package com.cloudera.cmon.firehose;

import com.cloudera.cmf.descriptors.ReadOnlyRoleDescriptor;
import com.cloudera.cmf.descriptors.ReadOnlyScmDescriptorPlus;
import com.cloudera.cmf.descriptors.ReadOnlyServiceDescriptor;
import com.cloudera.cmon.firehose.event.RoleDirUpdate;
import com.cloudera.cmon.firehose.event.RoleUpdate;
import com.cloudera.cmon.firehose.nozzle.DirectoryColocationViolation;
import com.cloudera.cmon.firehose.nozzle.DirectoryFilesystemTypeViolation;
import com.cloudera.cmon.firehose.nozzle.DirectoryMountOptionViolation;
import com.cloudera.cmon.firehose.nozzle.DirectoryMountPointViolation;
import com.cloudera.cmon.firehose.nozzle.DirectoryUnknownFilesystemTypeViolation;
import com.cloudera.cmon.firehose.nozzle.DirectoryViolation;
import com.cloudera.cmon.firehose.nozzle.RoleDirectoryViolations;
import com.cloudera.cmon.kaiser.RoleDirectoryPolicy;
import com.cloudera.cmon.kaiser.SubjectType;
import com.cloudera.enterprise.JsonUtil2;
import com.cloudera.enterprise.ThrottlingLogger;
import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedSet;
import org.joda.time.Duration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/cmon/firehose/RoleDirectoryViolationChecker.class */
public class RoleDirectoryViolationChecker {
    private static final Logger LOG = LoggerFactory.getLogger(RoleDirectoryViolationChecker.class);
    private static final Logger THROTTLING_LOGGER = new ThrottlingLogger(LOG, Duration.standardMinutes(30));
    private static final String UNKNOWN_DIR_TYPE = "UNKNOWN";
    private final ReadOnlyScmDescriptorPlus descriptor;
    private final Map<String, RoleDirectoryViolations> role2violationMap;
    private final List<RoleUpdate> roleUpdates;
    private final Map<String, Map<String, List<String>>> partition2Directory;

    public RoleDirectoryViolationChecker(ReadOnlyScmDescriptorPlus readOnlyScmDescriptorPlus) {
        Preconditions.checkNotNull(readOnlyScmDescriptorPlus);
        this.descriptor = readOnlyScmDescriptorPlus;
        this.role2violationMap = Maps.newHashMap();
        this.roleUpdates = Lists.newArrayList();
        this.partition2Directory = Maps.newHashMap();
    }

    public void addRoleDirectoryUpdate(RoleUpdate roleUpdate) {
        this.roleUpdates.add(roleUpdate);
        if (((ReadOnlyRoleDescriptor) this.descriptor.getRoles().get(roleUpdate.getRolename())) == null) {
            return;
        }
        for (RoleDirUpdate roleDirUpdate : roleUpdate.getDirUpdates()) {
            String partition = roleDirUpdate.getPartition();
            if (!this.partition2Directory.containsKey(partition)) {
                this.partition2Directory.put(partition, Maps.newHashMap());
            }
            String directoryType = roleDirUpdate.getDirectoryType();
            if (directoryType == null) {
                directoryType = UNKNOWN_DIR_TYPE;
            }
            List<String> list = this.partition2Directory.get(partition).get(directoryType);
            if (list == null) {
                list = Lists.newArrayList();
            }
            list.add(roleDirUpdate.getPath());
            this.partition2Directory.get(partition).put(directoryType, list);
        }
    }

    private void addViolationsForDir(ReadOnlyRoleDescriptor readOnlyRoleDescriptor, ReadOnlyServiceDescriptor readOnlyServiceDescriptor, RoleDirUpdate roleDirUpdate, Map<String, List<DirectoryViolation>> map) {
        String directoryType = roleDirUpdate.getDirectoryType();
        List<DirectoryViolation> list = map.get(directoryType);
        if (list == null) {
            list = Lists.newArrayList();
            map.put(directoryType, list);
        }
        try {
            RoleDirectoryPolicy roleDirectoryPolicy = (RoleDirectoryPolicy) JsonUtil2.valueFromString(RoleDirectoryPolicy.class, this.descriptor.getConfigForRole(readOnlyRoleDescriptor.getName(), readOnlyServiceDescriptor.getServiceType(), readOnlyRoleDescriptor.getRoleType(), readOnlyServiceDescriptor.getServiceVersion(), SubjectType.getDirectoryPolicyName(directoryType)));
            addMountPointViolation(roleDirUpdate, roleDirectoryPolicy, list);
            addMountOptionViolation(roleDirUpdate, roleDirectoryPolicy, list);
            addColocationViolation(roleDirUpdate, roleDirectoryPolicy, list);
            addForbiddenFilesystemViolation(roleDirUpdate, roleDirectoryPolicy, list);
        } catch (Exception e) {
            THROTTLING_LOGGER.warn("Unable to parse role directory policy for directory type" + directoryType);
        }
    }

