package com.walmartlabs.concord.common;

import com.walmartlabs.concord.sdk.Context;
import com.walmartlabs.concord.sdk.DockerContainerSpec;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/walmartlabs/concord/common/DockerProcessBuilder.class */
public class DockerProcessBuilder {
    private static final Logger log = LoggerFactory.getLogger(DockerProcessBuilder.class);
    public static final String CONCORD_DOCKER_LOCAL_MODE_KEY = "CONCORD_DOCKER_LOCAL_MODE";
    public static final String CONCORD_DOCKER_DEFAULT_USER_KEY = "CONCORD_DOCKER_DEFAULT_USER";
    public static final String CONCORD_DOCKER_USE_CONTAINER_USER_KEY = "CONCORD_DOCKER_USE_CONTAINER_USER";
    public static final String CONCORD_TX_ID_LABEL = "concordTxId";
    private static final String DEFAULT_USER;
    private final String image;
    private String name;
    private String workdir;
    private String entryPoint;
    private String cpu;
    private String memory;
    private String stdOutFilePath;
    private Map<String, String> env;
    private String envFile;
    private Map<String, String> labels;
    private boolean generateUsers;
    private boolean exposeHostUsers;
    private boolean useHostUser;
    private boolean useContainerUser;
    private String user = DEFAULT_USER;
    private final List<String> args = new ArrayList();
    private Collection<String> volumes = new ArrayList();
    private List<Map.Entry<String, String>> options = new ArrayList();
    private boolean cleanup = true;
    private boolean debug = false;
    private boolean forcePull = true;
    private boolean useHostNetwork = true;
    private boolean redirectErrorStream = true;
    private final List<Path> tmpPaths = new ArrayList();

    /* loaded from: input_file:com/walmartlabs/concord/common/DockerProcessBuilder$DockerOptionsBuilder.class */
    public static class DockerOptionsBuilder {
        private final List<Map.Entry<String, String>> options = new ArrayList();

        public DockerOptionsBuilder etcHost(String str) {
            this.options.add(new AbstractMap.SimpleEntry("--add-host", str));
            return this;
        }

        public List<Map.Entry<String, String>> build() {
            return this.options;
        }
    }

    /* loaded from: input_file:com/walmartlabs/concord/common/DockerProcessBuilder$DockerProcess.class */
    public static class DockerProcess implements AutoCloseable {
        private final String[] cmd;
        private final boolean redirectErrorStream;
        private final List<Path> tmpPaths;

        public DockerProcess(String[] strArr, boolean z, List<Path> list) {
            this.cmd = strArr;
            this.redirectErrorStream = z;
            this.tmpPaths = list;
        }

        public Process start() throws IOException {
            return (Process) PrivilegedAction.perform("docker", () -> {
                return new ProcessBuilder(this.cmd).redirectErrorStream(this.redirectErrorStream).start();
            });
        }

        public String[] cmd() {
            return this.cmd;
        }

        @Override // java.lang.AutoCloseable
        public void close() {
            for (Path path : this.tmpPaths) {
                try {
                    IOUtils.deleteRecursively(path);
                } catch (IOException e) {
                    DockerProcessBuilder.log.warn("delete '{}' -> error: {}", path, e.getMessage());
                }
            }
        }
    }

    public static DockerProcessBuilder from(UUID uuid, DockerContainerSpec dockerContainerSpec) {
        DockerProcessBuilder redirectErrorStream = new DockerProcessBuilder(dockerContainerSpec.image()).name(dockerContainerSpec.name()).user((String) Optional.ofNullable(dockerContainerSpec.user()).orElse(DEFAULT_USER)).workdir(dockerContainerSpec.workdir()).entryPoint(dockerContainerSpec.entryPoint()).cpu(dockerContainerSpec.cpu()).memory(dockerContainerSpec.memory()).args(dockerContainerSpec.args()).env(dockerContainerSpec.env()).envFile(dockerContainerSpec.envFile()).labels(dockerContainerSpec.labels()).debug(dockerContainerSpec.debug()).forcePull(dockerContainerSpec.forcePull()).stdOutFilePath(dockerContainerSpec.stdOutFilePath()).redirectErrorStream(dockerContainerSpec.redirectErrorStream());
        DockerContainerSpec.Options options = dockerContainerSpec.options();
        if (options != null) {
            DockerOptionsBuilder dockerOptionsBuilder = new DockerOptionsBuilder();
            List hosts = options.hosts();
            if (hosts != null) {
                Objects.requireNonNull(dockerOptionsBuilder);
                hosts.forEach(dockerOptionsBuilder::etcHost);
            }
            redirectErrorStream.options(dockerOptionsBuilder.build());
        }
        redirectErrorStream.addLabel(CONCORD_TX_ID_LABEL, uuid.toString());
        return redirectErrorStream;
    }

