package org.apache.pulsar.broker.admin;

import com.fasterxml.jackson.core.JsonGenerationException;
import com.fasterxml.jackson.databind.JsonMappingException;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import java.io.IOException;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.apache.bookkeeper.util.ZkUtils;
import org.apache.pulsar.broker.web.RestException;
import org.apache.pulsar.common.naming.NamedEntity;
import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.NamespaceIsolationData;
import org.apache.pulsar.common.policies.impl.NamespaceIsolationPolicies;
import org.apache.pulsar.common.util.ObjectMapperFactory;
import org.apache.zookeeper.CreateMode;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.Watcher;
import org.apache.zookeeper.ZooDefs;
import org.apache.zookeeper.data.Stat;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Api(value = "/clusters", description = "Cluster admin apis", tags = {"clusters"})
@Produces({"application/json"})
@Path("/clusters")
/* loaded from: input_file:org/apache/pulsar/broker/admin/Clusters.class */
public class Clusters extends AdminResource {
    private static final Logger log = LoggerFactory.getLogger(Clusters.class);

    @GET
    @ApiResponses({@ApiResponse(code = 403, message = "Don't have admin permission")})
    @ApiOperation(value = "Get the list of all the Pulsar clusters.", response = String.class, responseContainer = "Set")
    public Set<String> getClusters() throws Exception {
        try {
            return clustersListCache().get();
        } catch (Exception e) {
            log.error("[{}] Failed to get clusters list", clientAppId(), e);
            throw new RestException(e);
        }
    }

    @GET
    @ApiResponses({@ApiResponse(code = 403, message = "Don't have admin permission"), @ApiResponse(code = 404, message = "Cluster doesn't exist")})
    @Path("/{cluster}")
    @ApiOperation(value = "Get the configuration data for the specified cluster.", response = ClusterData.class)
    public ClusterData getCluster(@PathParam("cluster") String str) {
        validateSuperUserAccess();
        try {
            return (ClusterData) clustersCache().get(path("clusters", str)).orElseThrow(() -> {
                return new RestException(Response.Status.NOT_FOUND, "Cluster does not exist");
            });
        } catch (Exception e) {
            log.error("[{}] Failed to get cluster {}", new Object[]{clientAppId(), str, e});
            if (e instanceof RestException) {
                throw ((RestException) e);
            }
            throw new RestException((Throwable) e);
        }
    }

    @ApiResponses({@ApiResponse(code = 204, message = "Cluster has been created"), @ApiResponse(code = 403, message = "You don't have admin permission to create the cluster"), @ApiResponse(code = 409, message = "Cluster already exists"), @ApiResponse(code = 412, message = "Cluster name is not valid")})
    @Path("/{cluster}")
    @ApiOperation(value = "Provisions a new cluster. This operation requires Pulsar super-user privileges.", notes = "The name cannot contain '/' characters.")
    @PUT
    public void createCluster(@PathParam("cluster") String str, ClusterData clusterData) {
        validateSuperUserAccess();
        validatePoliciesReadOnlyAccess();
        try {
            NamedEntity.checkName(str);
            zkCreate(path("clusters", str), jsonMapper().writeValueAsBytes(clusterData));
            log.info("[{}] Created cluster {}", clientAppId(), str);
        } catch (IllegalArgumentException e) {
            log.warn("[{}] Failed to create cluster with invalid name {}", new Object[]{clientAppId(), str, e});
            throw new RestException(Response.Status.PRECONDITION_FAILED, "Cluster name is not valid");
        } catch (KeeperException.NodeExistsException unused) {
            log.warn("[{}] Failed to create already existing cluster {}", clientAppId(), str);
            throw new RestException(Response.Status.CONFLICT, "Cluster already exist");
        } catch (Exception e2) {
            log.error("[{}] Failed to create cluster {}", new Object[]{clientAppId(), str, e2});
            throw new RestException(e2);
        }
    }

    @ApiResponses({@ApiResponse(code = 204, message = "Cluster has been updated"), @ApiResponse(code = 403, message = "Don't have admin permission"), @ApiResponse(code = 404, message = "Cluster doesn't exist")})
    @Path("/{cluster}")
    @ApiOperation(value = "Update the configuration for a cluster.", notes = "This operation requires Pulsar super-user privileges.")
    @POST
    public void updateCluster(@PathParam("cluster") String str, ClusterData clusterData) {
        validateSuperUserAccess();
        validatePoliciesReadOnlyAccess();
        try {
            String path = path("clusters", str);
            Stat stat = new Stat();
            ClusterData clusterData2 = (ClusterData) jsonMapper().readValue(globalZk().getData(path, (Watcher) null, stat), ClusterData.class);
            clusterData2.update(clusterData);
            globalZk().setData(path, jsonMapper().writeValueAsBytes(clusterData2), stat.getVersion());
            globalZkCache().invalidate(path);
            log.info("[{}] Updated cluster {}", clientAppId(), str);
        } catch (KeeperException.NoNodeException unused) {
            log.warn("[{}] Failed to update cluster {}: Does not exist", clientAppId(), str);
            throw new RestException(Response.Status.NOT_FOUND, "Cluster does not exist");
        } catch (Exception e) {
            log.error("[{}] Failed to update cluster {}", new Object[]{clientAppId(), str, e});
            throw new RestException(e);
        }
    }

