package eu.openanalytics.containerproxy.backend.docker;

import eu.openanalytics.containerproxy.ContainerFailedToStartException;
import eu.openanalytics.containerproxy.event.NewProxyEvent;
import eu.openanalytics.containerproxy.model.runtime.Container;
import eu.openanalytics.containerproxy.model.runtime.ExistingContainerInfo;
import eu.openanalytics.containerproxy.model.runtime.PortMappings;
import eu.openanalytics.containerproxy.model.runtime.Proxy;
import eu.openanalytics.containerproxy.model.runtime.ProxyStartupLog;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.BackendContainerName;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.BackendContainerNameKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.ContainerImageKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.InstanceIdKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.RuntimeValue;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.RuntimeValueKey;
import eu.openanalytics.containerproxy.model.runtime.runtimevalues.UserIdKey;
import eu.openanalytics.containerproxy.model.spec.ContainerSpec;
import eu.openanalytics.containerproxy.model.spec.DockerDeviceRequest;
import eu.openanalytics.containerproxy.model.spec.PortMapping;
import eu.openanalytics.containerproxy.model.spec.ProxySpec;
import eu.openanalytics.containerproxy.spec.expression.SpelField;
import java.io.IOException;
import java.io.OutputStream;
import java.net.URI;
import java.nio.channels.ClosedChannelException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.stream.Stream;
import javax.annotation.PostConstruct;
import org.mandas.docker.client.DockerClient;
import org.mandas.docker.client.exceptions.ConflictException;
import org.mandas.docker.client.exceptions.ContainerNotFoundException;
import org.mandas.docker.client.exceptions.DockerException;
import org.mandas.docker.client.exceptions.DockerRequestException;
import org.mandas.docker.client.exceptions.NotFoundException;
import org.mandas.docker.client.messages.AttachedNetwork;
import org.mandas.docker.client.messages.Container;
import org.mandas.docker.client.messages.ContainerConfig;
import org.mandas.docker.client.messages.ContainerCreation;
import org.mandas.docker.client.messages.ContainerInfo;
import org.mandas.docker.client.messages.ContainerState;
import org.mandas.docker.client.messages.HostConfig;
import org.mandas.docker.client.messages.LogConfig;
import org.mandas.docker.client.messages.PortBinding;
import org.mandas.docker.client.messages.RegistryAuth;
import org.mandas.docker.client.messages.swarm.TaskStatus;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.ApplicationEvent;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;

@ConditionalOnProperty(name = {"proxy.container-backend"}, havingValue = "docker", matchIfMissing = true)
@Component
/* loaded from: input_file:BOOT-INF/lib/containerproxy-1.2.0.jar:eu/openanalytics/containerproxy/backend/docker/DockerEngineBackend.class */
public class DockerEngineBackend extends AbstractDockerBackend {
    private static final String PROPERTY_IMG_PULL_POLICY = "image-pull-policy";
    private static final String PROPERTY_LOKI_URL = "loki-url";
    private static final String PROPERTY_TARGET_BIND_IP = "target-bind-ip";
    private static final String DEFAULT_TARGET_BIND_IP = "127.0.0.1";
    private ImagePullPolicy imagePullPolicy;
    private String lokiUrl;
    private String nonInternalTargetBindIp;

    /* loaded from: input_file:BOOT-INF/lib/containerproxy-1.2.0.jar:eu/openanalytics/containerproxy/backend/docker/DockerEngineBackend$ImagePullPolicy.class */
    public enum ImagePullPolicy {
        Never,
        Always,
        IfNotPresent
    }

    @Override // eu.openanalytics.containerproxy.backend.docker.AbstractDockerBackend, eu.openanalytics.containerproxy.backend.AbstractContainerBackend
    @PostConstruct
    public void initialize() {
        super.initialize();
        this.imagePullPolicy = (ImagePullPolicy) this.environment.getProperty(getPropertyPrefix() + "image-pull-policy", ImagePullPolicy.class, ImagePullPolicy.IfNotPresent);
        this.lokiUrl = this.environment.getProperty(getPropertyPrefix() + "loki-url");
        this.nonInternalTargetBindIp = this.environment.getProperty(getPropertyPrefix() + "target-bind-ip", DEFAULT_TARGET_BIND_IP);
    }

