package eu.openanalytics.containerproxy.backend.docker;

import eu.openanalytics.containerproxy.ContainerFailedToStartException;
import eu.openanalytics.containerproxy.ContainerProxyException;
import eu.openanalytics.containerproxy.event.NewProxyEvent;
import eu.openanalytics.containerproxy.model.runtime.Container;
import eu.openanalytics.containerproxy.model.runtime.ExistingContainerInfo;
import eu.openanalytics.containerproxy.model.runtime.PortMappings;
import eu.openanalytics.containerproxy.model.runtime.Proxy;
import eu.openanalytics.containerproxy.model.runtime.ProxyStartupLog;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.BackendContainerName;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.BackendContainerNameKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.ContainerImageKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.InstanceIdKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.RuntimeValue;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.RuntimeValueKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.UserIdKey;
import eu.openanalytics.containerproxy.model.spec.ContainerSpec;
import eu.openanalytics.containerproxy.model.spec.DockerSwarmSecret;
import eu.openanalytics.containerproxy.model.spec.PortMapping;
import eu.openanalytics.containerproxy.model.spec.ProxySpec;
import eu.openanalytics.containerproxy.util.Retrying;
import java.io.IOException;
import java.io.OutputStream;
import java.net.URI;
import java.nio.channels.ClosedChannelException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.stream.Stream;
import javax.annotation.PostConstruct;
import org.mandas.docker.client.DockerClient;
import org.mandas.docker.client.exceptions.DockerException;
import org.mandas.docker.client.exceptions.ServiceNotFoundException;
import org.mandas.docker.client.messages.RegistryAuth;
import org.mandas.docker.client.messages.mount.Mount;
import org.mandas.docker.client.messages.swarm.DnsConfig;
import org.mandas.docker.client.messages.swarm.EndpointSpec;
import org.mandas.docker.client.messages.swarm.NetworkAttachmentConfig;
import org.mandas.docker.client.messages.swarm.PortConfig;
import org.mandas.docker.client.messages.swarm.Reservations;
import org.mandas.docker.client.messages.swarm.ResourceRequirements;
import org.mandas.docker.client.messages.swarm.Resources;
import org.mandas.docker.client.messages.swarm.RestartPolicy;
import org.mandas.docker.client.messages.swarm.SecretBind;
import org.mandas.docker.client.messages.swarm.SecretFile;
import org.mandas.docker.client.messages.swarm.Service;
import org.mandas.docker.client.messages.swarm.ServiceSpec;
import org.mandas.docker.client.messages.swarm.Task;
import org.mandas.docker.client.messages.swarm.TaskSpec;
import org.mandas.docker.client.messages.swarm.TaskStatus;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.ApplicationEvent;
import org.springframework.ldap.transaction.compensating.LdapTransactionUtils;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;

@ConditionalOnProperty(name = {"proxy.container-backend"}, havingValue = "docker-swarm")
@Component
/* loaded from: input_file:BOOT-INF/lib/containerproxy-1.2.0.jar:eu/openanalytics/containerproxy/backend/docker/DockerSwarmBackend.class */
public class DockerSwarmBackend extends AbstractDockerBackend {
    private int serviceWaitTime;
    private static final List<String> STARTING_STATES = List.of(TaskStatus.TASK_STATE_NEW, TaskStatus.TASK_STATE_PENDING, TaskStatus.TASK_STATE_ASSIGNED, TaskStatus.TASK_STATE_ACCEPTED, TaskStatus.TASK_STATE_READY, TaskStatus.TASK_STATE_PREPARING, TaskStatus.TASK_STATE_STARTING, TaskStatus.TASK_STATE_RUNNING);

