package org.apache.pulsar.functions.secretsproviderconfigurator;

import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import io.kubernetes.client.openapi.apis.AppsV1Api;
import io.kubernetes.client.openapi.apis.CoreV1Api;
import io.kubernetes.client.openapi.models.V1Container;
import io.kubernetes.client.openapi.models.V1EnvVar;
import io.kubernetes.client.openapi.models.V1EnvVarSource;
import io.kubernetes.client.openapi.models.V1PodSpec;
import io.kubernetes.client.openapi.models.V1SecretKeySelector;
import java.lang.reflect.Type;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.functions.proto.Function;
import org.apache.pulsar.functions.secretsprovider.EnvironmentBasedSecretsProvider;

/* loaded from: input_file:META-INF/bundled-dependencies/pulsar-functions-secrets-2.7.2.1-rc-202105121338.jar:org/apache/pulsar/functions/secretsproviderconfigurator/KubernetesSecretsProviderConfigurator.class */
public class KubernetesSecretsProviderConfigurator implements SecretsProviderConfigurator {
    private static String ID_KEY = "path";
    private static String KEY_KEY = "key";

    @Override // org.apache.pulsar.functions.secretsproviderconfigurator.SecretsProviderConfigurator
    public String getSecretsProviderClassName(Function.FunctionDetails functionDetails) {
        switch (functionDetails.getRuntime()) {
            case JAVA:
                return EnvironmentBasedSecretsProvider.class.getName();
            case PYTHON:
                return "secretsprovider.EnvironmentBasedSecretsProvider";
            case GO:
                return "";
            default:
                throw new RuntimeException("Unknown function runtime " + functionDetails.getRuntime());
        }
    }

    @Override // org.apache.pulsar.functions.secretsproviderconfigurator.SecretsProviderConfigurator
    public Map<String, String> getSecretsProviderConfig(Function.FunctionDetails functionDetails) {
        return null;
    }

    @Override // org.apache.pulsar.functions.secretsproviderconfigurator.SecretsProviderConfigurator
    public void configureKubernetesRuntimeSecretsProvider(V1PodSpec v1PodSpec, String str, Function.FunctionDetails functionDetails) {
        V1Container v1Container = null;
        Iterator<V1Container> it = v1PodSpec.getContainers().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            V1Container next = it.next();
            if (next.getName().equals(str)) {
                v1Container = next;
                break;
            }
        }
        if (v1Container == null) {
            throw new RuntimeException("No FunctionContainer found");
        }
        if (StringUtils.isEmpty(functionDetails.getSecretsMap())) {
            return;
        }
        for (Map.Entry entry : ((Map) new Gson().fromJson(functionDetails.getSecretsMap(), new TypeToken<Map<String, Object>>() { // from class: org.apache.pulsar.functions.secretsproviderconfigurator.KubernetesSecretsProviderConfigurator.1
        }.getType())).entrySet()) {
            V1EnvVar v1EnvVar = new V1EnvVar();
            Map map = (Map) entry.getValue();
            v1EnvVar.name((String) entry.getKey()).valueFrom(new V1EnvVarSource().secretKeyRef(new V1SecretKeySelector().name((String) map.get(ID_KEY)).key((String) map.get(KEY_KEY))));
            v1Container.addEnvItem(v1EnvVar);
        }
    }

    @Override // org.apache.pulsar.functions.secretsproviderconfigurator.SecretsProviderConfigurator
    public void configureProcessRuntimeSecretsProvider(ProcessBuilder processBuilder, Function.FunctionDetails functionDetails) {
        throw new RuntimeException("KubernetesSecretsProviderConfigurator should only be setup for Kubernetes Runtime");
    }

    @Override // org.apache.pulsar.functions.secretsproviderconfigurator.SecretsProviderConfigurator
    public Type getSecretObjectType() {
        return new TypeToken<Map<String, String>>() { // from class: org.apache.pulsar.functions.secretsproviderconfigurator.KubernetesSecretsProviderConfigurator.2
        }.getType();
    }

    @Override // org.apache.pulsar.functions.secretsproviderconfigurator.SecretsProviderConfigurator
    public void doAdmissionChecks(AppsV1Api appsV1Api, CoreV1Api coreV1Api, String str, String str2, Function.FunctionDetails functionDetails) {
        if (StringUtils.isEmpty(functionDetails.getSecretsMap())) {
            return;
        }
        for (Object obj : ((Map) new Gson().fromJson(functionDetails.getSecretsMap(), new TypeToken<Map<String, Object>>() { // from class: org.apache.pulsar.functions.secretsproviderconfigurator.KubernetesSecretsProviderConfigurator.3
        }.getType())).values()) {
            if (!(obj instanceof Map)) {
                throw new IllegalArgumentException("Kubernetes Secret should be a Map containing id/key pairs");
            }
            Map map = (Map) obj;
            if (map.size() < 2) {
                throw new IllegalArgumentException("Kubernetes Secret should contain id and key");
            }
            if (!map.containsKey(ID_KEY)) {
                throw new IllegalArgumentException("Kubernetes Secret should contain id information");
            }
            if (!map.containsKey(KEY_KEY)) {
                throw new IllegalArgumentException("Kubernetes Secret should contain key information");
            }
        }
    }
}