    @Override // eu.openanalytics.containerproxy.backend.AbstractContainerBackend
    public Proxy startContainer(Authentication authentication, Container container, ContainerSpec containerSpec, Proxy proxy, ProxySpec proxySpec, ProxyStartupLog.ProxyStartupLogBuilder proxyStartupLogBuilder) throws ContainerFailedToStartException {
        Container.ContainerBuilder builder = container.toBuilder();
        try {
            HostConfig.Builder builder2 = HostConfig.builder();
            if (this.imagePullPolicy == ImagePullPolicy.Always || (this.imagePullPolicy == ImagePullPolicy.IfNotPresent && !isImagePresent(containerSpec))) {
                this.slog.info(proxy, String.format("Pulling image %s", containerSpec.getImage().getValue()));
                proxyStartupLogBuilder.pullingImage(container.getIndex());
                pullImage(containerSpec);
                proxyStartupLogBuilder.imagePulled(container.getIndex());
            }
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            if (!isUseInternalNetwork()) {
                for (PortMapping portMapping : containerSpec.getPortMapping()) {
                    int intValue = this.portAllocator.allocate(this.portRangeFrom.intValue(), this.portRangeTo.intValue(), proxy.getId()).intValue();
                    hashMap.put(portMapping.getPort().toString(), Collections.singletonList(PortBinding.of(this.nonInternalTargetBindIp, intValue)));
                    hashMap2.put(portMapping.getPort(), Integer.valueOf(intValue));
                }
            }
            builder2.portBindings(hashMap);
            builder2.memoryReservation(memoryToBytes(containerSpec.getMemoryRequest().getValueOrNull()));
            builder2.memory(memoryToBytes(containerSpec.getMemoryLimit().getValueOrNull()));
            if (containerSpec.getCpuRequest().isPresent()) {
                this.slog.warn(proxy, "Ignoring 'container-memory-request', this is not supported in Docker.");
            }
            if (containerSpec.getCpuLimit().isPresent()) {
                long cpuQuota = getCpuQuota(100000L, containerSpec.getCpuLimit().getValue());
                builder2.cpuPeriod(100000L);
                builder2.cpuQuota(Long.valueOf(cpuQuota));
            }
            if (containerSpec.getNetwork().isPresent()) {
                builder2.networkMode(containerSpec.getNetwork().getValueAsString());
            } else if (this.containerNetwork != null) {
                builder2.networkMode(this.containerNetwork);
            }
            SpelField.StringList dns = containerSpec.getDns();
            Objects.requireNonNull(builder2);
            dns.ifPresent((v1) -> {
                r1.dns(v1);
            });
            SpelField.StringList volumes = containerSpec.getVolumes();
            Objects.requireNonNull(builder2);
            volumes.ifPresent((v1) -> {
                r1.binds(v1);
            });
            builder2.privileged(Boolean.valueOf(isPrivileged() || containerSpec.isPrivileged()));
            SpelField.String dockerIpc = containerSpec.getDockerIpc();
            Objects.requireNonNull(builder2);
            dockerIpc.ifPresent(builder2::ipcMode);
            ArrayList arrayList = new ArrayList();
            for (DockerDeviceRequest dockerDeviceRequest : containerSpec.getDockerDeviceRequests()) {
                HostConfig.DeviceRequest.Builder builder3 = HostConfig.DeviceRequest.builder();
                Optional<String> driver = dockerDeviceRequest.getDriver();
                Objects.requireNonNull(builder3);
                driver.ifPresent(builder3::driver);
                Optional<Integer> count = dockerDeviceRequest.getCount();
                Objects.requireNonNull(builder3);
                count.ifPresent(builder3::count);
                Optional<List<String>> deviceIds = dockerDeviceRequest.getDeviceIds();
                Objects.requireNonNull(builder3);
                deviceIds.ifPresent((v1) -> {
                    r1.deviceIds(v1);
                });
                Optional<List<List<String>>> capabilities = dockerDeviceRequest.getCapabilities();
                Objects.requireNonNull(builder3);
                capabilities.ifPresent((v1) -> {
                    r1.capabilities(v1);
                });
                Optional<Map<String, String>> options = dockerDeviceRequest.getOptions();
                Objects.requireNonNull(builder3);
                options.ifPresent(builder3::options);
                arrayList.add(builder3.build());
            }
            builder2.deviceRequests(arrayList);
            SpelField.String dockerRuntime = containerSpec.getDockerRuntime();
            Objects.requireNonNull(builder2);
            dockerRuntime.ifPresent(builder2::runtime);
            Map<String, String> valueOrDefault = containerSpec.getLabels().getValueOrDefault(new HashMap());
            Stream.concat(proxy.getRuntimeValues().values().stream(), container.getRuntimeValues().values().stream()).forEach(runtimeValue -> {
                if (runtimeValue.getKey().getIncludeAsLabel().booleanValue() || runtimeValue.getKey().getIncludeAsAnnotation().booleanValue()) {
                    valueOrDefault.put(runtimeValue.getKey().getKeyAsLabel(), runtimeValue.toString());
                }
            });
            if (this.lokiUrl != null) {
                builder2.logConfig(LogConfig.builder().logType("loki").logOptions(Map.of(PROPERTY_LOKI_URL, this.lokiUrl, "mode", "non-blocking", "loki-external-labels", String.format("sp_realm_id=%s,namespace=default,sp_proxy_id=%s", this.identifierService.realmId, proxy.getId()))).build());
            }
            builder2.groupAdd(containerSpec.getDockerGroupAdd().getValueOrNull());
            ContainerConfig build = ContainerConfig.builder().hostConfig(builder2.build()).image(containerSpec.getImage().getValue()).labels(valueOrDefault).exposedPorts(hashMap.keySet()).cmd(containerSpec.getCmd().getValueOrNull()).env(convertEnv(buildEnv(authentication, containerSpec, proxy))).user(containerSpec.getDockerUser().getValueOrNull()).build();
            proxyStartupLogBuilder.startingContainer(container.getIndex());
            String valueOrDefault2 = containerSpec.getResourceName().getValueOrDefault("sp-container-" + proxy.getId() + "-" + container.getIndex());
            builder.addRuntimeValue(new RuntimeValue(BackendContainerNameKey.inst, new BackendContainerName(valueOrDefault2)), false);
            this.applicationEventPublisher.publishEvent((ApplicationEvent) new NewProxyEvent(proxy.toBuilder().updateContainer(builder.build()).build(), authentication));
            ContainerCreation createContainer = this.dockerClient.createContainer(build, valueOrDefault2);
            builder.id(createContainer.id());
            if (containerSpec.getNetworkConnections().isPresent()) {
                Iterator<String> it = containerSpec.getNetworkConnections().getValue().iterator();
                while (it.hasNext()) {
                    this.dockerClient.connectToNetwork(createContainer.id(), it.next());
                }
            }
            this.dockerClient.startContainer(createContainer.id());
            proxyStartupLogBuilder.containerStarted(container.getIndex());
            Container build2 = builder.build();
            return proxy.toBuilder().addTargets(setupPortMappingExistingProxy(proxy, build2, hashMap2)).updateContainer(build2).build();
        } catch (Throwable th) {
            throw new ContainerFailedToStartException("Docker container failed to start", th, builder.build());
        }
    }

