package io.quarkus.vault.runtime;

import io.quarkus.vault.VaultKubernetesAuthReactiveService;
import io.quarkus.vault.auth.VaultKubernetesAuthConfig;
import io.quarkus.vault.auth.VaultKubernetesAuthRole;
import io.quarkus.vault.client.VaultClient;
import io.quarkus.vault.client.api.auth.kubernetes.VaultAuthKubernetes;
import io.quarkus.vault.client.api.auth.kubernetes.VaultAuthKubernetesConfigureParams;
import io.quarkus.vault.client.api.auth.kubernetes.VaultAuthKubernetesUpdateRoleParams;
import io.quarkus.vault.client.api.common.VaultTokenType;
import io.smallrye.mutiny.Uni;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.util.List;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/vault/runtime/VaultKubernetesAuthManager.class */
public class VaultKubernetesAuthManager implements VaultKubernetesAuthReactiveService {
    private final VaultAuthKubernetes k8s;

    @Inject
    public VaultKubernetesAuthManager(VaultClient vaultClient, VaultConfigHolder vaultConfigHolder) {
        this.k8s = vaultClient.auth().kubernetes(vaultConfigHolder.getVaultRuntimeConfig().authentication().kubernetes().authMountPath());
    }

    @Override // io.quarkus.vault.VaultKubernetesAuthReactiveService
    public Uni<Void> configure(VaultKubernetesAuthConfig vaultKubernetesAuthConfig) {
        return Uni.createFrom().completionStage(this.k8s.configure(new VaultAuthKubernetesConfigureParams().setIssuer(vaultKubernetesAuthConfig.issuer).setKubernetesCaCert(vaultKubernetesAuthConfig.kubernetesCaCert).setKubernetesHost(vaultKubernetesAuthConfig.kubernetesHost).setPemKeys(vaultKubernetesAuthConfig.pemKeys).setTokenReviewerJwt(vaultKubernetesAuthConfig.tokenReviewerJwt)));
    }

    @Override // io.quarkus.vault.VaultKubernetesAuthReactiveService
    public Uni<VaultKubernetesAuthConfig> getConfig() {
        return Uni.createFrom().completionStage(this.k8s.readConfig()).map(vaultAuthKubernetesReadConfigResultData -> {
            return new VaultKubernetesAuthConfig().setKubernetesCaCert(vaultAuthKubernetesReadConfigResultData.getKubernetesCaCert()).setKubernetesHost(vaultAuthKubernetesReadConfigResultData.getKubernetesHost()).setIssuer(vaultAuthKubernetesReadConfigResultData.getIssuer()).setPemKeys(vaultAuthKubernetesReadConfigResultData.getPemKeys()).setTokenReviewerJwt(vaultAuthKubernetesReadConfigResultData.getTokenReviewerJwt());
        });
    }

    @Override // io.quarkus.vault.VaultKubernetesAuthReactiveService
    public Uni<VaultKubernetesAuthRole> getRole(String str) {
        return Uni.createFrom().completionStage(this.k8s.readRole(str)).map(vaultAuthKubernetesReadRoleResultData -> {
            return new VaultKubernetesAuthRole().setBoundServiceAccountNames(vaultAuthKubernetesReadRoleResultData.getBoundServiceAccountNames()).setBoundServiceAccountNamespaces(vaultAuthKubernetesReadRoleResultData.getBoundServiceAccountNamespaces()).setAudience(vaultAuthKubernetesReadRoleResultData.getAudience()).setTokenTtl(DurationHelper.toDurationSeconds(vaultAuthKubernetesReadRoleResultData.getTokenTtl())).setTokenMaxTtl(DurationHelper.toDurationSeconds(vaultAuthKubernetesReadRoleResultData.getTokenMaxTtl())).setTokenPolicies(vaultAuthKubernetesReadRoleResultData.getTokenPolicies()).setTokenBoundCidrs(vaultAuthKubernetesReadRoleResultData.getTokenBoundCidrs()).setTokenExplicitMaxTtl(DurationHelper.toDurationSeconds(vaultAuthKubernetesReadRoleResultData.getTokenExplicitMaxTtl())).setTokenNoDefaultPolicy(vaultAuthKubernetesReadRoleResultData.isTokenNoDefaultPolicy()).setTokenNumUses(vaultAuthKubernetesReadRoleResultData.getTokenNumUses()).setTokenPeriod(DurationHelper.toDurationSeconds(vaultAuthKubernetesReadRoleResultData.getTokenPeriod())).setTokenType(vaultAuthKubernetesReadRoleResultData.getTokenType() != null ? vaultAuthKubernetesReadRoleResultData.getTokenType().getValue() : null);
        });
    }

    @Override // io.quarkus.vault.VaultKubernetesAuthReactiveService
    public Uni<Void> createRole(String str, VaultKubernetesAuthRole vaultKubernetesAuthRole) {
        return Uni.createFrom().completionStage(this.k8s.updateRole(str, new VaultAuthKubernetesUpdateRoleParams().setBoundServiceAccountNames(vaultKubernetesAuthRole.boundServiceAccountNames).setBoundServiceAccountNamespaces(vaultKubernetesAuthRole.boundServiceAccountNamespaces).setAudience(vaultKubernetesAuthRole.audience).setTokenTtl(DurationHelper.fromVaultDuration(vaultKubernetesAuthRole.tokenTtl)).setTokenMaxTtl(DurationHelper.fromVaultDuration(vaultKubernetesAuthRole.tokenMaxTtl)).setTokenPolicies(vaultKubernetesAuthRole.tokenPolicies).setTokenBoundCidrs(vaultKubernetesAuthRole.tokenBoundCidrs).setTokenExplicitMaxTtl(DurationHelper.fromVaultDuration(vaultKubernetesAuthRole.tokenExplicitMaxTtl)).setTokenNoDefaultPolicy(vaultKubernetesAuthRole.tokenNoDefaultPolicy).setTokenNumUses(vaultKubernetesAuthRole.tokenNumUses).setTokenPeriod(DurationHelper.fromVaultDuration(vaultKubernetesAuthRole.tokenPeriod)).setTokenType(VaultTokenType.from(vaultKubernetesAuthRole.tokenType))));
    }

    @Override // io.quarkus.vault.VaultKubernetesAuthReactiveService
    public Uni<List<String>> getRoles() {
        return Uni.createFrom().completionStage(this.k8s.listRoles());
    }

    @Override // io.quarkus.vault.VaultKubernetesAuthReactiveService
    public Uni<Void> deleteRole(String str) {
        return Uni.createFrom().completionStage(this.k8s.deleteRole(str));
    }
}
