package io.quarkus.vault.runtime.config;

import io.quarkus.runtime.annotations.ConfigGroup;
import io.quarkus.runtime.annotations.ConfigPhase;
import io.quarkus.runtime.annotations.ConfigRoot;
import io.quarkus.runtime.configuration.DurationConverter;
import io.quarkus.vault.runtime.LogConfidentialityLevel;
import io.smallrye.config.ConfigMapping;
import io.smallrye.config.WithConverter;
import io.smallrye.config.WithDefault;
import io.smallrye.config.WithName;
import io.smallrye.config.WithParentName;
import java.net.URL;
import java.time.Duration;
import java.util.List;
import java.util.Map;
import java.util.Optional;

@ConfigMapping(prefix = "quarkus.vault")
@ConfigRoot(phase = ConfigPhase.RUN_TIME)
/* loaded from: input_file:io/quarkus/vault/runtime/config/VaultRuntimeConfig.class */
public interface VaultRuntimeConfig {
    public static final String NAME = "vault";
    public static final String DEFAULT_CONFIG_ORDINAL = "270";
    public static final String DEFAULT_KUBERNETES_JWT_TOKEN_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/token";
    public static final String DEFAULT_KV_SECRET_ENGINE_MOUNT_PATH = "secret";
    public static final String KV_SECRET_ENGINE_VERSION_V2 = "2";
    public static final String DEFAULT_RENEW_GRACE_PERIOD = "1H";
    public static final String DEFAULT_SECRET_CONFIG_CACHE_PERIOD = "10M";
    public static final String KUBERNETES_CACERT = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt";
    public static final String DEFAULT_CONNECT_TIMEOUT = "5S";
    public static final String DEFAULT_READ_TIMEOUT = "5S";
    public static final String DEFAULT_TLS_USE_KUBERNETES_CACERT = "true";
    public static final String DEFAULT_KUBERNETES_AUTH_MOUNT_PATH = "auth/kubernetes";
    public static final String DEFAULT_APPROLE_AUTH_MOUNT_PATH = "auth/approle";

    @ConfigGroup
    /* loaded from: input_file:io/quarkus/vault/runtime/config/VaultRuntimeConfig$KvPathConfig.class */
    public interface KvPathConfig {
        @WithParentName
        List<String> paths();

        String toString();
    }

    @WithDefault(DEFAULT_CONFIG_ORDINAL)
    int configOrdinal();

    Optional<URL> url();

    VaultEnterpriseConfig enterprise();

    VaultAuthenticationConfig authentication();

    @WithDefault(DEFAULT_RENEW_GRACE_PERIOD)
    @WithConverter(DurationConverter.class)
    Duration renewGracePeriod();

    @WithDefault(DEFAULT_SECRET_CONFIG_CACHE_PERIOD)
    @WithConverter(DurationConverter.class)
    Duration secretConfigCachePeriod();

    Optional<List<String>> secretConfigKvPath();

    @WithName("secret-config-kv-path")
    Map<String, KvPathConfig> secretConfigKvPathPrefix();

    @WithDefault("1")
    int mpConfigInitialAttempts();

    @WithDefault("medium")
    LogConfidentialityLevel logConfidentialityLevel();

    @WithDefault(KV_SECRET_ENGINE_VERSION_V2)
    int kvSecretEngineVersion();

    @WithDefault(DEFAULT_KV_SECRET_ENGINE_MOUNT_PATH)
    String kvSecretEngineMountPath();

    VaultTlsConfig tls();

    @WithDefault("5S")
    @WithConverter(DurationConverter.class)
    Duration connectTimeout();

    @WithDefault("5S")
    @WithConverter(DurationConverter.class)
    Duration readTimeout();

    Optional<List<String>> nonProxyHosts();

    Optional<String> proxyHost();

    @WithDefault("3128")
    Integer proxyPort();

    Map<String, CredentialsProviderConfig> credentialsProvider();

    VaultTransitConfig transit();

    @WithName("devservices")
    @Deprecated
    Map<String, String> devServices();

    @Deprecated
    Map<String, String> health();

    default VaultAuthenticationType getAuthenticationType() {
        if (authentication().kubernetes().role().isPresent()) {
            return VaultAuthenticationType.KUBERNETES;
        }
        if (authentication().isUserpass()) {
            return VaultAuthenticationType.USERPASS;
        }
        if (authentication().isAppRole()) {
            return VaultAuthenticationType.APPROLE;
        }
        return null;
    }

    default String toStringConfidential() {
        return "VaultRuntimeConfig{url=" + url() + ", kubernetesAuthenticationMountPath=" + authentication().kubernetes().authMountPath() + ", kubernetesAuthenticationRole=" + logConfidentialityLevel().maskWithTolerance(authentication().kubernetes().role().orElse(""), LogConfidentialityLevel.MEDIUM) + ", kubernetesJwtTokenPath='" + authentication().kubernetes().jwtTokenPath() + "', userpassUsername='" + logConfidentialityLevel().maskWithTolerance(authentication().userpass().username().orElse(""), LogConfidentialityLevel.MEDIUM) + "', userpassPassword='" + logConfidentialityLevel().maskWithTolerance(authentication().userpass().password().orElse(""), LogConfidentialityLevel.LOW) + "', appRoleRoleId='" + logConfidentialityLevel().maskWithTolerance(authentication().appRole().roleId().orElse(""), LogConfidentialityLevel.MEDIUM) + "', appRoleSecretId='" + logConfidentialityLevel().maskWithTolerance(authentication().appRole().secretId().orElse(""), LogConfidentialityLevel.LOW) + "', appRoleSecretIdWrappingToken='" + logConfidentialityLevel().maskWithTolerance(authentication().appRole().secretIdWrappingToken().orElse(""), LogConfidentialityLevel.LOW) + "', clientToken=" + logConfidentialityLevel().maskWithTolerance(authentication().clientToken().orElse(""), LogConfidentialityLevel.LOW) + ", clientTokenWrappingToken=" + logConfidentialityLevel().maskWithTolerance(authentication().clientTokenWrappingToken().orElse(""), LogConfidentialityLevel.LOW) + ", renewGracePeriod=" + renewGracePeriod() + ", cachePeriod=" + secretConfigCachePeriod() + ", logConfidentialityLevel=" + logConfidentialityLevel() + ", kvSecretEngineVersion=" + kvSecretEngineVersion() + ", kvSecretEngineMountPath='" + kvSecretEngineMountPath() + "', tlsSkipVerify=" + tls().skipVerify() + ", tlsCaCert=" + tls().caCert() + ", connectTimeout=" + connectTimeout() + ", readTimeout=" + readTimeout() + "}";
    }
}
