package org.apache.pulsar.broker.admin.impl;

import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.container.AsyncResponse;
import javax.ws.rs.container.Suspended;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.broker.web.PulsarWebResource;
import org.apache.pulsar.broker.web.RestException;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.common.naming.NamedEntity;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.apache.pulsar.common.policies.data.TenantInfoImpl;
import org.apache.pulsar.common.util.FutureUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/pulsar/broker/admin/impl/TenantsBase.class */
public class TenantsBase extends PulsarWebResource {
    private static final Logger log = LoggerFactory.getLogger(TenantsBase.class);

    @GET
    @ApiResponses({@ApiResponse(code = 403, message = "The requester doesn't have admin permissions"), @ApiResponse(code = 404, message = "Tenant doesn't exist")})
    @ApiOperation(value = "Get the list of existing tenants.", response = String.class, responseContainer = "List")
    public void getTenants(@Suspended AsyncResponse asyncResponse) {
        String clientAppId = clientAppId();
        validateSuperUserAccessAsync().thenCompose(r3 -> {
            return tenantResources().listTenantsAsync();
        }).thenAccept((Consumer<? super U>) list -> {
            ArrayList arrayList = new ArrayList(list);
            arrayList.sort(null);
            asyncResponse.resume(arrayList);
        }).exceptionally(th -> {
            log.error("[{}] Failed to get tenants list", clientAppId, th);
            resumeAsyncResponseExceptionally(asyncResponse, th);
            return null;
        });
    }

    @GET
    @ApiResponses({@ApiResponse(code = 403, message = "The requester doesn't have admin permissions"), @ApiResponse(code = 404, message = "Tenant does not exist")})
    @Path("/{tenant}")
    @ApiOperation(value = "Get the admin configuration for a given tenant.", response = TenantInfo.class)
    public void getTenantAdmin(@Suspended AsyncResponse asyncResponse, @PathParam("tenant") @ApiParam("The tenant name") String str) {
        String clientAppId = clientAppId();
        CompletableFuture thenApply = validateSuperUserAccessAsync().thenCompose(r5 -> {
            return tenantResources().getTenantAsync(str);
        }).thenApply((Function<? super U, ? extends U>) optional -> {
            if (optional.isPresent()) {
                return (TenantInfo) optional.get();
            }
            throw new RestException(Response.Status.NOT_FOUND, "Tenant does not exist");
        });
        Objects.requireNonNull(asyncResponse);
        thenApply.thenAccept((v1) -> {
            r1.resume(v1);
        }).exceptionally(th -> {
            log.error("[{}] Failed to get tenant admin {}", clientAppId, th);
            resumeAsyncResponseExceptionally(asyncResponse, th);
            return null;
        });
    }

    @ApiResponses({@ApiResponse(code = 204, message = "Operation successful"), @ApiResponse(code = 403, message = "The requester doesn't have admin permissions"), @ApiResponse(code = 409, message = "Tenant already exists"), @ApiResponse(code = 412, message = "Tenant name is not valid"), @ApiResponse(code = 412, message = "Clusters can not be empty"), @ApiResponse(code = 412, message = "Clusters do not exist")})
    @Path("/{tenant}")
    @ApiOperation(value = "Create a new tenant.", notes = "This operation requires Pulsar super-user privileges.")
    @PUT
    public void createTenant(@Suspended AsyncResponse asyncResponse, @PathParam("tenant") @ApiParam("The tenant name") String str, @ApiParam("TenantInfo") TenantInfoImpl tenantInfoImpl) {
        String clientAppId = clientAppId();
        try {
            NamedEntity.checkName(str);
            validateSuperUserAccessAsync().thenCompose(r3 -> {
                return validatePoliciesReadOnlyAccessAsync();
            }).thenCompose((Function<? super U, ? extends CompletionStage<U>>) r5 -> {
                return validateClustersAsync(tenantInfoImpl);
            }).thenCompose(r52 -> {
                return validateAdminRoleAsync(tenantInfoImpl);
            }).thenCompose(r53 -> {
                return tenantResources().tenantExistsAsync(str);
            }).thenAccept(bool -> {
                if (bool.booleanValue()) {
                    throw new RestException(Response.Status.CONFLICT, "Tenant already exist");
                }
            }).thenCompose(r32 -> {
                return tenantResources().listTenantsAsync();
            }).thenAccept((Consumer<? super U>) list -> {
                int maxTenants = pulsar().getConfiguration().getMaxTenants();
                if (maxTenants > 0 && list != null && list.size() >= maxTenants) {
                    throw new RestException(Response.Status.PRECONDITION_FAILED, "Exceed the maximum number of tenants");
                }
            }).thenCompose(r7 -> {
                return tenantResources().createTenantAsync(str, tenantInfoImpl);
            }).thenAccept((Consumer<? super U>) r8 -> {
                log.info("[{}] Created tenant {}", clientAppId, str);
                asyncResponse.resume(Response.noContent().build());
            }).exceptionally(th -> {
                log.error("[{}] Failed to create tenant {}", new Object[]{clientAppId, str, th});
                resumeAsyncResponseExceptionally(asyncResponse, th);
                return null;
            });
        } catch (IllegalArgumentException e) {
            log.warn("[{}] Failed to create tenant with invalid name {}", new Object[]{clientAppId, str, e});
            asyncResponse.resume(new RestException(Response.Status.PRECONDITION_FAILED, "Tenant name is not valid"));
        }
    }

