package com.github.autoscaler.scaler.kubernetes;

import com.github.autoscaler.kubernetes.shared.K8sAutoscaleConfiguration;
import com.hpe.caf.api.HealthResult;
import com.hpe.caf.api.HealthStatus;
import io.kubernetes.client.extended.kubectl.Kubectl;
import io.kubernetes.client.extended.kubectl.exception.KubectlException;
import io.kubernetes.client.openapi.ApiException;
import io.kubernetes.client.openapi.apis.AuthorizationV1Api;
import io.kubernetes.client.openapi.models.V1ResourceAttributes;
import io.kubernetes.client.openapi.models.V1SelfSubjectAccessReview;
import io.kubernetes.client.openapi.models.V1SelfSubjectAccessReviewSpec;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/autoscaler/scaler/kubernetes/K8sHealthCheck.class */
final class K8sHealthCheck {
    private static final Logger LOG = LoggerFactory.getLogger(K8sHealthCheck.class);

    private K8sHealthCheck() {
    }

    public static HealthResult healthCheck(K8sAutoscaleConfiguration k8sAutoscaleConfiguration) {
        HealthResult checkConnection = checkConnection();
        return checkConnection == HealthResult.RESULT_HEALTHY ? checkPermissions(k8sAutoscaleConfiguration) : checkConnection;
    }

    private static HealthResult checkConnection() {
        try {
            Kubectl.version().execute();
            return HealthResult.RESULT_HEALTHY;
        } catch (KubectlException e) {
            LOG.warn("Connection failure to kubernetes", e);
            return new HealthResult(HealthStatus.UNHEALTHY, "Cannot connect to Kubernetes");
        }
    }

    private static HealthResult checkPermissions(K8sAutoscaleConfiguration k8sAutoscaleConfiguration) {
        List<String> namespacesArray = k8sAutoscaleConfiguration.getNamespacesArray();
        if (namespacesArray.isEmpty()) {
            return new HealthResult(HealthStatus.UNHEALTHY, "Error: No namespaces were found");
        }
        for (String str : namespacesArray) {
            V1ResourceAttributes v1ResourceAttributes = new V1ResourceAttributes();
            v1ResourceAttributes.setGroup("apps");
            v1ResourceAttributes.setResource("deployments");
            v1ResourceAttributes.setVerb("patch");
            v1ResourceAttributes.setNamespace(str);
            V1SelfSubjectAccessReviewSpec v1SelfSubjectAccessReviewSpec = new V1SelfSubjectAccessReviewSpec();
            v1SelfSubjectAccessReviewSpec.setResourceAttributes(v1ResourceAttributes);
            V1SelfSubjectAccessReview v1SelfSubjectAccessReview = new V1SelfSubjectAccessReview();
            v1SelfSubjectAccessReview.setApiVersion("authorization.k8s.io/v1");
            v1SelfSubjectAccessReview.setKind("SelfSubjectAccessReview");
            v1SelfSubjectAccessReview.setSpec(v1SelfSubjectAccessReviewSpec);
            try {
                V1SelfSubjectAccessReview execute = new AuthorizationV1Api().createSelfSubjectAccessReview(v1SelfSubjectAccessReview).dryRun("All").fieldManager((String) null).fieldValidation((String) null).pretty("true").execute();
                if (execute.getStatus() == null || !execute.getStatus().getAllowed().booleanValue()) {
                    String format = String.format("Error: Kubernetes Service Account does not have correct permissions: %s", StringUtils.normalizeSpace(execute.toString()));
                    LOG.warn(format);
                    return new HealthResult(HealthStatus.UNHEALTHY, format);
                }
            } catch (ApiException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
        return HealthResult.RESULT_HEALTHY;
    }
}
