package com.purbon.kafka.topology.roles;

import com.purbon.kafka.topology.AccessControlProvider;
import com.purbon.kafka.topology.api.mds.ClusterIDs;
import com.purbon.kafka.topology.api.mds.MDSApiClient;
import com.purbon.kafka.topology.api.mds.RbacResourceType;
import com.purbon.kafka.topology.api.mds.RequestScope;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/purbon/kafka/topology/roles/RBACProvider.class */
public class RBACProvider implements AccessControlProvider {
    private static final Logger LOGGER = LogManager.getLogger((Class<?>) RBACProvider.class);
    private final MDSApiClient apiClient;

    public RBACProvider(MDSApiClient mDSApiClient) {
        this.apiClient = mDSApiClient;
    }

    @Override // com.purbon.kafka.topology.AccessControlProvider
    public void createBindings(Set<TopologyAclBinding> set) throws IOException {
        LOGGER.debug("RBACProvider: createBindings");
        Iterator<TopologyAclBinding> it = set.iterator();
        while (it.hasNext()) {
            this.apiClient.bindRequest(it.next());
        }
    }

    @Override // com.purbon.kafka.topology.AccessControlProvider
    public void clearBindings(Set<TopologyAclBinding> set) {
        LOGGER.debug("RBACProvider: clearAcls");
        set.forEach(topologyAclBinding -> {
            String principal = topologyAclBinding.getPrincipal();
            String operation = topologyAclBinding.getOperation();
            RequestScope requestScope = new RequestScope();
            String capitalize = StringUtils.capitalize(topologyAclBinding.getResourceType().toLowerCase());
            ClusterIDs forKafka = this.apiClient.withClusterIDs().forKafka();
            if (capitalize.equalsIgnoreCase("subject")) {
                forKafka = forKafka.forSchemaRegistry();
            } else if (capitalize.equalsIgnoreCase("connector")) {
                forKafka = forKafka.forKafkaConnect();
            } else if (capitalize.equalsIgnoreCase("KsqlCluster")) {
                forKafka = forKafka.forKsql();
            }
            requestScope.setClusters(forKafka.asMap());
            requestScope.addResource(capitalize, topologyAclBinding.getResourceName(), topologyAclBinding.getPattern());
            requestScope.build();
            this.apiClient.deleteRole(principal, operation, requestScope);
        });
    }

    @Override // com.purbon.kafka.topology.AccessControlProvider
    public Map<String, List<TopologyAclBinding>> listAcls() {
        HashMap hashMap = new HashMap();
        for (String str : this.apiClient.getRoleNames()) {
            for (String str2 : this.apiClient.lookupKafkaPrincipalsByRoleForKafka(str)) {
                for (RbacResourceType rbacResourceType : this.apiClient.lookupResourcesForKafka(str2, str)) {
                    if (!hashMap.containsKey(rbacResourceType.getName())) {
                        hashMap.put(rbacResourceType.getName(), new ArrayList());
                    }
                    ((List) hashMap.get(rbacResourceType.getName())).add(TopologyAclBinding.build(normalize(rbacResourceType.getResourceType()), rbacResourceType.getName(), "*", str, str2, rbacResourceType.getPatternType()));
                }
            }
        }
        return hashMap;
    }

    private String normalize(String str) {
        return String.join("_", str.split("(?=\\p{Upper})")).toUpperCase();
    }
}
