package io.quarkus.kubernetes.deployment;

import io.dekorate.kubernetes.decorator.Decorator;
import io.dekorate.kubernetes.decorator.NamedResourceDecorator;
import io.dekorate.kubernetes.decorator.ResourceProvidingDecorator;
import io.fabric8.kubernetes.api.model.ObjectMeta;
import io.fabric8.kubernetes.api.model.PodSecurityContextBuilder;
import io.fabric8.kubernetes.api.model.PodSpecFluent;
import io.fabric8.kubernetes.api.model.SELinuxOptions;
import io.fabric8.kubernetes.api.model.SELinuxOptionsBuilder;
import io.fabric8.kubernetes.api.model.Sysctl;
import io.fabric8.kubernetes.api.model.SysctlBuilder;
import io.fabric8.kubernetes.api.model.WindowsSecurityContextOptions;
import io.fabric8.kubernetes.api.model.WindowsSecurityContextOptionsBuilder;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;

/* loaded from: input_file:io/quarkus/kubernetes/deployment/ApplySecuritySettingsDecorator.class */
public class ApplySecuritySettingsDecorator extends NamedResourceDecorator<PodSpecFluent> {
    private final SecurityContextConfig securityContext;

    public ApplySecuritySettingsDecorator(String str, SecurityContextConfig securityContextConfig) {
        super(str);
        this.securityContext = securityContextConfig;
    }

    public void andThenVisit(PodSpecFluent podSpecFluent, ObjectMeta objectMeta) {
        PodSecurityContextBuilder podSecurityContextBuilder = new PodSecurityContextBuilder();
        Optional<Long> optional = this.securityContext.runAsUser;
        Objects.requireNonNull(podSecurityContextBuilder);
        optional.ifPresent(podSecurityContextBuilder::withRunAsUser);
        Optional<Long> optional2 = this.securityContext.runAsGroup;
        Objects.requireNonNull(podSecurityContextBuilder);
        optional2.ifPresent(podSecurityContextBuilder::withRunAsGroup);
        Optional<Boolean> optional3 = this.securityContext.runAsNonRoot;
        Objects.requireNonNull(podSecurityContextBuilder);
        optional3.ifPresent(podSecurityContextBuilder::withRunAsNonRoot);
        Optional<List<Long>> optional4 = this.securityContext.supplementalGroups;
        Objects.requireNonNull(podSecurityContextBuilder);
        optional4.ifPresent((v1) -> {
            r1.addAllToSupplementalGroups(v1);
        });
        Optional<Long> optional5 = this.securityContext.fsGroup;
        Objects.requireNonNull(podSecurityContextBuilder);
        optional5.ifPresent(podSecurityContextBuilder::withFsGroup);
        this.securityContext.sysctls.ifPresent(map -> {
            Stream map = map.entrySet().stream().map(entry -> {
                return new SysctlBuilder().withName((String) entry.getKey()).withValue((String) entry.getValue()).build();
            });
            Objects.requireNonNull(podSecurityContextBuilder);
            map.forEach(sysctl -> {
                podSecurityContextBuilder.addToSysctls(new Sysctl[]{sysctl});
            });
        });
        Optional<U> map2 = this.securityContext.fsGroupChangePolicy.map(podFSGroupChangePolicy -> {
            return podFSGroupChangePolicy.name();
        });
        Objects.requireNonNull(podSecurityContextBuilder);
        map2.ifPresent(podSecurityContextBuilder::withFsGroupChangePolicy);
        Optional<SELinuxOptions> buildSeLinuxOptions = buildSeLinuxOptions();
        Objects.requireNonNull(podSecurityContextBuilder);
        buildSeLinuxOptions.ifPresent(podSecurityContextBuilder::withSeLinuxOptions);
        Optional<WindowsSecurityContextOptions> buildWindowsOptions = buildWindowsOptions();
        Objects.requireNonNull(podSecurityContextBuilder);
        buildWindowsOptions.ifPresent(podSecurityContextBuilder::withWindowsOptions);
        podSpecFluent.withSecurityContext(podSecurityContextBuilder.build());
    }

    public Class<? extends Decorator>[] after() {
        return new Class[]{ResourceProvidingDecorator.class};
    }

    private Optional<WindowsSecurityContextOptions> buildWindowsOptions() {
        WindowsSecurityContextOptions windowsSecurityContextOptions = null;
        if (this.securityContext.windowsOptions.isAnyPropertySet()) {
            WindowsSecurityContextOptionsBuilder windowsSecurityContextOptionsBuilder = new WindowsSecurityContextOptionsBuilder();
            Optional<String> optional = this.securityContext.windowsOptions.gmsaCredentialSpec;
            Objects.requireNonNull(windowsSecurityContextOptionsBuilder);
            optional.ifPresent(windowsSecurityContextOptionsBuilder::withGmsaCredentialSpec);
            Optional<String> optional2 = this.securityContext.windowsOptions.gmsaCredentialSpecName;
            Objects.requireNonNull(windowsSecurityContextOptionsBuilder);
            optional2.ifPresent(windowsSecurityContextOptionsBuilder::withGmsaCredentialSpecName);
            Optional<Boolean> optional3 = this.securityContext.windowsOptions.hostProcess;
            Objects.requireNonNull(windowsSecurityContextOptionsBuilder);
            optional3.ifPresent(windowsSecurityContextOptionsBuilder::withHostProcess);
            Optional<String> optional4 = this.securityContext.windowsOptions.runAsUserName;
            Objects.requireNonNull(windowsSecurityContextOptionsBuilder);
            optional4.ifPresent(windowsSecurityContextOptionsBuilder::withRunAsUserName);
            windowsSecurityContextOptions = windowsSecurityContextOptionsBuilder.build();
        }
        return Optional.ofNullable(windowsSecurityContextOptions);
    }

    private Optional<SELinuxOptions> buildSeLinuxOptions() {
        SELinuxOptions sELinuxOptions = null;
        if (this.securityContext.seLinuxOptions.isAnyPropertySet()) {
            SELinuxOptionsBuilder sELinuxOptionsBuilder = new SELinuxOptionsBuilder();
            Optional<String> optional = this.securityContext.seLinuxOptions.user;
            Objects.requireNonNull(sELinuxOptionsBuilder);
            optional.ifPresent(sELinuxOptionsBuilder::withUser);
            Optional<String> optional2 = this.securityContext.seLinuxOptions.role;
            Objects.requireNonNull(sELinuxOptionsBuilder);
            optional2.ifPresent(sELinuxOptionsBuilder::withRole);
            Optional<String> optional3 = this.securityContext.seLinuxOptions.level;
            Objects.requireNonNull(sELinuxOptionsBuilder);
            optional3.ifPresent(sELinuxOptionsBuilder::withLevel);
            Optional<String> optional4 = this.securityContext.seLinuxOptions.type;
            Objects.requireNonNull(sELinuxOptionsBuilder);
            optional4.ifPresent(sELinuxOptionsBuilder::withType);
            sELinuxOptions = sELinuxOptionsBuilder.build();
        }
        return Optional.ofNullable(sELinuxOptions);
    }
}
