package com.amazon.jenkins.ec2fleet.aws;

import com.amazon.jenkins.ec2fleet.Registry;
import com.amazon.jenkins.ec2fleet.fleet.AutoScalingGroupFleet;
import com.amazon.jenkins.ec2fleet.fleet.Fleets;
import com.amazonaws.services.autoscaling.AmazonAutoScalingClient;
import com.amazonaws.services.autoscaling.model.AmazonAutoScalingException;
import com.amazonaws.services.ec2.AmazonEC2;
import com.amazonaws.services.ec2.model.CreateTagsRequest;
import com.amazonaws.services.ec2.model.DescribeFleetInstancesRequest;
import com.amazonaws.services.ec2.model.DescribeFleetsRequest;
import com.amazonaws.services.ec2.model.DescribeInstanceTypesRequest;
import com.amazonaws.services.ec2.model.DescribeInstancesRequest;
import com.amazonaws.services.ec2.model.DescribeSpotFleetInstancesRequest;
import com.amazonaws.services.ec2.model.DescribeSpotFleetRequestsRequest;
import com.amazonaws.services.ec2.model.ModifyFleetRequest;
import com.amazonaws.services.ec2.model.ModifySpotFleetRequestRequest;
import com.amazonaws.services.ec2.model.Tag;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:com/amazon/jenkins/ec2fleet/aws/AwsPermissionChecker.class */
public class AwsPermissionChecker {
    private static final int UNAUTHORIZED_STATUS_CODE = 403;
    private String awsCrendentialsId;
    private String regionName;
    private String endpoint;

    /* loaded from: input_file:com/amazon/jenkins/ec2fleet/aws/AwsPermissionChecker$FleetAPI.class */
    public enum FleetAPI {
        DescribeInstances,
        DescribeSpotFleetInstances,
        CreateTags,
        ModifySpotFleetRequest,
        DescribeSpotFleetRequests,
        DescribeAutoScalingGroups,
        DescribeFleets,
        DescribeFleetInstances,
        ModifyFleet,
        DescribeInstanceTypes,
        TerminateInstances,
        UpdateAutoScalingGroup
    }

    public AwsPermissionChecker(String str, String str2, String str3) {
        this.awsCrendentialsId = str;
        this.regionName = str2;
        this.endpoint = str3;
    }

    public List<String> getMissingPermissions(String str) {
        AmazonEC2 connect = Registry.getEc2Api().connect(this.awsCrendentialsId, this.regionName, this.endpoint);
        ArrayList arrayList = new ArrayList(getMissingCommonPermissions(connect));
        if (StringUtils.isBlank(str)) {
            arrayList.addAll(getMissingPermissionsForSpotFleet(connect, str));
            arrayList.addAll(getMissingPermissionsForEC2Fleet(connect, str));
            arrayList.addAll(getMissingPermissionsForASG());
        } else if (Fleets.isSpotFleet(str)) {
            arrayList.addAll(getMissingPermissionsForSpotFleet(connect, str));
        } else if (Fleets.isEC2Fleet(str)) {
            arrayList.addAll(getMissingPermissionsForEC2Fleet(connect, str));
        } else {
            arrayList.addAll(getMissingPermissionsForASG());
        }
        return arrayList;
    }

    private List<String> getMissingPermissionsForSpotFleet(AmazonEC2 amazonEC2, String str) {
        ArrayList arrayList = new ArrayList();
        if (!hasDescribeSpotFleetRequestsPermission(amazonEC2, str)) {
            arrayList.add(FleetAPI.DescribeSpotFleetRequests.name());
        }
        if (!hasDescribeSpotFleetInstancesPermission(amazonEC2, str)) {
            arrayList.add(FleetAPI.DescribeSpotFleetInstances.name());
        }
        if (!hasModifySpotFleetRequestPermission(amazonEC2, str)) {
            arrayList.add(FleetAPI.ModifySpotFleetRequest.name());
        }
        return arrayList;
    }

    private List<String> getMissingCommonPermissions(AmazonEC2 amazonEC2) {
        ArrayList arrayList = new ArrayList();
        if (!hasDescribeInstancePermission(amazonEC2)) {
            arrayList.add(FleetAPI.DescribeInstances.name());
        }
        if (!hasCreateTagsPermissions(amazonEC2)) {
            arrayList.add(FleetAPI.CreateTags.name());
        }
        if (!hasDescribeInstanceTypesPermission(amazonEC2)) {
            arrayList.add(FleetAPI.DescribeInstanceTypes.name());
        }
        return arrayList;
    }

