package org.apache.beam.sdk.extensions.gcp.options;

import com.fasterxml.jackson.annotation.JsonIgnore;
import com.google.api.client.googleapis.services.GoogleClientRequestInitializer;
import com.google.api.client.http.HttpRequestInitializer;
import com.google.api.client.util.BackOff;
import com.google.api.client.util.Sleeper;
import com.google.api.services.cloudresourcemanager.CloudResourceManager;
import com.google.api.services.cloudresourcemanager.model.Project;
import com.google.api.services.storage.model.Bucket;
import com.google.auth.Credentials;
import com.google.auth.http.HttpCredentialsAdapter;
import com.google.cloud.hadoop.util.ChainingHttpRequestInitializer;
import com.google.cloud.hadoop.util.ResilientOperation;
import com.google.cloud.hadoop.util.RetryDeterminer;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.FileAlreadyExistsException;
import java.security.GeneralSecurityException;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Nullable;
import org.apache.beam.sdk.annotations.Experimental;
import org.apache.beam.sdk.extensions.gcp.auth.CredentialFactory;
import org.apache.beam.sdk.extensions.gcp.auth.GcpCredentialFactory;
import org.apache.beam.sdk.extensions.gcp.auth.NullCredentialInitializer;
import org.apache.beam.sdk.options.Default;
import org.apache.beam.sdk.options.DefaultValueFactory;
import org.apache.beam.sdk.options.Description;
import org.apache.beam.sdk.options.ExperimentalOptions;
import org.apache.beam.sdk.options.PipelineOptions;
import org.apache.beam.sdk.util.BackOffAdapter;
import org.apache.beam.sdk.util.FluentBackoff;
import org.apache.beam.sdk.util.InstanceBuilder;
import org.apache.beam.sdk.util.RetryHttpRequestInitializer;
import org.apache.beam.sdk.util.Transport;
import org.apache.beam.sdk.util.gcsfs.GcsPath;
import org.apache.beam.vendor.guava.v20_0.com.google.common.annotations.VisibleForTesting;
import org.apache.beam.vendor.guava.v20_0.com.google.common.base.Preconditions;
import org.apache.beam.vendor.guava.v20_0.com.google.common.base.Strings;
import org.apache.beam.vendor.guava.v20_0.com.google.common.collect.ImmutableList;
import org.apache.beam.vendor.guava.v20_0.com.google.common.io.Files;
import org.joda.time.Duration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Description("Options used to configure Google Cloud Platform project and credentials.")
/* loaded from: input_file:org/apache/beam/sdk/extensions/gcp/options/GcpOptions.class */
public interface GcpOptions extends GoogleApiDebugOptions, PipelineOptions {
    public static final String STREAMING_ENGINE_EXPERIMENT = "enable_streaming_engine";

    @Deprecated
    public static final String WINDMILL_SERVICE_EXPERIMENT = "enable_windmill_service";

    /* loaded from: input_file:org/apache/beam/sdk/extensions/gcp/options/GcpOptions$DefaultProjectFactory.class */
    public static class DefaultProjectFactory implements DefaultValueFactory<String> {
        private static final Logger LOG = LoggerFactory.getLogger((Class<?>) DefaultProjectFactory.class);

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.beam.sdk.options.DefaultValueFactory
        public String create(PipelineOptions pipelineOptions) {
            File file;
            try {
                if (getEnvironment().containsKey("CLOUDSDK_CONFIG")) {
                    file = new File(getEnvironment().get("CLOUDSDK_CONFIG"), "properties");
                } else if (isWindows() && getEnvironment().containsKey("APPDATA")) {
                    file = new File(getEnvironment().get("APPDATA"), "gcloud/properties");
                } else {
                    file = new File(System.getProperty("user.home"), ".config/gcloud/configurations/config_default");
                    if (!file.exists()) {
                        file = new File(System.getProperty("user.home"), ".config/gcloud/properties");
                    }
                }
                String str = null;
                Pattern compile = Pattern.compile("^project\\s*=\\s*(.*)$");
                Pattern compile2 = Pattern.compile("^\\[(.*)\\]$");
                Iterator<String> it = Files.readLines(file, StandardCharsets.UTF_8).iterator();
                while (it.hasNext()) {
                    String trim = it.next().trim();
                    if (!trim.isEmpty() && !trim.startsWith(";")) {
                        Matcher matcher = compile2.matcher(trim);
                        if (matcher.matches()) {
                            str = matcher.group(1);
                        } else if (str == null || "core".equals(str)) {
                            Matcher matcher2 = compile.matcher(trim);
                            if (matcher2.matches()) {
                                String trim2 = matcher2.group(1).trim();
                                LOG.info("Inferred default GCP project '{}' from gcloud. If this is the incorrect project, please cancel this Pipeline and specify the command-line argument --project.", trim2);
                                return trim2;
                            }
                        }
                    }
                }
                return null;
            } catch (IOException e) {
                LOG.debug("Failed to find default project.", (Throwable) e);
                return null;
            }
        }

        private static boolean isWindows() {
            return System.getProperty("os.name").toLowerCase(Locale.ENGLISH).contains("windows");
        }

