueAsBytes(tenantInfo));
            log.info("[{}] Created tenant {}", clientAppId(), str);
        } catch (IllegalArgumentException e) {
            log.warn("[{}] Failed to create tenant with invalid name {}", new Object[]{clientAppId(), str, e});
            throw new RestException(Response.Status.PRECONDITION_FAILED, "Tenant name is not valid");
        } catch (KeeperException.NodeExistsException e2) {
            log.warn("[{}] Failed to create already existing tenant {}", clientAppId(), str);
            throw new RestException(Response.Status.CONFLICT, "Tenant already exists");
        } catch (Exception e3) {
            log.error("[{}] Failed to create tenant {}", new Object[]{clientAppId(), str, e3});
            throw new RestException(e3);
        }
    }

    @ApiResponses({@ApiResponse(code = 403, message = "The requester doesn't have admin permissions"), @ApiResponse(code = 404, message = "Tenant does not exist"), @ApiResponse(code = 409, message = "Tenant already exists"), @ApiResponse(code = 412, message = "Clusters can not be empty"), @ApiResponse(code = 412, message = "Clusters do not exist")})
    @Path("/{tenant}")
    @ApiOperation(value = "Update the admins for a tenant.", notes = "This operation requires Pulsar super-user privileges.")
    @POST
    public void updateTenant(@PathParam("tenant") @ApiParam("The tenant name") String str, @ApiParam("TenantInfo") TenantInfo tenantInfo) {
        validateSuperUserAccess();
        validatePoliciesReadOnlyAccess();
        validateClusters(tenantInfo);
        try {
            TenantInfo tenantInfo2 = (TenantInfo) jsonMapper().readValue(globalZk().getData(path(ZkAdminPaths.POLICIES, str), (Watcher) null, new Stat()), TenantInfo.class);
            ArrayList newArrayList = Lists.newArrayList();
            if (tenantInfo2.getAllowedClusters().size() > tenantInfo.getAllowedClusters().size()) {
                tenantInfo2.getAllowedClusters().removeAll(tenantInfo.getAllowedClusters());
                log.debug("Following clusters are being removed : [{}]", tenantInfo2.getAllowedClusters());
                for (String str2 : tenantInfo2.getAllowedClusters()) {
                    if (!"global".equals(str2)) {
                        Lists.newArrayList();
                        try {
                            if (globalZk().getChildren(path(ZkAdminPaths.POLICIES, str, str2), false).size() != 0) {
                                newArrayList.add(str2);
                            }
                        } catch (KeeperException.NoNodeException e) {
                        }
                    }
                }
                if (!newArrayList.isEmpty()) {
                    throw new RestException(Response.Status.CONFLICT, String.format("Failed to update the tenant because active namespaces are present in colos %s. Please delete those namespaces first", newArrayList));
                }
            }
            String path = path(ZkAdminPaths.POLICIES, str);
            globalZk().setData(path, jsonMapper().writeValueAsBytes(tenantInfo), -1);
            globalZkCache().invalidate(path);
            log.info("[{}] updated tenant {}", clientAppId(), str);
        } catch (KeeperException.NoNodeException e2) {
            log.warn("[{}] Failed to update tenant {}: does not exist", clientAppId(), str);
            throw new RestException(Response.Status.NOT_FOUND, "Tenant does not exist");
        } catch (Exception e3) {
            log.error("[{}] Failed to update tenant {}", new Object[]{clientAppId(), str, e3});
            throw new RestException(e3);
        } catch (RestException e4) {
            throw e4;
        }
    }

    @ApiResponses({@ApiResponse(code = 403, message = "The requester doesn't have admin permissions"), @ApiResponse(code = 404, message = "Tenant does not exist"), @ApiResponse(code = 409, message = "The tenant still has active namespaces")})
    @Path("/{tenant}")
    @DELETE
    @ApiOperation("Delete a tenant and all namespaces and topics under it.")
    public void deleteTenant(@PathParam("tenant") @ApiParam("The tenant name") String str) {
        validateSuperUserAccess();
        validatePoliciesReadOnlyAccess();
        try {
            if (!getListOfNamespaces(str).isEmpty()) {
                log.warn("[{}] Failed to delete tenant {}: not empty", clientAppId(), str);
                throw new RestException(Response.Status.CONFLICT, "The tenant still has active namespaces");
            }
            try {
                Iterator it = globalZk().getChildren(path(ZkAdminPaths.POLICIES, str), false).iterator();
                while (it.hasNext()) {
                    globalZk().delete(path(ZkAdminPaths.POLICIES, str, (String) it.next()), -1);
                }
                globalZk().delete(path(ZkAdminPaths.POLICIES, str), -1);
                log.info("[{}] Deleted tenant {}", clientAppId(), str);
            } catch (KeeperException.NoNodeException e) {
                log.warn("[{}] Failed to delete tenant {}: does not exist", clientAppId(), str);
                throw new RestException(Response.Status.NOT_FOUND, "The tenant does not exist");
            } catch (Exception e2) {
                log.error("[{}] Failed to delete tenant {}", new Object[]{clientAppId(), str, e2});
                throw new RestException(e2);
            }
        } catch (KeeperException.NoNodeException e3) {
            log.warn("[{}] Failed to delete tenant {}: does not exist", clientAppId(), str);
            throw new RestException(Response.Status.NOT_FOUND, "The tenant does not exist");
        } catch (Exception e4) {
            log.error("[{}] Failed to get tenant status {}", new Object[]{clientAppId(), str, e4});
            throw new RestException(e4);
        }
    }

    private void validateClusters(TenantInfo tenantInfo) {
        if (tenantInfo == null || ((Set) tenantInfo.getAllowedClusters().stream().filter(str -> {
            return !StringUtils.isBlank(str);
        }).collect(Collectors.toSet())).isEmpty() || tenantInfo.getAllowedClusters().stream().anyMatch(str2 -> {
            return StringUtils.isBlank(str2);
        })) {
            log.warn("[{}] Failed to validate due to clusters are empty", clientAppId());
            throw new RestException(Response.Status.PRECONDITION_FAILED, "Clusters can not be empty");
        }
        try {
            Set set = clustersListCache().get();
            List list = (List) tenantInfo.getAllowedClusters().stream().filter(str3 -> {
                return (set.contains(str3) || "global".equals(str3)) ? false : true;
            }).collect(Collectors.toList());
            if (list.size() > 0) {
                log.warn("[{}] Failed to validate due to clusters {} do not exist", clientAppId(), list);
                throw new RestException(Response.Status.PRECONDITION_FAILED, "Clusters do not exist");
            }
        } catch (Exception e) {
            log.error("[{}] Failed to get available clusters", clientAppId(), e);
            throw new RestException(e);
        }
    }
}