    @ApiResponses({@ApiResponse(code = 204, message = "Operation successful"), @ApiResponse(code = 403, message = "The requester doesn't have admin permissions"), @ApiResponse(code = 404, message = "Tenant does not exist"), @ApiResponse(code = 409, message = "Tenant already exists"), @ApiResponse(code = 412, message = "Clusters can not be empty"), @ApiResponse(code = 412, message = "Clusters do not exist")})
    @Path("/{tenant}")
    @ApiOperation(value = "Update the admins for a tenant.", notes = "This operation requires Pulsar super-user privileges.")
    @POST
    public void updateTenant(@Suspended AsyncResponse asyncResponse, @PathParam("tenant") @ApiParam("The tenant name") String str, @ApiParam("TenantInfo") TenantInfoImpl tenantInfoImpl) {
        String clientAppId = clientAppId();
        validateSuperUserAccessAsync().thenCompose(r3 -> {
            return validatePoliciesReadOnlyAccessAsync();
        }).thenCompose((Function<? super U, ? extends CompletionStage<U>>) r5 -> {
            return validateClustersAsync(tenantInfoImpl);
        }).thenCompose(r52 -> {
            return validateAdminRoleAsync(tenantInfoImpl);
        }).thenCompose(r53 -> {
            return tenantResources().getTenantAsync(str);
        }).thenCompose(optional -> {
            if (!optional.isPresent()) {
                throw new RestException(Response.Status.NOT_FOUND, "Tenant " + str + " not found");
            }
            TenantInfo tenantInfo = (TenantInfo) optional.get();
            return canUpdateCluster(str, tenantInfo.getAllowedClusters(), new HashSet(tenantInfoImpl.getAllowedClusters()));
        }).thenCompose(r7 -> {
            return tenantResources().updateTenantAsync(str, tenantInfo -> {
                return tenantInfoImpl;
            });
        }).thenAccept(r8 -> {
            log.info("[{}] Successfully updated tenant info {}", clientAppId, str);
            asyncResponse.resume(Response.noContent().build());
        }).exceptionally(th -> {
            log.warn("[{}] Failed to update tenant {}", new Object[]{clientAppId, str, th});
            resumeAsyncResponseExceptionally(asyncResponse, th);
            return null;
        });
    }

    @ApiResponses({@ApiResponse(code = 204, message = "Operation successful"), @ApiResponse(code = 403, message = "The requester doesn't have admin permissions"), @ApiResponse(code = 404, message = "Tenant does not exist"), @ApiResponse(code = 405, message = "Broker doesn't allow forced deletion of tenants"), @ApiResponse(code = 409, message = "The tenant still has active namespaces")})
    @Path("/{tenant}")
    @DELETE
    @ApiOperation("Delete a tenant and all namespaces and topics under it.")
    public void deleteTenant(@Suspended AsyncResponse asyncResponse, @PathParam("tenant") @ApiParam("The tenant name") String str, @QueryParam("force") @DefaultValue("false") boolean z) {
        String clientAppId = clientAppId();
        validateSuperUserAccessAsync().thenCompose(r3 -> {
            return validatePoliciesReadOnlyAccessAsync();
        }).thenCompose((Function<? super U, ? extends CompletionStage<U>>) r7 -> {
            return internalDeleteTenant(str, z);
        }).thenAccept(r8 -> {
            log.info("[{}] Deleted tenant {}", clientAppId, str);
            asyncResponse.resume(Response.noContent().build());
        }).exceptionally(th -> {
            Throwable unwrapCompletionException = FutureUtil.unwrapCompletionException(th);
            log.error("[{}] Failed to delete tenant {}", new Object[]{clientAppId, str, unwrapCompletionException});
            if (unwrapCompletionException instanceof IllegalStateException) {
                asyncResponse.resume(new RestException(Response.Status.CONFLICT, unwrapCompletionException));
                return null;
            }
            resumeAsyncResponseExceptionally(asyncResponse, unwrapCompletionException);
            return null;
        });
    }

