package org.csanchez.jenkins.plugins.kubernetes;

import com.cloudbees.plugins.credentials.CredentialsMatcher;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
import com.google.common.collect.Sets;
import hudson.AbortException;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.Util;
import hudson.model.AbstractProject;
import hudson.model.Item;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.security.ACL;
import hudson.tasks.BuildWrapperDescriptor;
import hudson.util.ListBoxModel;
import java.io.ByteArrayOutputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Nonnull;
import jenkins.authentication.tokens.api.AuthenticationTokens;
import jenkins.model.Jenkins;
import jenkins.tasks.SimpleBuildWrapper;
import org.csanchez.jenkins.plugins.kubernetes.pipeline.Constants;
import org.jenkinsci.plugins.kubernetes.auth.KubernetesAuth;
import org.jenkinsci.plugins.kubernetes.auth.KubernetesAuthConfig;
import org.jenkinsci.plugins.kubernetes.auth.KubernetesAuthException;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:WEB-INF/lib/kubernetes.jar:org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper.class */
public class KubectlBuildWrapper extends SimpleBuildWrapper {
    private String serverUrl;
    private String credentialsId;
    private String caCertificate;

    /* loaded from: input_file:WEB-INF/lib/kubernetes.jar:org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper$CleanupDisposer.class */
    private static class CleanupDisposer extends SimpleBuildWrapper.Disposer {
        private static final long serialVersionUID = 3006113419319201358L;
        private Set<String> configFiles;

        public CleanupDisposer(Set<String> set) {
            this.configFiles = set;
        }

        public void tearDown(Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener) throws IOException, InterruptedException {
            Iterator<String> it = this.configFiles.iterator();
            while (it.hasNext()) {
                filePath.child(it.next()).delete();
            }
        }
    }

    @Extension
    /* loaded from: input_file:WEB-INF/lib/kubernetes.jar:org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper$DescriptorImpl.class */
    public static class DescriptorImpl extends BuildWrapperDescriptor {
        public boolean isApplicable(AbstractProject<?, ?> abstractProject) {
            return true;
        }

        public String getDisplayName() {
            return "Setup Kubernetes CLI (kubectl)";
        }

        public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item, @QueryParameter String str, @QueryParameter String str2) {
            if (item != null ? !item.hasPermission(Item.EXTENDED_READ) : !Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
                return new StandardListBoxModel().includeCurrentValue(str2);
            }
            StandardListBoxModel standardListBoxModel = new StandardListBoxModel();
            standardListBoxModel.includeEmptyValue();
            standardListBoxModel.includeMatchingAs(ACL.SYSTEM, item, StandardCredentials.class, URIRequirementBuilder.fromUri(str).build(), CredentialsMatchers.anyOf(new CredentialsMatcher[]{CredentialsMatchers.instanceOf(org.jenkinsci.plugins.kubernetes.credentials.TokenProducer.class), AuthenticationTokens.matcher(KubernetesAuth.class)}));
            return standardListBoxModel;
        }
    }

    @DataBoundConstructor
    public KubectlBuildWrapper(@Nonnull String str, @Nonnull String str2, @Nonnull String str3) {
        this.serverUrl = str;
        this.credentialsId = Util.fixEmpty(str2);
        this.caCertificate = Util.fixEmptyAndTrim(str3);
    }

    public String getServerUrl() {
        return this.serverUrl;
    }

    public String getCredentialsId() {
        return this.credentialsId;
    }

    public String getCaCertificate() {
        return this.caCertificate;
    }

    protected Object readResolve() {
        this.credentialsId = Util.fixEmpty(this.credentialsId);
        this.caCertificate = Util.fixEmptyAndTrim(this.caCertificate);
        return this;
    }

    public void setUp(SimpleBuildWrapper.Context context, Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener, EnvVars envVars) throws IOException, InterruptedException {
        if (this.credentialsId == null) {
            throw new AbortException("No credentials defined to setup Kubernetes CLI");
        }
        FilePath createTempFile = filePath.createTempFile(".kube", "config");
        HashSet newHashSet = Sets.newHashSet(new String[]{createTempFile.getRemote()});
        context.env("KUBECONFIG", createTempFile.getRemote());
        context.setDisposer(new CleanupDisposer(newHashSet));
        StandardCredentials findCredentialById = CredentialsProvider.findCredentialById(this.credentialsId, StandardCredentials.class, run, Collections.emptyList());
        if (findCredentialById == null) {
            throw new AbortException("No credentials found for id \"" + this.credentialsId + "\"");
        }
        KubernetesAuth kubernetesAuth = (KubernetesAuth) AuthenticationTokens.convert(KubernetesAuth.class, findCredentialById);
        if (kubernetesAuth == null) {
            throw new AbortException("Unsupported Credentials type " + findCredentialById.getClass().getName());
        }
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(new FileOutputStream(createTempFile.getRemote()), "UTF-8");
        try {
            try {
                outputStreamWriter.write(kubernetesAuth.buildKubeConfig(new KubernetesAuthConfig(getServerUrl(), getCaCertificate(), getCaCertificate() == null)));
                outputStreamWriter.close();
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                int join = launcher.launch().cmdAsSingleString("kubectl version").stdout(byteArrayOutputStream).stderr(byteArrayOutputStream2).quiet(true).envs(new String[]{"KUBECONFIG=" + createTempFile.getRemote()}).join();
                if (join != 0) {
                    StringBuilder append = new StringBuilder("Failed to run \"").append("kubectl version").append("\". Returned status code ").append(join).append(".\n");
                    append.append("stdout:\n").append(byteArrayOutputStream).append(Constants.NEWLINE);
                    append.append("stderr:\n").append(byteArrayOutputStream2);
                    throw new AbortException(append.toString());
                }
            } catch (KubernetesAuthException e) {
                throw new AbortException(e.getMessage());
            }
        } catch (Throwable th) {
            try {
                outputStreamWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