        @VisibleForTesting
        Map<String, String> getEnvironment() {
            return System.getenv();
        }
    }

    /* loaded from: input_file:org/apache/beam/sdk/extensions/gcp/options/GcpOptions$EnableStreamingEngineFactory.class */
    public static class EnableStreamingEngineFactory implements DefaultValueFactory<Boolean> {
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.beam.sdk.options.DefaultValueFactory
        public Boolean create(PipelineOptions pipelineOptions) {
            return Boolean.valueOf(ExperimentalOptions.hasExperiment(pipelineOptions, GcpOptions.STREAMING_ENGINE_EXPERIMENT) || ExperimentalOptions.hasExperiment(pipelineOptions, GcpOptions.WINDMILL_SERVICE_EXPERIMENT));
        }
    }

    /* loaded from: input_file:org/apache/beam/sdk/extensions/gcp/options/GcpOptions$GcpTempLocationFactory.class */
    public static class GcpTempLocationFactory implements DefaultValueFactory<String> {
        static final String DEFAULT_REGION = "us-central1";
        private static final FluentBackoff BACKOFF_FACTORY = FluentBackoff.DEFAULT.withMaxRetries(3).withInitialBackoff(Duration.millis(200));
        static final Logger LOG = LoggerFactory.getLogger((Class<?>) GcpTempLocationFactory.class);

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.beam.sdk.options.DefaultValueFactory
        @Nullable
        public String create(PipelineOptions pipelineOptions) {
            String tempLocation = pipelineOptions.getTempLocation();
            if (Strings.isNullOrEmpty(tempLocation)) {
                tempLocation = tryCreateDefaultBucket(pipelineOptions, newCloudResourceManagerClient((CloudResourceManagerOptions) pipelineOptions.as(CloudResourceManagerOptions.class)).build());
                pipelineOptions.setTempLocation(tempLocation);
            } else {
                try {
                    ((GcsOptions) pipelineOptions.as(GcsOptions.class)).getPathValidator().validateOutputFilePrefixSupported(tempLocation);
                } catch (Exception e) {
                    throw new IllegalArgumentException(String.format("Error constructing default value for gcpTempLocation: tempLocation is not a valid GCS path, %s. ", tempLocation), e);
                }
            }
            return tempLocation;
        }

        @VisibleForTesting
        static String tryCreateDefaultBucket(PipelineOptions pipelineOptions, CloudResourceManager cloudResourceManager) {
            GcsOptions gcsOptions = (GcsOptions) pipelineOptions.as(GcsOptions.class);
            String project = gcsOptions.getProject();
            Preconditions.checkArgument(!Strings.isNullOrEmpty(project), "--project is a required option.");
            try {
                long projectNumber = getProjectNumber(project, cloudResourceManager);
                String str = DEFAULT_REGION;
                if (!Strings.isNullOrEmpty(gcsOptions.getZone())) {
                    str = getRegionFromZone(gcsOptions.getZone());
                }
                String str2 = "dataflow-staging-" + str + "-" + projectNumber;
                LOG.info("No tempLocation specified, attempting to use default bucket: {}", str2);
                try {
                    gcsOptions.getGcsUtil().createBucket(project, new Bucket().setName(str2).setLocation(str).setEncryption(new Bucket.Encryption().setDefaultKmsKeyName(gcsOptions.getDataflowKmsKey())));
                } catch (FileAlreadyExistsException e) {
                    LOG.debug("Bucket '{}'' already exists, verifying access.", str2);
                } catch (IOException e2) {
                    throw new RuntimeException("Unable create default bucket.", e2);
                }
                try {
                    long bucketOwner = gcsOptions.getGcsUtil().bucketOwner(GcsPath.fromComponents(str2, ""));
                    Preconditions.checkArgument(bucketOwner == projectNumber, "Bucket owner does not match the project from --project: %s vs. %s", bucketOwner, projectNumber);
                    return "gs://" + str2 + "/temp/";
                } catch (IOException e3) {
                    throw new RuntimeException("Unable to determine the owner of the default bucket at gs://" + str2, e3);
                }
            } catch (IOException e4) {
                throw new RuntimeException("Unable to verify project with ID " + project, e4);
            }
        }

        private static long getProjectNumber(String str, CloudResourceManager cloudResourceManager) throws IOException {
            return getProjectNumber(str, cloudResourceManager, BackOffAdapter.toGcpBackOff(BACKOFF_FACTORY.backoff()), Sleeper.DEFAULT);
        }

        private static long getProjectNumber(String str, CloudResourceManager cloudResourceManager, BackOff backOff, Sleeper sleeper) throws IOException {
            try {
                return ((Project) ResilientOperation.retry(ResilientOperation.getGoogleRequestCallable(cloudResourceManager.projects().get(str)), backOff, RetryDeterminer.SOCKET_ERRORS, IOException.class, sleeper)).getProjectNumber().longValue();
            } catch (Exception e) {
                throw new IOException("Unable to get project number", e);
            }
        }

