package org.apache.beam.it.gcp.secretmanager;

import com.google.api.gax.core.CredentialsProvider;
import com.google.cloud.secretmanager.v1.ProjectName;
import com.google.cloud.secretmanager.v1.Replication;
import com.google.cloud.secretmanager.v1.Secret;
import com.google.cloud.secretmanager.v1.SecretManagerServiceClient;
import com.google.cloud.secretmanager.v1.SecretName;
import com.google.cloud.secretmanager.v1.SecretPayload;
import com.google.cloud.secretmanager.v1.SecretVersionName;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.protobuf.ByteString;
import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.apache.beam.it.common.ResourceManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/beam/it/gcp/secretmanager/SecretManagerResourceManager.class */
public class SecretManagerResourceManager implements ResourceManager {
    private static final Logger LOG = LoggerFactory.getLogger(SecretManagerResourceManager.class);
    private final String projectId;
    private final SecretManagerServiceClient secretManagerServiceClient;
    private final Set<String> createdSecretIds;

    /* loaded from: input_file:org/apache/beam/it/gcp/secretmanager/SecretManagerResourceManager$Builder.class */
    public static final class Builder {
        private final String projectId;
        private CredentialsProvider credentialsProvider;

        private Builder(String str, CredentialsProvider credentialsProvider) {
            this.projectId = str;
            this.credentialsProvider = credentialsProvider;
        }

        public Builder credentialsProvider(CredentialsProvider credentialsProvider) {
            this.credentialsProvider = credentialsProvider;
            return this;
        }

        public SecretManagerResourceManager build() throws IOException {
            if (this.credentialsProvider == null) {
                throw new IllegalArgumentException("Unable to find credentials. Please provide credentials to authenticate to GCP");
            }
            return new SecretManagerResourceManager(this);
        }
    }

    private SecretManagerResourceManager(Builder builder) throws IOException {
        this(builder.projectId, SecretManagerServiceClient.create());
    }

    @VisibleForTesting
    public SecretManagerResourceManager(String str, SecretManagerServiceClient secretManagerServiceClient) {
        this.projectId = str;
        this.secretManagerServiceClient = secretManagerServiceClient;
        this.createdSecretIds = Collections.synchronizedSet(new HashSet());
    }

    public static Builder builder(String str, CredentialsProvider credentialsProvider) {
        Preconditions.checkArgument(!str.isEmpty(), "projectId can not be empty");
        return new Builder(str, credentialsProvider);
    }

    public void createSecret(String str, String str2) {
        Preconditions.checkArgument(!str.isEmpty(), "secretId can not be empty");
        Preconditions.checkArgument(!str2.isEmpty(), "secretData can not be empty");
        try {
            checkIsUsable();
            this.secretManagerServiceClient.addSecretVersion(this.secretManagerServiceClient.createSecret(ProjectName.of(this.projectId), str, Secret.newBuilder().setReplication(Replication.newBuilder().setAutomatic(Replication.Automatic.newBuilder().build()).build()).build()).getName(), SecretPayload.newBuilder().setData(ByteString.copyFromUtf8(str2)).build());
            this.createdSecretIds.add(str);
            LOG.info("Created secret successfully.");
        } catch (Exception e) {
            throw new SecretManagerResourceManagerException("Error while creating secret", e);
        }
    }

    public void addSecretVersion(String str, String str2) {
        Preconditions.checkArgument(!str.isEmpty(), "secretId can not be empty");
        Preconditions.checkArgument(!str2.isEmpty(), "secretData can not be empty");
        checkIsUsable();
        try {
            this.secretManagerServiceClient.addSecretVersion(SecretName.of(this.projectId, str), SecretPayload.newBuilder().setData(ByteString.copyFromUtf8(str2)).build());
        } catch (Exception e) {
            throw new SecretManagerResourceManagerException("Error while adding version to a secret", e);
        }
    }

    public String accessSecret(String str) {
        Preconditions.checkArgument(!str.isEmpty(), "secretVersion can not be empty");
        checkIsUsable();
        try {
            if (SecretVersionName.isParsableFrom(str)) {
                return this.secretManagerServiceClient.accessSecretVersion(SecretVersionName.parse(str)).getPayload().getData().toStringUtf8();
            }
            throw new IllegalArgumentException("Provided Secret must be in the form projects/{project}/secrets/{secret}/versions/{secret_version}");
        } catch (Exception e) {
            throw new SecretManagerResourceManagerException("Error while accessing a secret version", e);
        }
    }

    public void enableSecretVersion(String str) {
        checkIsUsable();
        if (!SecretVersionName.isParsableFrom(str)) {
            throw new IllegalArgumentException("Provided Secret must be in the form projects/{project}/secrets/{secret}/versions/{secret_version}");
        }
        LOG.info("The current state of secret version is '{}'", this.secretManagerServiceClient.enableSecretVersion(SecretVersionName.parse(str)).getState().toString());
    }

    public void disableSecretVersion(String str) {
        checkIsUsable();
        if (!SecretVersionName.isParsableFrom(str)) {
            throw new IllegalArgumentException("Provided Secret must be in the form projects/{project}/secrets/{secret}/versions/{secret_version}");
        }
        LOG.info("The current state of secret version is '{}'", this.secretManagerServiceClient.disableSecretVersion(SecretVersionName.parse(str)).getState().toString());
    }

    public void destroySecretVersion(String str) {
        checkIsUsable();
        if (!SecretVersionName.isParsableFrom(str)) {
            throw new IllegalArgumentException("Provided Secret must be in the form projects/{project}/secrets/{secret}/versions/{secret_version}");
        }
        LOG.info("The current state of secret version is '{}'", this.secretManagerServiceClient.destroySecretVersion(SecretVersionName.parse(str)).getState().toString());
    }

    public void deleteSecret(String str) {
        checkIsUsable();
        try {
            this.secretManagerServiceClient.deleteSecret(SecretName.of(this.projectId, str));
            this.createdSecretIds.remove(str);
            LOG.info("Successfully deleted secret");
        } catch (Exception e) {
            throw new SecretManagerResourceManagerException("Error while deleting a secret", e);
        }
    }

    public synchronized void cleanupAll() {
        LOG.info("Attempting to cleanup manager.");
        try {
            for (String str : this.createdSecretIds) {
                LOG.info("Deleting secretId '{}'", str);
                deleteSecret(str);
            }
            LOG.info("Manager successfully cleaned up.");
        } finally {
            this.secretManagerServiceClient.close();
        }
    }

    private void checkIsUsable() throws IllegalStateException {
        if (isNotUsable()) {
            throw new IllegalStateException("Manager has cleaned up resources and is unusable.");
        }
    }

    private boolean isNotUsable() {
        return this.secretManagerServiceClient.isShutdown() || this.secretManagerServiceClient.isTerminated();
    }
}
