package org.apache.provisionr.amazon.activities;

import com.amazonaws.AmazonServiceException;
import com.amazonaws.services.ec2.AmazonEC2;
import com.amazonaws.services.ec2.model.AuthorizeSecurityGroupIngressRequest;
import com.amazonaws.services.ec2.model.CreateSecurityGroupRequest;
import com.amazonaws.services.ec2.model.DescribeSecurityGroupsRequest;
import com.amazonaws.services.ec2.model.IpPermission;
import com.amazonaws.services.ec2.model.RevokeSecurityGroupIngressRequest;
import com.amazonaws.services.ec2.model.SecurityGroup;
import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Sets;
import java.util.Set;
import org.activiti.engine.delegate.DelegateExecution;
import org.apache.provisionr.amazon.core.ErrorCodes;
import org.apache.provisionr.amazon.core.ProviderClientCache;
import org.apache.provisionr.amazon.core.SecurityGroups;
import org.apache.provisionr.amazon.functions.ConvertRuleToIpPermission;
import org.apache.provisionr.api.network.Network;
import org.apache.provisionr.api.pool.Pool;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/provisionr/amazon/activities/EnsureSecurityGroupExists.class */
public class EnsureSecurityGroupExists extends AmazonActivity {
    public static final Logger LOG = LoggerFactory.getLogger(EnsureSecurityGroupExists.class);

    public EnsureSecurityGroupExists(ProviderClientCache providerClientCache) {
        super(providerClientCache);
    }

    @Override // org.apache.provisionr.amazon.activities.AmazonActivity
    public void execute(AmazonEC2 amazonEC2, Pool pool, DelegateExecution delegateExecution) {
        String processBusinessKey = delegateExecution.getProcessBusinessKey();
        String formatNameFromBusinessKey = SecurityGroups.formatNameFromBusinessKey(processBusinessKey);
        try {
            LOG.info(">> Creating Security Group with name {}", formatNameFromBusinessKey);
            LOG.info("<< Created Security Group with ID {}", amazonEC2.createSecurityGroup(new CreateSecurityGroupRequest().withGroupName(formatNameFromBusinessKey).withDescription("Security Group for " + processBusinessKey)).getGroupId());
        } catch (AmazonServiceException e) {
            if (!e.getErrorCode().equals(ErrorCodes.DUPLICATE_SECURITY_GROUP)) {
                throw Throwables.propagate(e);
            }
            LOG.warn(String.format("<< Security Group %s already exists. Synchronizing ingress rules.", formatNameFromBusinessKey), e);
        }
        synchronizeIngressRules(amazonEC2, formatNameFromBusinessKey, pool.getNetwork());
    }

    private void synchronizeIngressRules(AmazonEC2 amazonEC2, String str, Network network) {
        ImmutableSet copyOf = ImmutableSet.copyOf(((SecurityGroup) Iterables.getOnlyElement(amazonEC2.describeSecurityGroups(new DescribeSecurityGroupsRequest().withGroupNames(new String[]{str})).getSecurityGroups())).getIpPermissions());
        ImmutableSet copyOf2 = ImmutableSet.copyOf(Iterables.transform(network.getIngress(), ConvertRuleToIpPermission.FUNCTION));
        authorizeIngressRules(amazonEC2, str, Sets.difference(copyOf2, copyOf));
        revokeIngressRules(amazonEC2, str, Sets.difference(copyOf, copyOf2));
    }

    private void authorizeIngressRules(AmazonEC2 amazonEC2, String str, Set<IpPermission> set) {
        if (set.isEmpty()) {
            return;
        }
        LOG.info(">> Authorizing Security Group Ingress Rules {} for {}", set, str);
        amazonEC2.authorizeSecurityGroupIngress(new AuthorizeSecurityGroupIngressRequest().withGroupName(str).withIpPermissions(set));
    }

    private void revokeIngressRules(AmazonEC2 amazonEC2, String str, Set<IpPermission> set) {
        if (set.isEmpty()) {
            return;
        }
        LOG.info(">> Revoking Security Group Ingress Rules: {} for {}", set, str);
        amazonEC2.revokeSecurityGroupIngress(new RevokeSecurityGroupIngressRequest().withGroupName(str).withIpPermissions(set));
    }
}