    public static DockerProcessBuilder from(Context context, DockerContainerSpec dockerContainerSpec) {
        return from(UUID.fromString((String) context.getVariable("txId")), dockerContainerSpec);
    }

    public DockerProcessBuilder(String str) {
        this.generateUsers = false;
        this.exposeHostUsers = false;
        this.useHostUser = false;
        this.image = str;
        if (Boolean.parseBoolean(env(CONCORD_DOCKER_LOCAL_MODE_KEY, "true"))) {
            log.warn("Running in the local Docker mode. Consider setting {}=false in the production environment.", CONCORD_DOCKER_LOCAL_MODE_KEY);
            this.exposeHostUsers = true;
            this.useHostUser = true;
        } else {
            this.generateUsers = true;
        }
        this.useContainerUser = Boolean.parseBoolean(env(CONCORD_DOCKER_USE_CONTAINER_USER_KEY, "false"));
    }

    public DockerProcess build() throws IOException {
        String[] buildCmd = buildCmd();
        if (this.debug) {
            log.info("CMD: {}", buildCmd);
        }
        return new DockerProcess(buildCmd, this.redirectErrorStream, this.tmpPaths);
    }

    private String[] buildCmd() throws IOException {
        return this.forcePull ? new String[]{"/bin/bash", "-c", "docker pull " + q(this.image) + " && " + buildDockerCmd()} : new String[]{"/bin/bash", "-c", buildDockerCmd()};
    }

    private String buildDockerCmd() throws IOException {
        ArrayList arrayList = new ArrayList();
        arrayList.add("docker");
        arrayList.add("run");
        if (this.name != null) {
            arrayList.add("--name");
            arrayList.add(q(this.name));
        }
        if (this.user != null && !this.useHostUser && !this.useContainerUser) {
            arrayList.add("-u");
            arrayList.add(this.user);
        }
        if (this.cleanup) {
            arrayList.add("--rm");
        }
        arrayList.add("-i");
        if (this.volumes != null) {
            this.volumes.forEach(str -> {
                arrayList.add("-v");
                arrayList.add(q(str));
            });
        }
        if (this.env != null) {
            this.env.forEach((str2, str3) -> {
                arrayList.add("-e");
                arrayList.add(q(str2 + "=" + str3));
            });
        }
        if (this.envFile != null) {
            arrayList.add("--env-file");
            arrayList.add(q(this.envFile));
        }
        if (this.workdir != null) {
            arrayList.add("-w");
            arrayList.add(q(this.workdir));
        }
        if (this.labels != null) {
            for (Map.Entry<String, String> entry : this.labels.entrySet()) {
                String key = entry.getKey();
                String value = entry.getValue();
                arrayList.add("--label");
                arrayList.add(q(key + (value != null ? "=" + value : "")));
            }
        }
        if (this.entryPoint != null) {
            arrayList.add("--entrypoint");
            arrayList.add(this.entryPoint);
        }
        if (this.generateUsers) {
            Path createTempFile = IOUtils.createTempFile("passwd", ".docker");
            this.tmpPaths.add(createTempFile);
            InputStream inputStream = (InputStream) Objects.requireNonNull(DockerProcessBuilder.class.getResourceAsStream("dockerPasswd"));
            try {
                OutputStream newOutputStream = Files.newOutputStream(createTempFile, new OpenOption[0]);
                try {
                    IOUtils.copy(inputStream, newOutputStream);
                    if (newOutputStream != null) {
                        newOutputStream.close();
                    }
                    if (inputStream != null) {
                        inputStream.close();
                    }
                    arrayList.add("-v");
                    arrayList.add(createTempFile.toAbsolutePath() + ":/etc/passwd:ro");
                } finally {
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        if (this.exposeHostUsers) {
            arrayList.add("-v");
            arrayList.add("/etc/passwd:/etc/passwd:ro");
        }
        if (this.useHostUser && !this.useContainerUser) {
            arrayList.add("-u");
            arrayList.add("`id -u`:`id -g`");
            arrayList.add("-e");
            arrayList.add("HOME=/tmp");
        }
        if (this.useHostNetwork) {
            arrayList.add("--net=host");
        }
        if (this.cpu != null) {
            arrayList.add("--cpus");
            arrayList.add(this.cpu);
        }
        if (this.memory != null) {
            arrayList.add("-m");
            arrayList.add(this.memory);
        }
        this.options.forEach(entry2 -> {
            arrayList.add((String) entry2.getKey());
            if (entry2.getValue() != null) {
                arrayList.add((String) entry2.getValue());
            }
        });
        arrayList.add(q(this.image));
        this.args.forEach(str4 -> {
            arrayList.add(q(str4));
        });
        if (this.stdOutFilePath != null) {
            arrayList.add(0, "set -o pipefail && ");
            arrayList.add("| tee ");
            arrayList.add(this.stdOutFilePath);
        }
        return String.join(" ", arrayList);
    }