    /* JADX WARN: Type inference failed for: r12v1, types: [java.lang.Throwable, org.apache.pulsar.broker.web.RestException] */
    @ApiResponses({@ApiResponse(code = 204, message = "Cluster has been updated"), @ApiResponse(code = 403, message = "Don't have admin permission"), @ApiResponse(code = 412, message = "Peer cluster doesn't exist"), @ApiResponse(code = 404, message = "Cluster doesn't exist")})
    @Path("/{cluster}/peers")
    @ApiOperation(value = "Update peer-cluster-list for a cluster.", notes = "This operation requires Pulsar super-user privileges.")
    @POST
    public void setPeerClusterNames(@PathParam("cluster") String str, LinkedHashSet<String> linkedHashSet) {
        validateSuperUserAccess();
        validatePoliciesReadOnlyAccess();
        if (linkedHashSet != null && !linkedHashSet.isEmpty()) {
            Iterator<String> it = linkedHashSet.iterator();
            while (it.hasNext()) {
                String next = it.next();
                try {
                    if (str.equalsIgnoreCase(next)) {
                        throw new RestException(Response.Status.PRECONDITION_FAILED, String.valueOf(str) + " itself can't be part of peer-list");
                    }
                    clustersCache().get(path("clusters", next)).orElseThrow(() -> {
                        return new RestException(Response.Status.PRECONDITION_FAILED, "Peer cluster " + next + " does not exist");
                    });
                } catch (Exception e) {
                    log.warn("[{}] Failed to validate peer-cluster list {}, {}", new Object[]{clientAppId(), linkedHashSet, e.getMessage()});
                    throw new RestException(e);
                } catch (RestException e2) {
                    log.warn("[{}] Peer cluster doesn't exist from {}, {}", new Object[]{clientAppId(), linkedHashSet, e2.getMessage()});
                    throw e2;
                }
            }
        }
        try {
            String path = path("clusters", str);
            Stat stat = new Stat();
            ClusterData clusterData = (ClusterData) jsonMapper().readValue(globalZk().getData(path, (Watcher) null, stat), ClusterData.class);
            clusterData.setPeerClusterNames(linkedHashSet);
            globalZk().setData(path, jsonMapper().writeValueAsBytes(clusterData), stat.getVersion());
            globalZkCache().invalidate(path);
            log.info("[{}] Successfully added peer-cluster {} for {}", new Object[]{clientAppId(), linkedHashSet, str});
        } catch (KeeperException.NoNodeException unused) {
            log.warn("[{}] Failed to update cluster {}: Does not exist", clientAppId(), str);
            throw new RestException(Response.Status.NOT_FOUND, "Cluster does not exist");
        } catch (Exception e3) {
            log.error("[{}] Failed to update cluster {}", new Object[]{clientAppId(), str, e3});
            throw new RestException(e3);
        }
    }

