package org.csanchez.jenkins.plugins.kubernetes;

import com.cloudbees.plugins.credentials.CredentialsMatcher;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.common.UsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import hudson.AbortException;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractProject;
import hudson.model.Item;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.security.ACL;
import hudson.tasks.BuildWrapperDescriptor;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import java.io.IOException;
import java.util.Collections;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import jenkins.tasks.SimpleBuildWrapper;
import org.acegisecurity.Authentication;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper.class */
public class KubectlBuildWrapper extends SimpleBuildWrapper {
    private final String serverUrl;
    private final String credentialsId;

    /* loaded from: input_file:org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper$CleanupDisposer.class */
    private static class CleanupDisposer extends SimpleBuildWrapper.Disposer {
        private String configFile;

        public CleanupDisposer(String str) {
            this.configFile = str;
        }

        public void tearDown(Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener) throws IOException, InterruptedException {
            filePath.child(this.configFile).delete();
        }
    }

    @Extension
    /* loaded from: input_file:org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper$DescriptorImpl.class */
    public static class DescriptorImpl extends BuildWrapperDescriptor {
        public boolean isApplicable(AbstractProject<?, ?> abstractProject) {
            return true;
        }

        public String getDisplayName() {
            return "Setup Kubernetes CLI (kubectl)";
        }

        public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item, @QueryParameter String str) {
            return new StandardListBoxModel().withEmptySelection().withMatching(CredentialsMatchers.anyOf(new CredentialsMatcher[]{CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class), CredentialsMatchers.instanceOf(TokenProducer.class)}), CredentialsProvider.lookupCredentials(StandardCredentials.class, item, (Authentication) null, URIRequirementBuilder.fromUri(str).build()));
        }
    }

    @DataBoundConstructor
    public KubectlBuildWrapper(@Nonnull String str, @Nonnull String str2) {
        this.serverUrl = str;
        this.credentialsId = str2;
    }

    public String getServerUrl() {
        return this.serverUrl;
    }

    public String getCredentialsId() {
        return this.credentialsId;
    }

    public void setUp(SimpleBuildWrapper.Context context, Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener, EnvVars envVars) throws IOException, InterruptedException {
        String str;
        FilePath createTempFile = filePath.createTempFile(".kube", "config");
        int join = launcher.launch().cmdAsSingleString("kubectl config --kubeconfig=" + createTempFile.getRemote() + " set-cluster k8s --server=" + this.serverUrl + " --insecure-skip-tls-verify=true").join();
        if (join != 0) {
            throw new IOException("Failed to run kubectl config " + join);
        }
        TokenProducer credentials = getCredentials();
        if (credentials == null) {
            throw new AbortException("No credentials defined to setup Kubernetes CLI");
        }
        if (credentials instanceof TokenProducer) {
            str = "--token=" + credentials.getToken(this.serverUrl, null, true);
        } else {
            if (!(credentials instanceof UsernamePasswordCredentials)) {
                throw new AbortException("Unsupported Credentials type " + credentials.getClass().getName());
            }
            UsernamePasswordCredentials usernamePasswordCredentials = (UsernamePasswordCredentials) credentials;
            str = "--username=" + usernamePasswordCredentials.getUsername() + " --password=" + Secret.toString(usernamePasswordCredentials.getPassword());
        }
        int join2 = launcher.launch().cmdAsSingleString("kubectl config --kubeconfig=" + createTempFile.getRemote() + " set-credentials cluster-admin " + str).masks(new boolean[]{false, false, false, false, false, false, true}).join();
        if (join2 != 0) {
            throw new IOException("Failed to run kubectl config " + join2);
        }
        int join3 = launcher.launch().cmdAsSingleString("kubectl config --kubeconfig=" + createTempFile.getRemote() + " set-context k8s --cluster=k8s --user=cluster-admin").join();
        if (join3 != 0) {
            throw new IOException("Failed to run kubectl config " + join3);
        }
        int join4 = launcher.launch().cmdAsSingleString("kubectl config --kubeconfig=" + createTempFile.getRemote() + " use-context k8s").join();
        if (join4 != 0) {
            throw new IOException("Failed to run kubectl config " + join4);
        }
        context.setDisposer(new CleanupDisposer(createTempFile.getRemote()));
        context.env("KUBECONFIG", createTempFile.getRemote());
    }

    @CheckForNull
    private StandardCredentials getCredentials() throws AbortException {
        if (StringUtils.isBlank(this.credentialsId)) {
            return null;
        }
        StandardCredentials firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StandardCredentials.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(this.credentialsId));
        if (firstOrNull == null) {
            throw new AbortException("No credentials found for id \"" + this.credentialsId + "\"");
        }
        return firstOrNull;
    }
}