    @Override // eu.openanalytics.containerproxy.backend.docker.AbstractDockerBackend, eu.openanalytics.containerproxy.backend.AbstractContainerBackend
    @PostConstruct
    public void initialize() {
        super.initialize();
        String str = null;
        try {
            str = this.dockerClient.inspectSwarm().id();
        } catch (Exception e) {
        }
        if (str == null) {
            throw new ContainerProxyException("Backend is not a Docker Swarm");
        }
        this.serviceWaitTime = ((Integer) this.environment.getProperty("proxy.docker.service-wait-time", Integer.class, 60000)).intValue();
    }

    @Override // eu.openanalytics.containerproxy.backend.AbstractContainerBackend
    public Proxy startContainer(Authentication authentication, Container container, ContainerSpec containerSpec, Proxy proxy, ProxySpec proxySpec, ProxyStartupLog.ProxyStartupLogBuilder proxyStartupLogBuilder) throws ContainerFailedToStartException {
        Container.ContainerBuilder builder = container.toBuilder();
        try {
            Mount[] mountArr = (Mount[]) containerSpec.getVolumes().mapOrNull(list -> {
                return (Mount[]) list.stream().map(str -> {
                    return str.split(":");
                }).map(strArr -> {
                    return Mount.builder().source(strArr[0]).target(strArr[1]).type(LdapTransactionUtils.BIND_METHOD_NAME).build();
                }).toArray(i -> {
                    return new Mount[i];
                });
            });
            Map<String, String> valueOrDefault = containerSpec.getLabels().getValueOrDefault(new HashMap());
            Stream.concat(proxy.getRuntimeValues().values().stream(), container.getRuntimeValues().values().stream()).forEach(runtimeValue -> {
                if (runtimeValue.getKey().getIncludeAsLabel().booleanValue() || runtimeValue.getKey().getIncludeAsAnnotation().booleanValue()) {
                    valueOrDefault.put(runtimeValue.getKey().getKeyAsLabel(), runtimeValue.toString());
                }
            });
            ArrayList arrayList = new ArrayList();
            Iterator<DockerSwarmSecret> it = containerSpec.getDockerSwarmSecrets().iterator();
            while (it.hasNext()) {
                arrayList.add(convertSecret(it.next()));
            }
            org.mandas.docker.client.messages.swarm.ContainerSpec build = org.mandas.docker.client.messages.swarm.ContainerSpec.builder().image(containerSpec.getImage().getValue()).labels(valueOrDefault).command(containerSpec.getCmd().getValueOrNull()).env(convertEnv(buildEnv(authentication, containerSpec, proxy))).dnsConfig(DnsConfig.builder().nameServers(containerSpec.getDns().getValueOrNull()).build()).mounts(mountArr).secrets(arrayList).user(containerSpec.getDockerUser().getValueOrNull()).build();
            ArrayList arrayList2 = new ArrayList(containerSpec.getNetworkConnections().getValueOrDefault(new ArrayList()).stream().map(str -> {
                return NetworkAttachmentConfig.builder().target(str).build();
            }).toList());
            if (containerSpec.getNetwork().isPresent()) {
                arrayList2.add(NetworkAttachmentConfig.builder().target(containerSpec.getNetwork().getValue()).build());
            } else if (this.containerNetwork != null) {
                arrayList2.add(NetworkAttachmentConfig.builder().target(this.containerNetwork).build());
            }
            Reservations.Builder builder2 = Reservations.builder();
            if (containerSpec.getCpuRequest().isPresent()) {
                builder2.nanoCpus(Long.valueOf(getCpuQuota(1000000000L, containerSpec.getCpuRequest().getValue())));
            }
            if (containerSpec.getMemoryRequest().isPresent()) {
                builder2.memoryBytes(memoryToBytes(containerSpec.getMemoryRequest().getValue()));
            }
            Resources.Builder builder3 = Resources.builder();
            if (containerSpec.getCpuLimit().isPresent()) {
                builder3.nanoCpus(Long.valueOf(getCpuQuota(1000000000L, containerSpec.getCpuLimit().getValue())));
