package org.apache.flink.kubernetes.kubeclient.decorators;

import io.fabric8.kubernetes.api.model.ConfigMapBuilder;
import io.fabric8.kubernetes.api.model.ContainerBuilder;
import io.fabric8.kubernetes.api.model.HasMetadata;
import io.fabric8.kubernetes.api.model.KeyToPathBuilder;
import io.fabric8.kubernetes.api.model.PodBuilder;
import io.fabric8.kubernetes.api.model.PodFluent;
import io.fabric8.kubernetes.api.model.PodSpecFluent;
import io.fabric8.kubernetes.api.model.SecretBuilder;
import io.fabric8.kubernetes.api.model.VolumeFluent;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import org.apache.flink.configuration.SecurityOptions;
import org.apache.flink.kubernetes.kubeclient.FlinkPod;
import org.apache.flink.kubernetes.kubeclient.parameters.AbstractKubernetesParameters;
import org.apache.flink.kubernetes.utils.Constants;
import org.apache.flink.runtime.security.SecurityConfiguration;
import org.apache.flink.shaded.guava18.com.google.common.io.Files;
import org.apache.flink.util.Preconditions;
import org.apache.flink.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/flink/kubernetes/kubeclient/decorators/KerberosMountDecorator.class */
public class KerberosMountDecorator extends AbstractKubernetesStepDecorator {
    private static final Logger LOG = LoggerFactory.getLogger(KerberosMountDecorator.class);
    private final AbstractKubernetesParameters kubernetesParameters;
    private final SecurityConfiguration securityConfig;

    public KerberosMountDecorator(AbstractKubernetesParameters abstractKubernetesParameters) {
        this.kubernetesParameters = (AbstractKubernetesParameters) Preconditions.checkNotNull(abstractKubernetesParameters);
        this.securityConfig = new SecurityConfiguration(abstractKubernetesParameters.getFlinkConfiguration());
    }

    @Override // org.apache.flink.kubernetes.kubeclient.decorators.AbstractKubernetesStepDecorator, org.apache.flink.kubernetes.kubeclient.decorators.KubernetesStepDecorator
    public FlinkPod decorateFlinkPod(FlinkPod flinkPod) {
        PodBuilder podBuilder = new PodBuilder(flinkPod.getPodWithoutMainContainer());
        ContainerBuilder containerBuilder = new ContainerBuilder(flinkPod.getMainContainer());
        if (!StringUtils.isNullOrWhitespaceOnly(this.securityConfig.getKeytab()) && !StringUtils.isNullOrWhitespaceOnly(this.securityConfig.getPrincipal())) {
            podBuilder = (PodBuilder) ((PodFluent.SpecNested) ((PodSpecFluent.VolumesNested) ((VolumeFluent.SecretNested) ((PodSpecFluent.VolumesNested) podBuilder.editOrNewSpec().addNewVolume().withName(Constants.KERBEROS_KEYTAB_VOLUME)).withNewSecret().withSecretName(getKerberosKeytabSecretName(this.kubernetesParameters.getClusterId()))).endSecret()).endVolume()).endSpec();
            containerBuilder = (ContainerBuilder) containerBuilder.addNewVolumeMount().withName(Constants.KERBEROS_KEYTAB_VOLUME).withMountPath(Constants.KERBEROS_KEYTAB_MOUNT_POINT).endVolumeMount();
        }
        if (!StringUtils.isNullOrWhitespaceOnly((String) this.kubernetesParameters.getFlinkConfiguration().get(SecurityOptions.KERBEROS_KRB5_PATH))) {
            File file = new File((String) this.kubernetesParameters.getFlinkConfiguration().get(SecurityOptions.KERBEROS_KRB5_PATH));
            podBuilder = (PodBuilder) ((PodFluent.SpecNested) ((PodSpecFluent.VolumesNested) ((VolumeFluent.ConfigMapNested) ((PodSpecFluent.VolumesNested) podBuilder.editOrNewSpec().addNewVolume().withName(Constants.KERBEROS_KRB5CONF_VOLUME)).withNewConfigMap().withName(getKerberosKrb5confConfigMapName(this.kubernetesParameters.getClusterId()))).withItems(new KeyToPathBuilder().withKey(file.getName()).withPath(file.getName()).build()).endConfigMap()).endVolume()).endSpec();
            containerBuilder = (ContainerBuilder) containerBuilder.addNewVolumeMount().withName(Constants.KERBEROS_KRB5CONF_VOLUME).withMountPath("/etc/krb5.conf").withSubPath("krb5.conf").endVolumeMount();
        }
        return new FlinkPod(podBuilder.build(), containerBuilder.build());
    }

    @Override // org.apache.flink.kubernetes.kubeclient.decorators.AbstractKubernetesStepDecorator, org.apache.flink.kubernetes.kubeclient.decorators.KubernetesStepDecorator
    public List<HasMetadata> buildAccompanyingKubernetesResources() throws IOException {
        ArrayList arrayList = new ArrayList();
        if (!StringUtils.isNullOrWhitespaceOnly(this.securityConfig.getKeytab()) && !StringUtils.isNullOrWhitespaceOnly(this.securityConfig.getPrincipal())) {
            File file = new File(this.securityConfig.getKeytab());
            if (file.exists()) {
                arrayList.add(((SecretBuilder) new SecretBuilder().withNewMetadata().withName(getKerberosKeytabSecretName(this.kubernetesParameters.getClusterId())).endMetadata()).addToData(file.getName(), Base64.getEncoder().encodeToString(Files.toByteArray(file))).build());
                this.kubernetesParameters.getFlinkConfiguration().set(SecurityOptions.KERBEROS_LOGIN_KEYTAB, String.format("%s/%s", Constants.KERBEROS_KEYTAB_MOUNT_POINT, file.getName()));
            } else {
                LOG.warn("Could not found the kerberos keytab file in {}.", file.getAbsolutePath());
            }
        }
        if (!StringUtils.isNullOrWhitespaceOnly((String) this.kubernetesParameters.getFlinkConfiguration().get(SecurityOptions.KERBEROS_KRB5_PATH))) {
            File file2 = new File((String) this.kubernetesParameters.getFlinkConfiguration().get(SecurityOptions.KERBEROS_KRB5_PATH));
            if (file2.exists()) {
                arrayList.add(((ConfigMapBuilder) new ConfigMapBuilder().withNewMetadata().withName(getKerberosKrb5confConfigMapName(this.kubernetesParameters.getClusterId())).endMetadata()).addToData(file2.getName(), Files.toString(file2, StandardCharsets.UTF_8)).build());
            } else {
                LOG.warn("Could not found the kerberos config file in {}.", file2.getAbsolutePath());
            }
        }
        return arrayList;
    }

    public static String getKerberosKeytabSecretName(String str) {
        return Constants.KERBEROS_KEYTAB_SECRET_PREFIX + str;
    }

    public static String getKerberosKrb5confConfigMapName(String str) {
        return Constants.KERBEROS_KRB5CONF_CONFIG_MAP_PREFIX + str;
    }
}