        @VisibleForTesting
        static String getRegionFromZone(String str) {
            String[] split = str.split("-", -1);
            Preconditions.checkArgument(split.length >= 2, "Invalid zone provided: %s", str);
            return split[0] + "-" + split[1];
        }

        @VisibleForTesting
        static CloudResourceManager.Builder newCloudResourceManagerClient(CloudResourceManagerOptions cloudResourceManagerOptions) {
            Credentials gcpCredential = cloudResourceManagerOptions.getGcpCredential();
            if (gcpCredential == null) {
                NullCredentialInitializer.throwNullCredentialException();
            }
            return new CloudResourceManager.Builder(Transport.getTransport(), Transport.getJsonFactory(), chainHttpRequestInitializer(gcpCredential, new RetryHttpRequestInitializer(ImmutableList.of(404)))).setApplicationName(cloudResourceManagerOptions.getAppName()).setGoogleClientRequestInitializer((GoogleClientRequestInitializer) cloudResourceManagerOptions.getGoogleApiTrace());
        }

        private static HttpRequestInitializer chainHttpRequestInitializer(Credentials credentials, HttpRequestInitializer httpRequestInitializer) {
            return credentials == null ? new ChainingHttpRequestInitializer(new NullCredentialInitializer(), httpRequestInitializer) : new ChainingHttpRequestInitializer(new HttpCredentialsAdapter(credentials), httpRequestInitializer);
        }
    }

    /* loaded from: input_file:org/apache/beam/sdk/extensions/gcp/options/GcpOptions$GcpUserCredentialsFactory.class */
    public static class GcpUserCredentialsFactory implements DefaultValueFactory<Credentials> {
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.apache.beam.sdk.options.DefaultValueFactory
        public Credentials create(PipelineOptions pipelineOptions) {
            try {
                return ((CredentialFactory) InstanceBuilder.ofType(CredentialFactory.class).fromClass(((GcpOptions) pipelineOptions.as(GcpOptions.class)).getCredentialFactoryClass()).fromFactoryMethod("fromOptions").withArg(PipelineOptions.class, pipelineOptions).build()).getCredential();
            } catch (IOException | GeneralSecurityException e) {
                throw new RuntimeException("Unable to obtain credential", e);
            }
        }
    }

    @Default.InstanceFactory(DefaultProjectFactory.class)
    @Description("Project id. Required when using Google Cloud Platform services. See https://cloud.google.com/storage/docs/projects for further details.")
    String getProject();

    void setProject(String str);

    @Description("GCP availability zone for running GCP operations. Default is up to the individual service.")
    String getZone();

    void setZone(String str);

    @Description("The class of the credential factory that should be created and used to create credentials. If gcpCredential has not been set explicitly, an instance of this class will be constructed and used as a credential factory.")
    @Default.Class(GcpCredentialFactory.class)
    Class<? extends CredentialFactory> getCredentialFactoryClass();

    void setCredentialFactoryClass(Class<? extends CredentialFactory> cls);

    @Default.InstanceFactory(GcpUserCredentialsFactory.class)
    @JsonIgnore
    @Description("The credential instance that should be used to authenticate against GCP services. If no credential has been set explicitly, the default is to use the instance factory that constructs a credential based upon the currently set credentialFactoryClass.")
    Credentials getGcpCredential();

    void setGcpCredential(Credentials credentials);

    @Default.InstanceFactory(EnableStreamingEngineFactory.class)
    @Description("If true will use Streaming Engine.  Defaults to false unless the experiments enable_streaming_engine or enable_windmill_service are set.")
    boolean isEnableStreamingEngine();

    void setEnableStreamingEngine(boolean z);

    @Default.InstanceFactory(GcpTempLocationFactory.class)
    @Description("A GCS path for storing temporary files in GCP.")
    @Nullable
    String getGcpTempLocation();

    void setGcpTempLocation(String str);

    @Experimental
    @Description("GCP Cloud KMS key for Dataflow pipelines. Also used by gcpTempLocation as the default key for new buckets. Key format is: projects/<project>/locations/<location>/keyRings/<keyring>/cryptoKeys/<key>")
    @Nullable
    String getDataflowKmsKey();

    void setDataflowKmsKey(String str);
}