    private void addForbiddenFilesystemViolation(RoleDirUpdate roleDirUpdate, RoleDirectoryPolicy roleDirectoryPolicy, List<DirectoryViolation> list) {
        String fstype = roleDirUpdate.getFstype();
        SortedSet forbiddenFsTypes = roleDirectoryPolicy.getForbiddenFsTypes();
        if (forbiddenFsTypes == null) {
            return;
        }
        if (fstype == null) {
            list.add(DirectoryViolation.newBuilder().setPath(roleDirUpdate.getPath()).setDetails(DirectoryUnknownFilesystemTypeViolation.newBuilder().build()).build());
        } else if (forbiddenFsTypes.contains(fstype)) {
            list.add(DirectoryViolation.newBuilder().setPath(roleDirUpdate.getPath()).setDetails(DirectoryFilesystemTypeViolation.newBuilder().setIllegalFsType(roleDirUpdate.getFstype()).build()).build());
        }
    }

    private void addMountOptionViolation(RoleDirUpdate roleDirUpdate, RoleDirectoryPolicy roleDirectoryPolicy, List<DirectoryViolation> list) {
        HashSet newHashSet = Sets.newHashSet(roleDirUpdate.getMountOptions().split(","));
        DirectoryMountOptionViolation.Builder newBuilder = DirectoryMountOptionViolation.newBuilder();
        String join = Joiner.on(",").join(Sets.intersection(newHashSet, roleDirectoryPolicy.getForbiddenMountOptions()));
        String join2 = Joiner.on(",").join(Sets.difference(roleDirectoryPolicy.getRequiredMountOptions(), newHashSet));
        if (join.isEmpty() && join2.isEmpty()) {
            return;
        }
        newBuilder.setIllegalMountOptions(join).setMissingMountOptions(join2);
        list.add(DirectoryViolation.newBuilder().setPath(roleDirUpdate.getPath()).setDetails(newBuilder.build()).build());
    }

    private void addMountPointViolation(RoleDirUpdate roleDirUpdate, RoleDirectoryPolicy roleDirectoryPolicy, List<DirectoryViolation> list) {
        String mountpoint = roleDirUpdate.getMountpoint();
        if (roleDirectoryPolicy.getForbiddenMountPoints().contains(mountpoint)) {
            list.add(DirectoryViolation.newBuilder().setPath(roleDirUpdate.getPath()).setDetails(DirectoryMountPointViolation.newBuilder().setMountPoint(mountpoint).build()).build());
        }
    }

    private void addColocationViolation(RoleDirUpdate roleDirUpdate, RoleDirectoryPolicy roleDirectoryPolicy, List<DirectoryViolation> list) {
        HashMap newHashMap = Maps.newHashMap();
        Set difference = Sets.difference(Sets.newHashSet(this.partition2Directory.get(roleDirUpdate.getPartition()).keySet()), ImmutableSet.of(roleDirUpdate.getDirectoryType()));
        Set<String> intersection = roleDirectoryPolicy.getForbiddenColocatedDirectoryTypes().equals(RoleDirectoryPolicy.DEDICATED_DRIVE_REQUIRED) ? difference : Sets.intersection(roleDirectoryPolicy.getForbiddenColocatedDirectoryTypes(), difference);
        if (intersection.isEmpty()) {
            return;
        }
        for (String str : intersection) {
            newHashMap.put(str, Lists.newArrayList(this.partition2Directory.get(roleDirUpdate.getPartition()).get(str)));
        }
        list.add(DirectoryViolation.newBuilder().setPath(roleDirUpdate.getPath()).setDetails(DirectoryColocationViolation.newBuilder().setForbiddenColocatedDirectoryTypes(newHashMap).build()).build());
    }

    public Map<String, RoleDirectoryViolations> computeViolations() {
        for (RoleUpdate roleUpdate : this.roleUpdates) {
            HashMap newHashMap = Maps.newHashMap();
            ReadOnlyRoleDescriptor readOnlyRoleDescriptor = (ReadOnlyRoleDescriptor) this.descriptor.getRoles().get(roleUpdate.getRolename());
            if (readOnlyRoleDescriptor != null) {
                ReadOnlyServiceDescriptor service = this.descriptor.getService(readOnlyRoleDescriptor);
                SubjectType fromRoleType = SubjectType.fromRoleType(service.getServiceType(), readOnlyRoleDescriptor.getRoleType());
                if (fromRoleType != null) {
                    Set monitoredRoleDirectoryTypes = fromRoleType.getMonitoredRoleDirectoryTypes();
                    for (RoleDirUpdate roleDirUpdate : roleUpdate.getDirUpdates()) {
                        if (monitoredRoleDirectoryTypes.contains(roleDirUpdate.getDirectoryType())) {
                            addViolationsForDir(readOnlyRoleDescriptor, service, roleDirUpdate, newHashMap);
                        }
                    }
                    this.role2violationMap.put(readOnlyRoleDescriptor.getName(), RoleDirectoryViolations.newBuilder().setViolations(newHashMap).setChecksRun(true).build());
                }
            }
        }
        return this.role2violationMap;
    }
}