            }
            if (containerSpec.getMemoryLimit().isPresent()) {
                builder3.memoryBytes(memoryToBytes(containerSpec.getMemoryLimit().getValue()));
            }
            String valueOrDefault2 = containerSpec.getResourceName().getValueOrDefault("sp-service-" + proxy.getId() + "-" + container.getIndex());
            ServiceSpec.Builder taskTemplate = ServiceSpec.builder().networks(arrayList2).name(valueOrDefault2).taskTemplate(TaskSpec.builder().containerSpec(build).restartPolicy(RestartPolicy.builder().condition("none").build()).resources(ResourceRequirements.builder().reservations(builder2.build()).limits(builder3.build()).build()).build());
            ArrayList arrayList3 = new ArrayList();
            HashMap hashMap = new HashMap();
            if (!isUseInternalNetwork()) {
                for (PortMapping portMapping : containerSpec.getPortMapping()) {
                    int intValue = this.portAllocator.allocate(this.portRangeFrom.intValue(), this.portRangeTo.intValue(), proxy.getId()).intValue();
                    arrayList3.add(PortConfig.builder().publishedPort(Integer.valueOf(intValue)).targetPort(portMapping.getPort()).build());
                    hashMap.put(portMapping.getPort(), Integer.valueOf(intValue));
                }
                taskTemplate.endpointSpec(EndpointSpec.builder().ports(arrayList3).build());
            }
            String id = (containerSpec.getDockerRegistryDomain() == null || containerSpec.getDockerRegistryUsername() == null || containerSpec.getDockerRegistryPassword() == null) ? this.dockerClient.createService(taskTemplate.build()).id() : this.dockerClient.createService(taskTemplate.build(), RegistryAuth.builder().serverAddress(containerSpec.getDockerRegistryDomain()).username(containerSpec.getDockerRegistryUsername()).password(containerSpec.getDockerRegistryPassword()).build()).id();
            proxyStartupLogBuilder.startingContainer(container.getIndex());
            builder.addRuntimeValue(new RuntimeValue(BackendContainerNameKey.inst, new BackendContainerName(valueOrDefault2)), false);
            this.applicationEventPublisher.publishEvent((ApplicationEvent) new NewProxyEvent(proxy.toBuilder().updateContainer(builder.build()).build(), authentication));
            if (!Retrying.retry((i, i2) -> {
                Task orElseThrow = this.dockerClient.listTasks(Task.Criteria.builder().serviceName(valueOrDefault2).build()).stream().findAny().orElseThrow(() -> {
                    return new IllegalStateException("Swarm service has no tasks");
                });
                if (orElseThrow.status().containerStatus() != null && orElseThrow.status().state().equals(TaskStatus.TASK_STATE_RUNNING)) {
                    builder.id(orElseThrow.status().containerStatus().containerId());
                    return Retrying.SUCCESS;
                }
                if (STARTING_STATES.contains(orElseThrow.status().state())) {
                    return Retrying.FAILURE;
                }
                this.slog.warn(proxy, "Docker Swarm container failed: container not running, state reported by docker: " + toJson(orElseThrow.status()));
                return new Retrying.Result(false, false);
            }, this.serviceWaitTime, "Docker Swarm Service", 10, proxy, this.slog)) {
                this.dockerClient.removeService(id);
                throw new ContainerFailedToStartException("Swarm container did not start in time", null, builder.build());
            }
            proxyStartupLogBuilder.containerStarted(container.getIndex());
            Container build2 = builder.build();
            return proxy.toBuilder().addTargets(setupPortMappingExistingProxy(proxy, build2, hashMap)).updateContainer(build2).build();
        } catch (ContainerFailedToStartException e) {
            throw e;
        } catch (Throwable th) {
            throw new ContainerFailedToStartException("Docker swarm container failed to start", th, builder.build());
        }
    }