    protected CompletableFuture<Void> internalDeleteTenant(String str, boolean z) {
        return z ? internalDeleteTenantAsyncForcefully(str) : internalDeleteTenantAsync(str);
    }

    protected CompletableFuture<Void> internalDeleteTenantAsync(String str) {
        return tenantResources().tenantExistsAsync(str).thenAccept(bool -> {
            if (!bool.booleanValue()) {
                throw new RestException(Response.Status.NOT_FOUND, "Tenant doesn't exist");
            }
        }).thenCompose(r5 -> {
            return hasActiveNamespace(str);
        }).thenCompose((Function<? super U, ? extends CompletionStage<U>>) r52 -> {
            return tenantResources().deleteTenantAsync(str);
        }).thenCompose(r53 -> {
            return pulsar().getPulsarResources().getTopicResources().clearTenantPersistence(str);
        }).thenCompose(r54 -> {
            return pulsar().getPulsarResources().getNamespaceResources().deleteTenantAsync(str);
        }).thenCompose(r55 -> {
            return pulsar().getPulsarResources().getNamespaceResources().getPartitionedTopicResources().clearPartitionedTopicTenantAsync(str);
        }).thenCompose(r56 -> {
            return pulsar().getPulsarResources().getLocalPolicies().deleteLocalPoliciesTenantAsync(str);
        }).thenCompose(r57 -> {
            return pulsar().getPulsarResources().getLoadBalanceResources().getBundleDataResources().deleteBundleDataTenantAsync(str);
        });
    }

    protected CompletableFuture<Void> internalDeleteTenantAsyncForcefully(String str) {
        return !pulsar().getConfiguration().isForceDeleteTenantAllowed() ? FutureUtil.failedFuture(new RestException(Response.Status.METHOD_NOT_ALLOWED, "Broker doesn't allow forced deletion of tenants")) : tenantResources().getListOfNamespacesAsync(str).thenApply(list -> {
            ArrayList arrayList = new ArrayList();
            try {
                PulsarAdmin adminClient = pulsar().getAdminClient();
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    arrayList.add(adminClient.namespaces().deleteNamespaceAsync((String) it.next(), true));
                }
                return arrayList;
            } catch (Exception e) {
                log.error("[{}] Failed to force delete namespaces {}", new Object[]{clientAppId(), list, e});
                throw new RestException(e);
            }
        }).thenCompose(list2 -> {
            return FutureUtil.waitForAll(list2);
        }).thenCompose(r5 -> {
            return internalDeleteTenantAsync(str);
        });
    }

    private CompletableFuture<Void> validateClustersAsync(TenantInfo tenantInfo) {
        if (tenantInfo != null && !((Set) tenantInfo.getAllowedClusters().stream().filter(str -> {
            return !StringUtils.isBlank(str);
        }).collect(Collectors.toSet())).isEmpty() && !tenantInfo.getAllowedClusters().stream().anyMatch(str2 -> {
            return StringUtils.isBlank(str2);
        })) {
            return clusterResources().listAsync().thenAccept(set -> {
                List list = (List) tenantInfo.getAllowedClusters().stream().filter(str3 -> {
                    return (set.contains(str3) || "global".equals(str3)) ? false : true;
                }).collect(Collectors.toList());
                if (list.size() > 0) {
                    log.warn("[{}] Failed to validate due to clusters {} do not exist", clientAppId(), list);
                    throw new RestException(Response.Status.PRECONDITION_FAILED, "Clusters do not exist");
                }
            });
        }
        log.warn("[{}] Failed to validate due to clusters are empty", clientAppId());
        return FutureUtil.failedFuture(new RestException(Response.Status.PRECONDITION_FAILED, "Clusters can not be empty"));
    }

    private CompletableFuture<Void> validateAdminRoleAsync(TenantInfoImpl tenantInfoImpl) {
        if (tenantInfoImpl.getAdminRoles() != null && !tenantInfoImpl.getAdminRoles().isEmpty()) {
            for (String str : tenantInfoImpl.getAdminRoles()) {
                if (!StringUtils.trim(str).equals(str)) {
                    log.warn("[{}] Failed to validate due to adminRole {} contains whitespace in the beginning or end.", clientAppId(), str);
                    return FutureUtil.failedFuture(new RestException(Response.Status.PRECONDITION_FAILED, "AdminRoles contains whitespace in the beginning or end."));
                }
            }
        }
        return CompletableFuture.completedFuture(null);
    }
}