    @ApiResponses({@ApiResponse(code = 204, message = "Cluster has been updated"), @ApiResponse(code = 403, message = "Don't have admin permission"), @ApiResponse(code = 404, message = "Cluster doesn't exist"), @ApiResponse(code = 412, message = "Cluster is not empty")})
    @Path("/{cluster}")
    @DELETE
    @ApiOperation("Delete an existing cluster")
    public void deleteCluster(@PathParam("cluster") String str) {
        validateSuperUserAccess();
        validatePoliciesReadOnlyAccess();
        boolean z = false;
        try {
            Iterator<String> it = globalZk().getChildren(path("policies"), false).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String next = it.next();
                if (globalZk().exists(path("policies", next, str), false) != null && !globalZk().getChildren(path("policies", next, str), false).isEmpty()) {
                    z = true;
                    break;
                }
            }
            String path = path("clusters", str, "namespaceIsolationPolicies");
            Optional optional = namespaceIsolationPoliciesCache().get(path);
            if (optional.isPresent()) {
                if (((NamespaceIsolationPolicies) optional.get()).getPolicies().isEmpty()) {
                    globalZk().delete(path, -1);
                    namespaceIsolationPoliciesCache().invalidate(path);
                } else {
                    z = true;
                }
            }
            if (z) {
                log.warn("[{}] Failed to delete cluster {} - Cluster not empty", clientAppId(), str);
                throw new RestException(Response.Status.PRECONDITION_FAILED, "Cluster not empty");
            }
            try {
                String path2 = path("clusters", str);
                globalZk().delete(path2, -1);
                globalZkCache().invalidate(path2);
                log.info("[{}] Deleted cluster {}", clientAppId(), str);
            } catch (KeeperException.NoNodeException unused) {
                log.warn("[{}] Failed to delete cluster {} - Does not exist", clientAppId(), str);
                throw new RestException(Response.Status.NOT_FOUND, "Cluster does not exist");
            } catch (Exception e) {
                log.error("[{}] Failed to delete cluster {}", new Object[]{clientAppId(), str, e});
                throw new RestException(e);
            }
        } catch (Exception e2) {
            log.error("[{}] Failed to get cluster usage {}", new Object[]{clientAppId(), str, e2});
            throw new RestException(e2);
        }
    }

    @GET
    @ApiResponses({@ApiResponse(code = 403, message = "Don't have admin permission"), @ApiResponse(code = 404, message = "Cluster doesn't exist")})
    @Path("/{cluster}/namespaceIsolationPolicies")
    @ApiOperation(value = "Get the namespace isolation policies assigned in the cluster", response = NamespaceIsolationData.class, responseContainer = "Map")
    public Map<String, NamespaceIsolationData> getNamespaceIsolationPolicies(@PathParam("cluster") String str) throws Exception {
        validateSuperUserAccess();
        if (!clustersCache().get(path("clusters", str)).isPresent()) {
            throw new RestException(Response.Status.NOT_FOUND, "Cluster " + str + " does not exist.");
        }
        try {
            return ((NamespaceIsolationPolicies) namespaceIsolationPoliciesCache().get(path("clusters", str, "namespaceIsolationPolicies")).orElseThrow(() -> {
                return new RestException(Response.Status.NOT_FOUND, "NamespaceIsolationPolicies for cluster " + str + " does not exist");
            })).getPolicies();
        } catch (Exception e) {
            log.error("[{}] Failed to get clusters/{}/namespaceIsolationPolicies", new Object[]{clientAppId(), str, e});
            throw new RestException(e);
        }
    }

    private void validateClusterExists(String str) {
        try {
            if (clustersCache().get(path("clusters", str)).isPresent()) {
            } else {
                throw new RestException(Response.Status.PRECONDITION_FAILED, "Cluster " + str + " does not exist.");
            }
        } catch (Exception e) {
            throw new RestException(e);
        }
    }

    @GET
    @ApiResponses({@ApiResponse(code = 403, message = "Don't have admin permission"), @ApiResponse(code = 404, message = "Policy doesn't exist"), @ApiResponse(code = 412, message = "Cluster doesn't exist")})
    @Path("/{cluster}/namespaceIsolationPolicies/{policyName}")
    @ApiOperation(value = "Get a single namespace isolation policy assigned in the cluster", response = NamespaceIsolationData.class)
    public NamespaceIsolationData getNamespaceIsolationPolicy(@PathParam("cluster") String str, @PathParam("policyName") String str2) throws Exception {
        validateSuperUserAccess();
        validateClusterExists(str);
        try {
            NamespaceIsolationPolicies namespaceIsolationPolicies = (NamespaceIsolationPolicies) namespaceIsolationPoliciesCache().get(path("clusters", str, "namespaceIsolationPolicies")).orElseThrow(() -> {
                return new RestException(Response.Status.NOT_FOUND, "NamespaceIsolationPolicies for cluster " + str + " does not exist");
            });
            if (namespaceIsolationPolicies.getPolicies().containsKey(str2)) {
                return (NamespaceIsolationData) namespaceIsolationPolicies.getPolicies().get(str2);
            }
            log.info("[{}] Cannot find NamespaceIsolationPolicy {} for cluster {}", str2, str);
            throw new RestException(Response.Status.NOT_FOUND, "Cannot find NamespaceIsolationPolicy " + str2 + " for cluster " + str);
        } catch (Exception e) {
            log.error("[{}] Failed to get clusters/{}/namespaceIsolationPolicies/{}", new Object[]{clientAppId(), str, e});
            throw new RestException(e);
        } catch (RestException e2) {
            throw e2;
        }
    }