    @Override // eu.openanalytics.containerproxy.backend.AbstractContainerBackend
    protected URI calculateTarget(Container container, PortMappings.PortMappingEntry portMappingEntry, Integer num) throws Exception {
        String str;
        String host;
        int intValue;
        if (isUseInternalNetwork()) {
            str = getDefaultTargetProtocol();
            host = container.getId().substring(0, 12);
            intValue = portMappingEntry.getPort().intValue();
        } else {
            str = this.nonInternalNetworkTargetProtocol;
            host = this.nonInternalNetworkTargetURL.getHost();
            intValue = num.intValue();
        }
        return new URI(String.format("%s://%s:%s%s", str, host, Integer.valueOf(intValue), portMappingEntry.getTargetPath()));
    }

    private SecretBind convertSecret(DockerSwarmSecret dockerSwarmSecret) throws DockerException, InterruptedException {
        if (dockerSwarmSecret.getName() == null) {
            throw new IllegalArgumentException("No name for a Docker swarm secret provided");
        }
        return SecretBind.builder().secretName(dockerSwarmSecret.getName()).secretId(getSecretId(dockerSwarmSecret.getName())).file(SecretFile.builder().name((String) Optional.ofNullable(dockerSwarmSecret.getTarget()).orElse(dockerSwarmSecret.getName())).gid((String) Optional.ofNullable(dockerSwarmSecret.getGid()).orElse("0")).uid((String) Optional.ofNullable(dockerSwarmSecret.getUid()).orElse("0")).mode(Long.valueOf(Long.parseLong((String) Optional.ofNullable(dockerSwarmSecret.getMode()).orElse("444"), 8))).build()).build();
    }

    private String getSecretId(String str) throws DockerException, InterruptedException {
        return (String) this.dockerClient.listSecrets().stream().filter(secret -> {
            return secret.secretSpec().name().equals(str);
        }).findFirst().map((v0) -> {
            return v0.id();
        }).orElseThrow(() -> {
            return new IllegalArgumentException("Secret not found!");
        });
    }

    @Override // eu.openanalytics.containerproxy.backend.AbstractContainerBackend
    protected void doStopProxy(Proxy proxy) throws Exception {
        Iterator<Container> it = proxy.getContainers().iterator();
        while (it.hasNext()) {
            BackendContainerName backendContainerName = (BackendContainerName) it.next().getRuntimeObjectOrNull(BackendContainerNameKey.inst);
            if (backendContainerName != null) {
                try {
                    this.dockerClient.removeService(backendContainerName.getName());
                } catch (ServiceNotFoundException e) {
                }
            }
        }
        releasePort(proxy.getId());
    }

