package org.apache.hadoop.ozone.om.request.s3.tenant;

import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import java.io.IOException;
import java.nio.file.InvalidPathException;
import java.util.HashMap;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.hdds.utils.db.cache.CacheKey;
import org.apache.hadoop.hdds.utils.db.cache.CacheValue;
import org.apache.hadoop.ozone.audit.OMAction;
import org.apache.hadoop.ozone.om.OMMetadataManager;
import org.apache.hadoop.ozone.om.OMMetrics;
import org.apache.hadoop.ozone.om.OMMultiTenantManager;
import org.apache.hadoop.ozone.om.OzoneManager;
import org.apache.hadoop.ozone.om.S3SecretManager;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.om.helpers.OmDBAccessIdInfo;
import org.apache.hadoop.ozone.om.helpers.OmDBUserPrincipalInfo;
import org.apache.hadoop.ozone.om.lock.OzoneManagerLock;
import org.apache.hadoop.ozone.om.request.OMClientRequest;
import org.apache.hadoop.ozone.om.request.util.OmResponseUtil;
import org.apache.hadoop.ozone.om.response.OMClientResponse;
import org.apache.hadoop.ozone.om.response.s3.tenant.OMTenantRevokeUserAccessIdResponse;
import org.apache.hadoop.ozone.om.upgrade.BelongsToLayoutVersion;
import org.apache.hadoop.ozone.om.upgrade.DisallowedUntilLayoutVersion;
import org.apache.hadoop.ozone.om.upgrade.OMLayoutFeature;
import org.apache.hadoop.ozone.om.upgrade.OMLayoutFeatureAspect;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.reflect.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/ozone/om/request/s3/tenant/OMTenantRevokeUserAccessIdRequest.class */
public class OMTenantRevokeUserAccessIdRequest extends OMClientRequest {
    public static final Logger LOG;
    static final /* synthetic */ boolean $assertionsDisabled;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_0;

    static {
        ajc$preClinit();
        $assertionsDisabled = !OMTenantRevokeUserAccessIdRequest.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(OMTenantRevokeUserAccessIdRequest.class);
    }

    public OMTenantRevokeUserAccessIdRequest(OzoneManagerProtocolProtos.OMRequest oMRequest) {
        super(oMRequest);
    }

    @Override // org.apache.hadoop.ozone.om.request.OMClientRequest
    @DisallowedUntilLayoutVersion(OMLayoutFeature.MULTITENANCY_SCHEMA)
    public OzoneManagerProtocolProtos.OMRequest preExecute(OzoneManager ozoneManager) throws IOException {
        JoinPoint makeJP = Factory.makeJP(ajc$tjp_0, this, this, ozoneManager);
        OMLayoutFeatureAspect.aspectOf().checkLayoutFeature(makeJP);
        if (this != null && getClass().isAnnotationPresent(BelongsToLayoutVersion.class)) {
            OMLayoutFeatureAspect.aspectOf().beforeRequestApplyTxn(makeJP);
        }
        OzoneManagerProtocolProtos.OMRequest preExecute = super.preExecute(ozoneManager);
        OzoneManagerProtocolProtos.TenantRevokeUserAccessIdRequest tenantRevokeUserAccessIdRequest = preExecute.getTenantRevokeUserAccessIdRequest();
        String accessId = tenantRevokeUserAccessIdRequest.getAccessId();
        OmDBAccessIdInfo omDBAccessIdInfo = (OmDBAccessIdInfo) ozoneManager.getMetadataManager().getTenantAccessIdTable().get(accessId);
        OMMultiTenantManager multiTenantManager = ozoneManager.getMultiTenantManager();
        if (omDBAccessIdInfo == null) {
            throw new OMException("accessId '" + accessId + "' doesn't exist", OMException.ResultCodes.ACCESS_ID_NOT_FOUND);
        }
        String tenantId = tenantRevokeUserAccessIdRequest.getTenantId();
        if (StringUtils.isEmpty(tenantId)) {
            Optional<String> tenantForAccessID = multiTenantManager.getTenantForAccessID(accessId);
            if (!tenantForAccessID.isPresent()) {
                throw new OMException("accessId '" + accessId + "' is not assigned to any tenant", OMException.ResultCodes.TENANT_NOT_FOUND);
            }
            tenantId = (String) tenantForAccessID.get();
            if (!$assertionsDisabled && StringUtils.isEmpty(tenantId)) {
                throw new AssertionError();
            }
        }
        multiTenantManager.checkTenantExistence(tenantId);
        multiTenantManager.checkTenantAdmin(tenantId, false);
        if (omDBAccessIdInfo.getIsAdmin()) {
            throw new OMException("accessId '" + accessId + "' is a tenant admin of tenant'" + tenantId + "'. Please revoke its tenant admin privilege before revoking the accessId.", OMException.ResultCodes.PERMISSION_DENIED);
        }
        multiTenantManager.getAuthorizerLock().tryWriteLockInOMRequest();
        try {
            multiTenantManager.getAuthorizerOp().revokeUserAccessId(accessId, tenantId);
            return preExecute.toBuilder().setTenantRevokeUserAccessIdRequest(OzoneManagerProtocolProtos.TenantRevokeUserAccessIdRequest.newBuilder().setAccessId(accessId).setTenantId(tenantId).build()).build();
        } catch (Exception e) {
            multiTenantManager.getAuthorizerLock().unlockWriteInOMRequest();
            throw e;
        }
    }

