package org.openmetadata.service.secrets;

import com.google.common.annotations.VisibleForTesting;
import org.openmetadata.schema.security.secrets.SecretsManagerProvider;
import org.openmetadata.service.secrets.SecretsManager;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.ssm.SsmClient;
import software.amazon.awssdk.services.ssm.model.DeleteParameterRequest;
import software.amazon.awssdk.services.ssm.model.GetParameterRequest;
import software.amazon.awssdk.services.ssm.model.ParameterType;
import software.amazon.awssdk.services.ssm.model.PutParameterRequest;
import software.amazon.awssdk.services.ssm.model.Tag;

/* loaded from: input_file:org/openmetadata/service/secrets/AWSSSMSecretsManager.class */
public class AWSSSMSecretsManager extends AWSBasedSecretsManager {
    private static AWSSSMSecretsManager instance = null;
    private SsmClient ssmClient;

    private AWSSSMSecretsManager(SecretsManager.SecretsConfig secretsConfig) {
        super(SecretsManagerProvider.MANAGED_AWS_SSM, secretsConfig);
    }

    @Override // org.openmetadata.service.secrets.AWSBasedSecretsManager
    void initClientWithoutCredentials() {
        this.ssmClient = SsmClient.create();
    }

    @Override // org.openmetadata.service.secrets.AWSBasedSecretsManager
    void initClientWithCredentials(String str, AwsCredentialsProvider awsCredentialsProvider) {
        this.ssmClient = (SsmClient) SsmClient.builder().region(Region.of(str)).credentialsProvider(awsCredentialsProvider).build();
    }

    @Override // org.openmetadata.service.secrets.ExternalSecretsManager
    public void storeSecret(String str, String str2) {
        putSecretParameter(str, str2, false);
    }

    @Override // org.openmetadata.service.secrets.ExternalSecretsManager
    public void updateSecret(String str, String str2) {
        putSecretParameter(str, str2, true);
    }

    private void putSecretParameter(String str, String str2, boolean z) {
        this.ssmClient.putParameter((PutParameterRequest) PutParameterRequest.builder().name(str).description("This secret parameter was created by OpenMetadata").value(str2).overwrite(Boolean.valueOf(z)).type(ParameterType.SECURE_STRING).tags(SecretsManager.getTags(getSecretsConfig()).entrySet().stream().map(entry -> {
            return (Tag) Tag.builder().key((String) entry.getKey()).value((String) entry.getValue()).build();
        }).toList()).build());
    }

    @Override // org.openmetadata.service.secrets.ExternalSecretsManager
    public String getSecret(String str) {
        return this.ssmClient.getParameter((GetParameterRequest) GetParameterRequest.builder().name(str).withDecryption(true).build()).parameter().value();
    }

    @Override // org.openmetadata.service.secrets.SecretsManager
    protected void deleteSecretInternal(String str) {
        this.ssmClient.deleteParameter((DeleteParameterRequest) DeleteParameterRequest.builder().name(str).build());
    }

    public static AWSSSMSecretsManager getInstance(SecretsManager.SecretsConfig secretsConfig) {
        if (instance == null) {
            instance = new AWSSSMSecretsManager(secretsConfig);
        }
        return instance;
    }

    @VisibleForTesting
    protected void setSsmClient(SsmClient ssmClient) {
        this.ssmClient = ssmClient;
    }
}