    private List<String> getMissingPermissionsForASG() {
        AmazonAutoScalingClient createClient = new AutoScalingGroupFleet().createClient(this.awsCrendentialsId, this.regionName, this.endpoint);
        ArrayList arrayList = new ArrayList();
        if (!hasDescribeAutoScalingGroupsPermission(createClient)) {
            arrayList.add(FleetAPI.DescribeAutoScalingGroups.name());
        }
        return arrayList;
    }

    private List<String> getMissingPermissionsForEC2Fleet(AmazonEC2 amazonEC2, String str) {
        ArrayList arrayList = new ArrayList();
        if (!hasDescribeEC2FleetRequestsPermission(amazonEC2, str)) {
            arrayList.add(FleetAPI.DescribeFleets.name());
        }
        if (!hasDescribeEC2FleetInstancesPermission(amazonEC2, str)) {
            arrayList.add(FleetAPI.DescribeFleetInstances.name());
        }
        if (!hasModifyEC2FleetRequestPermission(amazonEC2, str)) {
            arrayList.add(FleetAPI.ModifyFleet.name());
        }
        return arrayList;
    }

    private boolean hasModifyEC2FleetRequestPermission(AmazonEC2 amazonEC2, String str) {
        return amazonEC2.dryRun(new ModifyFleetRequest().withFleetId(str)).getDryRunResponse().getStatusCode() != UNAUTHORIZED_STATUS_CODE;
    }

    private boolean hasDescribeEC2FleetInstancesPermission(AmazonEC2 amazonEC2, String str) {
        return amazonEC2.dryRun(new DescribeFleetInstancesRequest().withFleetId(str)).getDryRunResponse().getStatusCode() != UNAUTHORIZED_STATUS_CODE;
    }

    private boolean hasDescribeEC2FleetRequestsPermission(AmazonEC2 amazonEC2, String str) {
        return amazonEC2.dryRun(new DescribeFleetsRequest().withFleetIds(new String[]{str})).getDryRunResponse().getStatusCode() != UNAUTHORIZED_STATUS_CODE;
    }

    private boolean hasModifySpotFleetRequestPermission(AmazonEC2 amazonEC2, String str) {
        return amazonEC2.dryRun(new ModifySpotFleetRequestRequest().withSpotFleetRequestId(str)).getDryRunResponse().getStatusCode() != UNAUTHORIZED_STATUS_CODE;
    }

    private boolean hasDescribeSpotFleetInstancesPermission(AmazonEC2 amazonEC2, String str) {
        return amazonEC2.dryRun(new DescribeSpotFleetInstancesRequest().withSpotFleetRequestId(str)).getDryRunResponse().getStatusCode() != UNAUTHORIZED_STATUS_CODE;
    }

    private boolean hasDescribeSpotFleetRequestsPermission(AmazonEC2 amazonEC2, String str) {
        return amazonEC2.dryRun(new DescribeSpotFleetRequestsRequest().withSpotFleetRequestIds(new String[]{str})).getDryRunResponse().getStatusCode() != UNAUTHORIZED_STATUS_CODE;
    }

    private boolean hasDescribeAutoScalingGroupsPermission(AmazonAutoScalingClient amazonAutoScalingClient) {
        try {
            amazonAutoScalingClient.describeAutoScalingGroups();
            return Boolean.TRUE.booleanValue();
        } catch (AmazonAutoScalingException e) {
            return e.getStatusCode() != UNAUTHORIZED_STATUS_CODE;
        }
    }

    private boolean hasCreateTagsPermissions(AmazonEC2 amazonEC2) {
        return amazonEC2.dryRun(new CreateTagsRequest().withTags(new Tag[]{new Tag().withKey("instanceId").withValue("i-1234")})).getDryRunResponse().getStatusCode() != UNAUTHORIZED_STATUS_CODE;
    }

    private boolean hasDescribeInstancePermission(AmazonEC2 amazonEC2) {
        return amazonEC2.dryRun(new DescribeInstancesRequest()).getDryRunResponse().getStatusCode() != UNAUTHORIZED_STATUS_CODE;
    }

    private boolean hasDescribeInstanceTypesPermission(AmazonEC2 amazonEC2) {
        return amazonEC2.dryRun(new DescribeInstanceTypesRequest()).getDryRunResponse().getStatusCode() != UNAUTHORIZED_STATUS_CODE;
    }
}