    public DockerProcessBuilder cpu(String str) {
        this.cpu = str;
        return this;
    }

    public DockerProcessBuilder memory(String str) {
        this.memory = str;
        return this;
    }

    public DockerProcessBuilder stdOutFilePath(String str) {
        this.stdOutFilePath = str;
        return this;
    }

    public DockerProcessBuilder name(String str) {
        this.name = str;
        return this;
    }

    public DockerProcessBuilder user(String str) {
        this.user = str;
        return this;
    }

    public DockerProcessBuilder labels(Map<String, String> map) {
        this.labels = map;
        return this;
    }

    public DockerProcessBuilder addLabel(String str, String str2) {
        if (this.labels == null) {
            this.labels = new HashMap();
        }
        this.labels.put(str, str2);
        return this;
    }

    public DockerProcessBuilder debug(boolean z) {
        this.debug = z;
        return this;
    }

    public DockerProcessBuilder workdir(String str) {
        this.workdir = str;
        return this;
    }

    public DockerProcessBuilder volumes(Collection<String> collection) {
        this.volumes = collection;
        return this;
    }

    public DockerProcessBuilder volume(String str) {
        this.volumes.add(str);
        return this;
    }

    public DockerProcessBuilder volume(String str, String str2) {
        this.volumes.add(str + ":" + str2);
        return this;
    }

    public DockerProcessBuilder volume(String str, String str2, boolean z) {
        this.volumes.add(str + ":" + str2 + (z ? ":ro" : ":rw"));
        return this;
    }

    public DockerProcessBuilder cleanup(boolean z) {
        this.cleanup = z;
        return this;
    }

    public DockerProcessBuilder args(List<String> list) {
        if (list == null) {
            return this;
        }
        this.args.addAll(list);
        return this;
    }

    public DockerProcessBuilder arg(String str) {
        this.args.add(str);
        return this;
    }

    public DockerProcessBuilder arg(String str, String str2) {
        this.args.add(str);
        this.args.add(str2);
        return this;
    }

    public DockerProcessBuilder env(Map<String, String> map) {
        this.env = map;
        return this;
    }

    public DockerProcessBuilder envFile(String str) {
        this.envFile = str;
        return this;
    }

    public DockerProcessBuilder entryPoint(String str) {
        this.entryPoint = str;
        return this;
    }

    public DockerProcessBuilder forcePull(boolean z) {
        this.forcePull = z;
        return this;
    }

    public DockerProcessBuilder useHostNetwork(boolean z) {
        this.useHostNetwork = z;
        return this;
    }

    public DockerProcessBuilder options(List<Map.Entry<String, String>> list) {
        this.options = list;
        return this;
    }

    public DockerProcessBuilder option(String str, String str2) {
        this.options.add(new AbstractMap.SimpleEntry(str, str2));
        return this;
    }

    public DockerProcessBuilder redirectErrorStream(boolean z) {
        this.redirectErrorStream = z;
        return this;
    }

    public DockerProcessBuilder useContainerUser(boolean z) {
        this.useContainerUser = z;
        return this;
    }

    private static String q(String str) {
        if (str == null) {
            return null;
        }
        return "'" + str + "'";
    }

    private static String env(String str, String str2) {
        String str3 = System.getenv(str);
        return str3 != null ? str3 : str2;
    }

    static {
        String str = System.getenv(CONCORD_DOCKER_DEFAULT_USER_KEY);
        if (str != null) {
            DEFAULT_USER = str;
        } else {
            DEFAULT_USER = "456";
        }
    }
}
