package io.quarkus.kubernetes.config.deployment;

import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.annotations.ExecutionTime;
import io.quarkus.deployment.annotations.Record;
import io.quarkus.deployment.builditem.RunTimeConfigBuilderBuildItem;
import io.quarkus.kubernetes.config.runtime.KubernetesConfigBuildTimeConfig;
import io.quarkus.kubernetes.config.runtime.KubernetesConfigRecorder;
import io.quarkus.kubernetes.config.runtime.KubernetesConfigSourceConfig;
import io.quarkus.kubernetes.config.runtime.KubernetesConfigSourceFactoryBuilder;
import io.quarkus.kubernetes.config.runtime.SecretsRoleConfig;
import io.quarkus.kubernetes.spi.KubernetesClusterRoleBuildItem;
import io.quarkus.kubernetes.spi.KubernetesRoleBindingBuildItem;
import io.quarkus.kubernetes.spi.KubernetesRoleBuildItem;
import io.quarkus.kubernetes.spi.KubernetesServiceAccountBuildItem;
import io.quarkus.kubernetes.spi.PolicyRule;
import java.util.List;

/* loaded from: input_file:io/quarkus/kubernetes/config/deployment/KubernetesConfigProcessor.class */
public class KubernetesConfigProcessor {
    private static final String ANY_TARGET = null;
    private static final List<PolicyRule> POLICY_RULE_FOR_ROLE = List.of(new PolicyRule(List.of(""), List.of("secrets"), List.of("get")));

    @BuildStep
    void configFactory(BuildProducer<RunTimeConfigBuilderBuildItem> buildProducer) {
        buildProducer.produce(new RunTimeConfigBuilderBuildItem(KubernetesConfigSourceFactoryBuilder.class.getName()));
    }

    @BuildStep
    @Record(ExecutionTime.RUNTIME_INIT)
    public void handleAccessToSecrets(KubernetesConfigBuildTimeConfig kubernetesConfigBuildTimeConfig, KubernetesConfigSourceConfig kubernetesConfigSourceConfig, BuildProducer<KubernetesRoleBuildItem> buildProducer, BuildProducer<KubernetesClusterRoleBuildItem> buildProducer2, BuildProducer<KubernetesServiceAccountBuildItem> buildProducer3, BuildProducer<KubernetesRoleBindingBuildItem> buildProducer4, KubernetesConfigRecorder kubernetesConfigRecorder) {
        if (kubernetesConfigBuildTimeConfig.secretsEnabled()) {
            SecretsRoleConfig secretsRoleConfig = kubernetesConfigBuildTimeConfig.secretsRoleConfig();
            String name = secretsRoleConfig.name();
            if (secretsRoleConfig.generate()) {
                if (secretsRoleConfig.clusterWide()) {
                    buildProducer2.produce(new KubernetesClusterRoleBuildItem(name, POLICY_RULE_FOR_ROLE, ANY_TARGET));
                } else {
                    buildProducer.produce(new KubernetesRoleBuildItem(name, (String) secretsRoleConfig.namespace().orElse(null), POLICY_RULE_FOR_ROLE, ANY_TARGET));
                }
            }
            buildProducer3.produce(new KubernetesServiceAccountBuildItem(true));
            buildProducer4.produce(new KubernetesRoleBindingBuildItem(name, secretsRoleConfig.clusterWide()));
        }
        kubernetesConfigRecorder.warnAboutSecrets(kubernetesConfigBuildTimeConfig, kubernetesConfigSourceConfig);
    }
}