    @Override // org.apache.hadoop.ozone.om.request.OMClientRequest
    public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager, long j) {
        OMMultiTenantManager multiTenantManager = ozoneManager.getMultiTenantManager();
        OMMetrics metrics = ozoneManager.getMetrics();
        metrics.incNumTenantRevokeUsers();
        OMTenantRevokeUserAccessIdResponse oMTenantRevokeUserAccessIdResponse = null;
        OzoneManagerProtocolProtos.OMResponse.Builder oMResponseBuilder = OmResponseUtil.getOMResponseBuilder(getOmRequest());
        HashMap hashMap = new HashMap();
        OMMetadataManager metadataManager = ozoneManager.getMetadataManager();
        OzoneManagerProtocolProtos.TenantRevokeUserAccessIdRequest tenantRevokeUserAccessIdRequest = getOmRequest().getTenantRevokeUserAccessIdRequest();
        String accessId = tenantRevokeUserAccessIdRequest.getAccessId();
        String tenantId = tenantRevokeUserAccessIdRequest.getTenantId();
        boolean z = false;
        Exception exc = null;
        String str = null;
        String str2 = null;
        try {
            try {
                str2 = ozoneManager.getMultiTenantManager().getTenantVolumeName(tenantId);
                mergeOmLockDetails(metadataManager.getLock().acquireWriteLock(OzoneManagerLock.Resource.VOLUME_LOCK, new String[]{str2}));
                z = getOmLockDetails().isLockAcquired();
                OmDBAccessIdInfo omDBAccessIdInfo = (OmDBAccessIdInfo) metadataManager.getTenantAccessIdTable().get(accessId);
                Preconditions.checkNotNull(omDBAccessIdInfo);
                str = omDBAccessIdInfo.getUserPrincipal();
                Preconditions.checkNotNull(str);
                OmDBUserPrincipalInfo omDBUserPrincipalInfo = (OmDBUserPrincipalInfo) metadataManager.getPrincipalToAccessIdsTable().getIfExist(str);
                Preconditions.checkNotNull(omDBUserPrincipalInfo);
                omDBUserPrincipalInfo.removeAccessId(accessId);
                metadataManager.getPrincipalToAccessIdsTable().addCacheEntry(new CacheKey(str), omDBUserPrincipalInfo.getAccessIds().size() > 0 ? CacheValue.get(j, omDBUserPrincipalInfo) : CacheValue.get(j));
                metadataManager.getTenantAccessIdTable().addCacheEntry(new CacheKey(accessId), CacheValue.get(j));
                S3SecretManager s3SecretManager = ozoneManager.getS3SecretManager();
                s3SecretManager.invalidateCacheEntry(accessId);
                multiTenantManager.getCacheOp().revokeUserAccessId(accessId, tenantId);
                oMResponseBuilder.setTenantRevokeUserAccessIdResponse(OzoneManagerProtocolProtos.TenantRevokeUserAccessIdResponse.newBuilder().build());
                oMTenantRevokeUserAccessIdResponse = new OMTenantRevokeUserAccessIdResponse(oMResponseBuilder.build(), accessId, str, omDBUserPrincipalInfo, s3SecretManager);
                if (z) {
                    Preconditions.checkNotNull(str2);
