package pl.wrzasq.lambda.cform.account.service;

import com.amazonaws.services.organizations.AWSOrganizations;
import com.amazonaws.services.organizations.model.Account;
import com.amazonaws.services.organizations.model.AccountNotFoundException;
import com.amazonaws.services.organizations.model.CreateAccountRequest;
import com.amazonaws.services.organizations.model.CreateAccountState;
import com.amazonaws.services.organizations.model.CreateAccountStatus;
import com.amazonaws.services.organizations.model.DescribeAccountRequest;
import com.amazonaws.services.organizations.model.DescribeCreateAccountStatusRequest;
import com.amazonaws.services.organizations.model.DescribeHandshakeRequest;
import com.amazonaws.services.organizations.model.Handshake;
import com.amazonaws.services.organizations.model.HandshakeParty;
import com.amazonaws.services.organizations.model.HandshakePartyType;
import com.amazonaws.services.organizations.model.HandshakeState;
import com.amazonaws.services.organizations.model.InviteAccountToOrganizationRequest;
import com.amazonaws.services.organizations.model.ListParentsRequest;
import com.amazonaws.services.organizations.model.MoveAccountRequest;
import com.amazonaws.services.organizations.model.Parent;
import com.amazonaws.services.organizations.model.RemoveAccountFromOrganizationRequest;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.wrzasq.commons.aws.cloudformation.CustomResourceResponse;
import pl.wrzasq.lambda.cform.account.model.AccountRequest;

/* loaded from: input_file:pl/wrzasq/lambda/cform/account/service/AccountManager.class */
public class AccountManager {
    private static final long DEFAULT_SLEEP_INTERVAL = 60000;
    private AWSOrganizations organizations;
    private Logger logger = LoggerFactory.getLogger((Class<?>) AccountManager.class);
    private long sleepInterval = 60000;

    public AccountManager(AWSOrganizations aWSOrganizations) {
        this.organizations = aWSOrganizations;
    }

    public CustomResourceResponse<Account> provision(AccountRequest accountRequest, String str) {
        if (str != null) {
            str = resolveExistingAccount(str, accountRequest);
        }
        if (str == null) {
            str = initializeAccount(accountRequest);
        }
        Parent parent = this.organizations.listParents(new ListParentsRequest().withChildId(str)).getParents().get(0);
        if (!parent.getId().equals(accountRequest.getOuId())) {
            this.logger.info("Moving account {} from {} to {}.", str, parent.getId(), accountRequest.getOuId());
            this.organizations.moveAccount(new MoveAccountRequest().withAccountId(str).withSourceParentId(parent.getId()).withDestinationParentId(accountRequest.getOuId()));
        }
        return new CustomResourceResponse<>(this.organizations.describeAccount(new DescribeAccountRequest().withAccountId(str)).getAccount(), str);
    }

    public CustomResourceResponse<Account> delete(AccountRequest accountRequest, String str) {
        this.organizations.removeAccountFromOrganization(new RemoveAccountFromOrganizationRequest().withAccountId(str));
        this.logger.info("Removed account {} from organization - keep in mind that account still exists and needs to be terminated manually!", str);
        return new CustomResourceResponse<>(null, str);
    }

    private String initializeAccount(AccountRequest accountRequest) {
        return accountRequest.getAccountId() == null ? createAccount(accountRequest.getEmail(), accountRequest.getAccountName(), accountRequest.getAdministratorRoleName()) : inviteAccount(accountRequest.getAccountId());
    }

    private String createAccount(String str, String str2, String str3) {
        CreateAccountStatus createAccountStatus = this.organizations.createAccount(new CreateAccountRequest().withEmail(str).withAccountName(str2).withRoleName(str3)).getCreateAccountStatus();
        this.logger.info("New account creation initialized for {} ({}).", str, str2);
        while (CreateAccountState.fromValue(createAccountStatus.getState()) == CreateAccountState.IN_PROGRESS) {
            this.logger.info("Account creation {} in progress…", str2);
            sleep();
            createAccountStatus = this.organizations.describeCreateAccountStatus(new DescribeCreateAccountStatusRequest().withCreateAccountRequestId(createAccountStatus.getId())).getCreateAccountStatus();
        }
        this.logger.info("Account creation status: {}.", createAccountStatus.getState());
        if (CreateAccountState.fromValue(createAccountStatus.getState()) == CreateAccountState.SUCCEEDED) {
            return createAccountStatus.getAccountId();
        }
        throw new IllegalStateException(String.format("Failed to create account for %s (%s) - reason: %s.", str, str2, createAccountStatus.getFailureReason()));
    }

    private String inviteAccount(String str) {
        Handshake handshake = this.organizations.inviteAccountToOrganization(new InviteAccountToOrganizationRequest().withTarget(new HandshakeParty().withType(HandshakePartyType.ACCOUNT).withId(str))).getHandshake();
        this.logger.info("Invited account {} to the organization", str);
        while (HandshakeState.fromValue(handshake.getState()) == HandshakeState.REQUESTED) {
            this.logger.info("Account {} handshake in progress…", str);
            sleep();
            handshake = this.organizations.describeHandshake(new DescribeHandshakeRequest().withHandshakeId(handshake.getId())).getHandshake();
        }
        if (HandshakeState.fromValue(handshake.getState()) == HandshakeState.ACCEPTED) {
            return str;
        }
        throw new IllegalStateException(String.format("Failed to invite account %s - status: %s.", str, handshake.getState()));
    }

    private String resolveExistingAccount(String str, AccountRequest accountRequest) {
        try {
            Account account = this.organizations.describeAccount(new DescribeAccountRequest().withAccountId(str)).getAccount();
            if (accountRequest.getEmail().equals(account.getEmail()) && accountRequest.getAccountName().equals(account.getName())) {
                return account.getId();
            }
            this.logger.warn("Account {} core data changed - will re-create account!", account.getArn());
            return null;
        } catch (AccountNotFoundException e) {
            this.logger.warn("Account {} not found - resolving to new account.", str);
            return null;
        }
    }

    private void sleep() {
        try {
            Thread.sleep(this.sleepInterval);
        } catch (InterruptedException e) {
            this.logger.error("Wait interval interrupted.", (Throwable) e);
        }
    }

    @Generated
    public void setSleepInterval(long j) {
        this.sleepInterval = j;
    }
}