    @ApiResponses({@ApiResponse(code = 403, message = "Don't have admin permission or plicy is read only"), @ApiResponse(code = 412, message = "Cluster doesn't exist")})
    @Path("/{cluster}/namespaceIsolationPolicies/{policyName}")
    @ApiOperation("Set namespace isolation policy")
    @POST
    public void setNamespaceIsolationPolicy(@PathParam("cluster") String str, @PathParam("policyName") String str2, NamespaceIsolationData namespaceIsolationData) throws Exception {
        validateSuperUserAccess();
        validateClusterExists(str);
        validatePoliciesReadOnlyAccess();
        try {
            namespaceIsolationData.validate();
            String path = path("clusters", str, "namespaceIsolationPolicies");
            NamespaceIsolationPolicies namespaceIsolationPolicies = (NamespaceIsolationPolicies) namespaceIsolationPoliciesCache().get(path).orElseGet(() -> {
                try {
                    createNamespaceIsolationPolicyNode(path);
                    return new NamespaceIsolationPolicies();
                } catch (InterruptedException | KeeperException e) {
                    throw new RestException(e);
                }
            });
            namespaceIsolationPolicies.setPolicy(str2, namespaceIsolationData);
            globalZk().setData(path, jsonMapper().writeValueAsBytes(namespaceIsolationPolicies.getPolicies()), -1);
            namespaceIsolationPoliciesCache().invalidate(path);
        } catch (IllegalArgumentException e) {
            log.info("[{}] Failed to update clusters/{}/namespaceIsolationPolicies/{}. Input data is invalid", new Object[]{clientAppId(), str, str2, e});
            throw new RestException(Response.Status.BAD_REQUEST, "Invalid format of input policy data. policy: " + str2 + "; data: " + ObjectMapperFactory.create().writeValueAsString(namespaceIsolationData));
        } catch (KeeperException.NoNodeException unused) {
            log.warn("[{}] Failed to update clusters/{}/namespaceIsolationPolicies: Does not exist", clientAppId(), str);
            throw new RestException(Response.Status.NOT_FOUND, "NamespaceIsolationPolicies for cluster " + str + " does not exist");
        } catch (Exception e2) {
            log.error("[{}] Failed to update clusters/{}/namespaceIsolationPolicies/{}", new Object[]{clientAppId(), str, str2, e2});
            throw new RestException(e2);
        }
    }

    private void createNamespaceIsolationPolicyNode(String str) throws KeeperException, InterruptedException {
        if (globalZk().exists(str, false) == null) {
            try {
                ZkUtils.createFullPathOptimistic(globalZk(), str, jsonMapper().writeValueAsBytes(Collections.emptyMap()), ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
            } catch (KeeperException.NodeExistsException unused) {
                log.debug("Other broker preempted the full path [{}] already. Continue...", str);
            } catch (JsonGenerationException unused2) {
            } catch (JsonMappingException unused3) {
            } catch (IOException unused4) {
            }
        }
    }

    @ApiResponses({@ApiResponse(code = 403, message = "Don't have admin permission or plicy is read only"), @ApiResponse(code = 412, message = "Cluster doesn't exist")})
    @Path("/{cluster}/namespaceIsolationPolicies/{policyName}")
    @DELETE
    @ApiOperation("Delete namespace isolation policy")
    public void deleteNamespaceIsolationPolicy(@PathParam("cluster") String str, @PathParam("policyName") String str2) throws Exception {
        validateSuperUserAccess();
        validateClusterExists(str);
        validatePoliciesReadOnlyAccess();
        try {
            String path = path("clusters", str, "namespaceIsolationPolicies");
            NamespaceIsolationPolicies namespaceIsolationPolicies = (NamespaceIsolationPolicies) namespaceIsolationPoliciesCache().get(path).orElseGet(() -> {
                try {
                    createNamespaceIsolationPolicyNode(path);
                    return new NamespaceIsolationPolicies();
                } catch (InterruptedException | KeeperException e) {
                    throw new RestException(e);
                }
            });
            namespaceIsolationPolicies.deletePolicy(str2);
            globalZk().setData(path, jsonMapper().writeValueAsBytes(namespaceIsolationPolicies.getPolicies()), -1);
            namespaceIsolationPoliciesCache().invalidate(path);
        } catch (KeeperException.NoNodeException unused) {
            log.warn("[{}] Failed to update brokers/{}/namespaceIsolationPolicies: Does not exist", clientAppId(), str);
            throw new RestException(Response.Status.NOT_FOUND, "NamespaceIsolationPolicies for cluster " + str + " does not exist");
        } catch (Exception e) {
            log.error("[{}] Failed to update brokers/{}/namespaceIsolationPolicies/{}", new Object[]{clientAppId(), str, str2, e});
            throw new RestException(e);
        }
    }
}