    @Override // eu.openanalytics.containerproxy.backend.IContainerBackend
    public List<ExistingContainerInfo> scanExistingContainers() throws Exception {
        ArrayList arrayList = new ArrayList();
        for (Service service : this.dockerClient.listServices()) {
            org.mandas.docker.client.messages.swarm.ContainerSpec containerSpec = service.spec().taskTemplate().containerSpec();
            if (containerSpec != null) {
                List<org.mandas.docker.client.messages.Container> listContainers = this.dockerClient.listContainers(DockerClient.ListContainersParam.withLabel("com.docker.swarm.service.id", service.id()));
                if (listContainers.size() != 1) {
                    this.log.warn(String.format("Found not correct amount of containers for service %s, therefore skipping this", service.id()));
                } else {
                    Map<RuntimeValueKey<?>, RuntimeValue> parseLabelsAsRuntimeValues = parseLabelsAsRuntimeValues(((org.mandas.docker.client.messages.Container) listContainers.getFirst()).id(), containerSpec.labels());
                    if (parseLabelsAsRuntimeValues != null) {
                        parseLabelsAsRuntimeValues.put(ContainerImageKey.inst, new RuntimeValue(ContainerImageKey.inst, ((org.mandas.docker.client.messages.Container) listContainers.getFirst()).image()));
                        parseLabelsAsRuntimeValues.put(BackendContainerNameKey.inst, new RuntimeValue(BackendContainerNameKey.inst, new BackendContainerName(service.id())));
                        String str = (String) parseLabelsAsRuntimeValues.get(InstanceIdKey.inst).getObject();
                        if (this.appRecoveryService.canRecoverProxy(str).booleanValue()) {
                            HashMap hashMap = new HashMap();
                            if (service.endpoint() != null && service.endpoint().ports() != null) {
                                for (PortConfig portConfig : service.endpoint().ports()) {
                                    int intValue = portConfig.publishedPort().intValue();
                                    hashMap.put(Integer.valueOf(portConfig.targetPort().intValue()), Integer.valueOf(intValue));
                                    this.portAllocator.addExistingPort((String) parseLabelsAsRuntimeValues.get(UserIdKey.inst).getObject(), intValue);
                                }
                            }
                            arrayList.add(new ExistingContainerInfo(((org.mandas.docker.client.messages.Container) listContainers.getFirst()).id(), parseLabelsAsRuntimeValues, containerSpec.image(), hashMap));
                        } else {
                            this.log.warn("Ignoring container {} because instanceId {} is not correct", ((org.mandas.docker.client.messages.Container) listContainers.getFirst()).id(), str);
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    @Override // eu.openanalytics.containerproxy.backend.IContainerBackend
    public boolean isProxyHealthy(Proxy proxy) {
        Iterator<Container> it = proxy.getContainers().iterator();
        if (!it.hasNext()) {
            return true;
        }
        try {
            try {
                BackendContainerName backendContainerName = (BackendContainerName) it.next().getRuntimeObjectOrNull(BackendContainerNameKey.inst);
                if (backendContainerName == null) {
                    this.slog.warn(proxy, "Docker Swarm container failed: no service id found");
                    return false;
                }
                this.dockerClient.inspectService(backendContainerName.getName());
                List<Task> listTasks = this.dockerClient.listTasks(Task.Criteria.builder().serviceName(backendContainerName.getName()).build());
                if (listTasks.isEmpty()) {
                    this.slog.warn(proxy, "Docker Swarm container failed: service does not exist");
                    return false;
                }
                Task task = (Task) listTasks.getFirst();
                if (task.status().state().equals(TaskStatus.TASK_STATE_RUNNING)) {
                    return true;
                }
                this.slog.warn(proxy, "Docker Swarm container failed: container not running, state reported by docker: " + toJson(task.status()));
                return false;
            } catch (ServiceNotFoundException e) {
                this.slog.warn(proxy, "Docker Swarm container failed: service does not exist");
                return false;
            }
        } catch (InterruptedException | DockerException e2) {
            this.slog.warn(proxy, e2, "Failed to check Docker Swarm container health");
            return false;
        }
    }

    @Override // eu.openanalytics.containerproxy.backend.AbstractContainerBackend, eu.openanalytics.containerproxy.backend.IContainerBackend
    public BiConsumer<OutputStream, OutputStream> getOutputAttacher(Proxy proxy, boolean z) {
        Container primaryContainer = getPrimaryContainer(proxy);
        if (primaryContainer == null) {
            return null;
        }
        BackendContainerName backendContainerName = (BackendContainerName) primaryContainer.getRuntimeObjectOrNull(BackendContainerNameKey.inst);
        return (outputStream, outputStream2) -> {
            try {
                (z ? this.dockerClient.serviceLogs(backendContainerName.getName(), DockerClient.LogsParam.follow(), DockerClient.LogsParam.stdout(), DockerClient.LogsParam.stderr()) : this.dockerClient.serviceLogs(backendContainerName.getName(), DockerClient.LogsParam.stdout(), DockerClient.LogsParam.stderr())).attach(outputStream, outputStream2);
            } catch (ClosedChannelException e) {
            } catch (IOException | InterruptedException | DockerException e2) {
                this.log.error("Error while attaching to container output", e2);
            }
        };
    }
}