                    mergeOmLockDetails(metadataManager.getLock().releaseWriteLock(OzoneManagerLock.Resource.VOLUME_LOCK, new String[]{str2}));
                }
                multiTenantManager.getAuthorizerLock().unlockWriteInOMRequest();
                if (oMTenantRevokeUserAccessIdResponse != null) {
                    oMTenantRevokeUserAccessIdResponse.setOmLockDetails(getOmLockDetails());
                }
            } catch (IOException | InvalidPathException e) {
                exc = e;
                oMTenantRevokeUserAccessIdResponse = new OMTenantRevokeUserAccessIdResponse(createErrorOMResponse(oMResponseBuilder, exc));
                if (z) {
                    Preconditions.checkNotNull(str2);
                    mergeOmLockDetails(metadataManager.getLock().releaseWriteLock(OzoneManagerLock.Resource.VOLUME_LOCK, new String[]{str2}));
                }
                multiTenantManager.getAuthorizerLock().unlockWriteInOMRequest();
                if (oMTenantRevokeUserAccessIdResponse != null) {
                    oMTenantRevokeUserAccessIdResponse.setOmLockDetails(getOmLockDetails());
                }
            }
            hashMap.put("tenant", tenantId);
            hashMap.put("accessId", accessId);
            hashMap.put("userPrincipal", str);
            auditLog(ozoneManager.getAuditLogger(), buildAuditMessage(OMAction.TENANT_REVOKE_USER_ACCESSID, hashMap, exc, getOmRequest().getUserInfo()));
            if (exc == null) {
                LOG.info("Revoked user '{}' accessId '{}' to tenant '{}'", new Object[]{str, accessId, tenantId});
            } else {
                LOG.error("Failed to revoke user '{}' accessId '{}' to tenant '{}': {}", new Object[]{str, accessId, tenantId, exc.getMessage()});
                metrics.incNumTenantRevokeUserFails();
            }
            return oMTenantRevokeUserAccessIdResponse;
        } catch (Throwable th) {
            if (z) {
                Preconditions.checkNotNull(str2);
                mergeOmLockDetails(metadataManager.getLock().releaseWriteLock(OzoneManagerLock.Resource.VOLUME_LOCK, new String[]{str2}));
            }
            multiTenantManager.getAuthorizerLock().unlockWriteInOMRequest();
            if (oMTenantRevokeUserAccessIdResponse != null) {
                oMTenantRevokeUserAccessIdResponse.setOmLockDetails(getOmLockDetails());
            }
            throw th;
        }
    }

    private static /* synthetic */ void ajc$preClinit() {
        Factory factory = new Factory("OMTenantRevokeUserAccessIdRequest.java", OMTenantRevokeUserAccessIdRequest.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "preExecute", "org.apache.hadoop.ozone.om.request.s3.tenant.OMTenantRevokeUserAccessIdRequest", "org.apache.hadoop.ozone.om.OzoneManager", "ozoneManager", "java.io.IOException", "org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos$OMRequest"), 84);
    }
}
