package org.graylog.integrations.aws.resources;

import com.codahale.metrics.annotation.Timed;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import jakarta.inject.Inject;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Response;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.graylog.integrations.audit.IntegrationsAuditEventTypes;
import org.graylog.integrations.aws.AWSPermissions;
import org.graylog.integrations.aws.resources.requests.AWSInputCreateRequest;
import org.graylog.integrations.aws.resources.requests.AWSRequestImpl;
import org.graylog.integrations.aws.resources.requests.KinesisHealthCheckRequest;
import org.graylog.integrations.aws.resources.responses.AvailableServiceResponse;
import org.graylog.integrations.aws.resources.responses.KinesisHealthCheckResponse;
import org.graylog.integrations.aws.resources.responses.KinesisPermissionsResponse;
import org.graylog.integrations.aws.resources.responses.LogGroupsResponse;
import org.graylog.integrations.aws.resources.responses.RegionsResponse;
import org.graylog.integrations.aws.resources.responses.StreamsResponse;
import org.graylog.integrations.aws.service.AWSService;
import org.graylog.integrations.aws.service.CloudWatchService;
import org.graylog.integrations.aws.service.KinesisService;
import org.graylog2.audit.jersey.AuditEvent;
import org.graylog2.audit.jersey.NoAuditEvent;
import org.graylog2.plugin.rest.PluginRestResource;
import org.graylog2.rest.MoreMediaTypes;
import org.graylog2.rest.resources.system.inputs.AbstractInputsResource;
import org.graylog2.shared.inputs.MessageInputFactory;
import org.graylog2.shared.security.RestPermissions;

@Api(value = "AWS", description = "AWS integrations")
@RequiresAuthentication
@Produces({MoreMediaTypes.APPLICATION_JSON})
@Path("/aws")
@Consumes({MoreMediaTypes.APPLICATION_JSON})
/* loaded from: input_file:org/graylog/integrations/aws/resources/AWSResource.class */
public class AWSResource extends AbstractInputsResource implements PluginRestResource {
    private final AWSService awsService;
    private final KinesisService kinesisService;
    private final CloudWatchService cloudWatchService;

    @Inject
    public AWSResource(AWSService aWSService, KinesisService kinesisService, CloudWatchService cloudWatchService, MessageInputFactory messageInputFactory) {
        super(messageInputFactory.getAvailableInputs());
        this.awsService = aWSService;
        this.kinesisService = kinesisService;
        this.cloudWatchService = cloudWatchService;
    }

    @RequiresPermissions({AWSPermissions.AWS_READ})
    @Timed
    @ApiOperation("Get all available AWS regions")
    @GET
    @Path("/regions")
    public RegionsResponse getAwsRegions() {
        return this.awsService.getAvailableRegions();
    }

    @ApiResponses({@ApiResponse(code = 500, message = AWSService.POLICY_ENCODING_ERROR)})
    @RequiresPermissions({AWSPermissions.AWS_READ})
    @Timed
    @ApiOperation("Get all available AWS services")
    @GET
    @Path("/available_services")
    public AvailableServiceResponse getAvailableServices() {
        return this.awsService.getAvailableServices();
    }

    @ApiResponses({@ApiResponse(code = 500, message = AWSService.POLICY_ENCODING_ERROR)})
    @RequiresPermissions({AWSPermissions.AWS_READ})
    @Timed
    @ApiOperation("Get the permissions required for the AWS Kinesis setup and for the Kinesis auto-setup.")
    @GET
    @Path("/permissions")
    public KinesisPermissionsResponse getPermissions() {
        return this.awsService.getPermissions();
    }

    @RequiresPermissions({AWSPermissions.AWS_READ})
    @Timed
    @ApiOperation("Get all available AWS CloudWatch log groups names for the specified region.")
    @POST
    @Path("/cloudwatch/log_groups")
    @NoAuditEvent("This does not change any data")
    public LogGroupsResponse getLogGroupNames(@Valid @NotNull @ApiParam(name = "JSON body", required = true) AWSRequestImpl aWSRequestImpl) {
        return this.cloudWatchService.getLogGroupNames(aWSRequestImpl);
    }

    @RequiresPermissions({AWSPermissions.AWS_READ})
    @Timed
    @ApiOperation("Get all available Kinesis streams for the specified region.")
    @POST
    @Path("/kinesis/streams")
    @NoAuditEvent("This does not change any data")
    public StreamsResponse getKinesisStreams(@Valid @NotNull @ApiParam(name = "JSON body", required = true) AWSRequestImpl aWSRequestImpl) throws ExecutionException {
        return this.kinesisService.getKinesisStreamNames(aWSRequestImpl);
    }

    @RequiresPermissions({AWSPermissions.AWS_READ})
    @Timed
    @ApiOperation(value = "Attempt to retrieve logs from the indicated AWS log group with the specified credentials.", response = KinesisHealthCheckResponse.class)
    @POST
    @Path("/kinesis/health_check")
    @NoAuditEvent("This does not change any data")
    public Response kinesisHealthCheck(@Valid @NotNull @ApiParam(name = "JSON body", required = true) KinesisHealthCheckRequest kinesisHealthCheckRequest) throws ExecutionException, IOException {
        return Response.accepted().entity(this.kinesisService.healthCheck(kinesisHealthCheckRequest)).build();
    }

    @RequiresPermissions({RestPermissions.INPUTS_CREATE})
    @Timed
    @AuditEvent(type = IntegrationsAuditEventTypes.KINESIS_INPUT_CREATE)
    @ApiOperation("Create a new AWS input.")
    @POST
    @Path("/inputs")
    public Response create(@Valid @NotNull @ApiParam(name = "JSON body", required = true) AWSInputCreateRequest aWSInputCreateRequest) throws Exception {
        return Response.ok().entity(getInputSummary(this.awsService.saveInput(aWSInputCreateRequest, getCurrentUser()))).build();
    }
}