    @Override // eu.openanalytics.containerproxy.backend.AbstractContainerBackend
    protected URI calculateTarget(Container container, PortMappings.PortMappingEntry portMappingEntry, Integer num) throws Exception {
        String str;
        String host;
        int intValue;
        if (isUseInternalNetwork()) {
            str = getDefaultTargetProtocol();
            host = this.dockerClient.inspectContainer(container.getId()).config().hostname();
            intValue = portMappingEntry.getPort().intValue();
        } else {
            str = this.nonInternalNetworkTargetProtocol;
            host = this.nonInternalNetworkTargetURL.getHost();
            intValue = num.intValue();
        }
        return new URI(String.format("%s://%s:%s%s", str, host, Integer.valueOf(intValue), portMappingEntry.getTargetPath()));
    }

    @Override // eu.openanalytics.containerproxy.backend.AbstractContainerBackend
    protected void doStopProxy(Proxy proxy) throws Exception {
        if (proxy.getContainers().isEmpty()) {
            return;
        }
        for (Container container : proxy.getContainers()) {
            if (container.getId() != null) {
                try {
                    ContainerInfo inspectContainer = this.dockerClient.inspectContainer(container.getId());
                    if (inspectContainer != null && inspectContainer.networkSettings() != null && inspectContainer.networkSettings().networks() != null) {
                        Iterator<AttachedNetwork> it = inspectContainer.networkSettings().networks().values().iterator();
                        while (it.hasNext()) {
                            try {
                                this.dockerClient.disconnectFromNetwork(container.getId(), it.next().networkId());
                            } catch (DockerRequestException e) {
                            }
                        }
                    }
                    this.dockerClient.removeContainer(container.getId(), DockerClient.RemoveContainerParam.forceKill());
                    releasePort(proxy.getId());
                } catch (ConflictException e2) {
                } catch (ContainerNotFoundException e3) {
                    releasePort(proxy.getId());
                }
            }
        }
    }

