package com.github.autoscaler.scaler.kubernetes;

import com.github.autoscaler.kubernetes.shared.K8sAutoscaleConfiguration;
import com.github.cafapi.common.api.HealthResult;
import com.github.cafapi.common.api.HealthStatus;
import com.github.cafapi.kubernetes.client.api.AuthorizationV1Api;
import com.github.cafapi.kubernetes.client.api.VersionApi;
import com.github.cafapi.kubernetes.client.client.ApiClient;
import com.github.cafapi.kubernetes.client.client.ApiException;
import com.github.cafapi.kubernetes.client.model.IoK8sApiAuthorizationV1ResourceAttributes;
import com.github.cafapi.kubernetes.client.model.IoK8sApiAuthorizationV1SelfSubjectAccessReview;
import com.github.cafapi.kubernetes.client.model.IoK8sApiAuthorizationV1SelfSubjectAccessReviewSpec;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/autoscaler/scaler/kubernetes/K8sHealthCheck.class */
final class K8sHealthCheck {
    private static final Logger LOG = LoggerFactory.getLogger(K8sHealthCheck.class);

    private K8sHealthCheck() {
    }

    public static HealthResult healthCheck(K8sAutoscaleConfiguration k8sAutoscaleConfiguration, ApiClient apiClient) {
        HealthResult checkConnection = checkConnection(apiClient);
        return checkConnection == HealthResult.RESULT_HEALTHY ? checkPermissions(k8sAutoscaleConfiguration, apiClient) : checkConnection;
    }

    private static HealthResult checkConnection(ApiClient apiClient) {
        try {
            new VersionApi(apiClient).getCodeVersion().execute();
            return HealthResult.RESULT_HEALTHY;
        } catch (ApiException e) {
            LOG.warn("Connection failure to kubernetes", e);
            return new HealthResult(HealthStatus.UNHEALTHY, "Cannot connect to Kubernetes");
        }
    }

    private static HealthResult checkPermissions(K8sAutoscaleConfiguration k8sAutoscaleConfiguration, ApiClient apiClient) {
        List<String> namespacesArray = k8sAutoscaleConfiguration.getNamespacesArray();
        if (namespacesArray.isEmpty()) {
            return new HealthResult(HealthStatus.UNHEALTHY, "Error: No namespaces were found");
        }
        for (String str : namespacesArray) {
            IoK8sApiAuthorizationV1ResourceAttributes ioK8sApiAuthorizationV1ResourceAttributes = new IoK8sApiAuthorizationV1ResourceAttributes();
            ioK8sApiAuthorizationV1ResourceAttributes.setGroup("apps");
            ioK8sApiAuthorizationV1ResourceAttributes.setResource("deployments");
            ioK8sApiAuthorizationV1ResourceAttributes.setVerb("patch");
            ioK8sApiAuthorizationV1ResourceAttributes.setNamespace(str);
            IoK8sApiAuthorizationV1SelfSubjectAccessReviewSpec ioK8sApiAuthorizationV1SelfSubjectAccessReviewSpec = new IoK8sApiAuthorizationV1SelfSubjectAccessReviewSpec();
            ioK8sApiAuthorizationV1SelfSubjectAccessReviewSpec.setResourceAttributes(ioK8sApiAuthorizationV1ResourceAttributes);
            IoK8sApiAuthorizationV1SelfSubjectAccessReview ioK8sApiAuthorizationV1SelfSubjectAccessReview = new IoK8sApiAuthorizationV1SelfSubjectAccessReview();
            ioK8sApiAuthorizationV1SelfSubjectAccessReview.setApiVersion("authorization.k8s.io/v1");
            ioK8sApiAuthorizationV1SelfSubjectAccessReview.setKind("SelfSubjectAccessReview");
            ioK8sApiAuthorizationV1SelfSubjectAccessReview.setSpec(ioK8sApiAuthorizationV1SelfSubjectAccessReviewSpec);
            try {
                AuthorizationV1Api.APIcreateAuthorizationV1SelfSubjectAccessReviewRequest createAuthorizationV1SelfSubjectAccessReview = new AuthorizationV1Api(apiClient).createAuthorizationV1SelfSubjectAccessReview();
                createAuthorizationV1SelfSubjectAccessReview.dryRun("All");
                createAuthorizationV1SelfSubjectAccessReview.fieldManager((String) null);
                createAuthorizationV1SelfSubjectAccessReview.fieldValidation((String) null);
                createAuthorizationV1SelfSubjectAccessReview.pretty("true");
                createAuthorizationV1SelfSubjectAccessReview.body(ioK8sApiAuthorizationV1SelfSubjectAccessReview);
                IoK8sApiAuthorizationV1SelfSubjectAccessReview execute = createAuthorizationV1SelfSubjectAccessReview.execute();
                if (execute.getStatus() == null || !execute.getStatus().getAllowed().booleanValue()) {
                    String format = String.format("Error: Kubernetes Service Account does not have correct permissions: %s", StringUtils.normalizeSpace(execute.toString()));
                    LOG.warn(format);
                    return new HealthResult(HealthStatus.UNHEALTHY, format);
                }
            } catch (ApiException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
        return HealthResult.RESULT_HEALTHY;
    }
}