    @Override // eu.openanalytics.containerproxy.backend.IContainerBackend
    public List<ExistingContainerInfo> scanExistingContainers() throws Exception {
        ArrayList arrayList = new ArrayList();
        for (org.mandas.docker.client.messages.Container container : this.dockerClient.listContainers(DockerClient.ListContainersParam.allContainers())) {
            if (container.state().equalsIgnoreCase(TaskStatus.TASK_STATE_RUNNING)) {
                Map<RuntimeValueKey<?>, RuntimeValue> parseLabelsAsRuntimeValues = parseLabelsAsRuntimeValues(container.id(), container.labels());
                if (parseLabelsAsRuntimeValues != null) {
                    parseLabelsAsRuntimeValues.put(ContainerImageKey.inst, new RuntimeValue(ContainerImageKey.inst, container.image()));
                    parseLabelsAsRuntimeValues.put(BackendContainerNameKey.inst, new RuntimeValue(BackendContainerNameKey.inst, new BackendContainerName(container.id())));
                    Iterator<Container.PortMapping> it = container.ports().iterator();
                    while (it.hasNext()) {
                        this.portAllocator.addExistingPort((String) parseLabelsAsRuntimeValues.get(UserIdKey.inst).getObject(), it.next().publicPort());
                    }
                    String str = (String) parseLabelsAsRuntimeValues.get(InstanceIdKey.inst).getObject();
                    if (this.appRecoveryService.canRecoverProxy(str).booleanValue()) {
                        HashMap hashMap = new HashMap();
                        for (Container.PortMapping portMapping : container.ports()) {
                            hashMap.put(Integer.valueOf(portMapping.privatePort()), Integer.valueOf(portMapping.publicPort()));
                        }
                        arrayList.add(new ExistingContainerInfo(container.id(), parseLabelsAsRuntimeValues, container.image(), hashMap));
                    } else {
                        this.log.warn("Ignoring container {} because instanceId {} is not correct", container.id(), str);
                    }
                }
            } else {
                this.log.warn("Ignoring container {} because it is not running, {}", container.id(), container.state());
            }
        }
        return arrayList;
    }

    @Override // eu.openanalytics.containerproxy.backend.IContainerBackend
    public boolean isProxyHealthy(Proxy proxy) {
        Iterator<eu.openanalytics.containerproxy.model.runtime.Container> it = proxy.getContainers().iterator();
        if (!it.hasNext()) {
            return true;
        }
        try {
            ContainerState state = this.dockerClient.inspectContainer(it.next().getId()).state();
            if (state.running() && state.status().equals(TaskStatus.TASK_STATE_RUNNING)) {
                return true;
            }
            this.slog.warn(proxy, "Docker container failed: container not running, state reported by docker: " + toJson(state));
            return false;
        } catch (InterruptedException | DockerException e) {
            throw new RuntimeException(e);
        } catch (ContainerNotFoundException e2) {
            this.slog.warn(proxy, "Docker container failed: container does not exist");
            return false;
        }
    }

    @Override // eu.openanalytics.containerproxy.backend.AbstractContainerBackend, eu.openanalytics.containerproxy.backend.IContainerBackend
    public BiConsumer<OutputStream, OutputStream> getOutputAttacher(Proxy proxy, boolean z) {
        eu.openanalytics.containerproxy.model.runtime.Container primaryContainer = getPrimaryContainer(proxy);
        if (primaryContainer == null) {
            return null;
        }
        return (outputStream, outputStream2) -> {
            try {
                (z ? this.dockerClient.logs(primaryContainer.getId(), DockerClient.LogsParam.follow(), DockerClient.LogsParam.stdout(), DockerClient.LogsParam.stderr()) : this.dockerClient.logs(primaryContainer.getId(), DockerClient.LogsParam.stdout(), DockerClient.LogsParam.stderr())).attach(outputStream, outputStream2);
            } catch (ClosedChannelException e) {
            } catch (IOException | InterruptedException | DockerException e2) {
                this.log.error("Error while attaching to container output", e2);
            }
        };
    }

    private boolean isImagePresent(ContainerSpec containerSpec) throws DockerException, InterruptedException {
        try {
            this.dockerClient.inspectImage(containerSpec.getImage().getValue());
            return true;
        } catch (NotFoundException e) {
            return false;
        }
    }

    private void pullImage(ContainerSpec containerSpec) throws DockerException, InterruptedException {
        if (containerSpec.getDockerRegistryDomain() == null || containerSpec.getDockerRegistryUsername() == null || containerSpec.getDockerRegistryPassword() == null) {
            this.dockerClient.pull(containerSpec.getImage().getValue(), progressMessage -> {
            });
        } else {
            this.dockerClient.pull(containerSpec.getImage().getValue(), RegistryAuth.builder().serverAddress(containerSpec.getDockerRegistryDomain()).username(containerSpec.getDockerRegistryUsername()).password(containerSpec.getDockerRegistryPassword()).build(), progressMessage2 -> {
            });
        }
    }
}
