package org.apache.brooklyn.policy.jclouds.os;

import com.google.common.annotations.Beta;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import org.apache.brooklyn.api.entity.Entity;
import org.apache.brooklyn.api.entity.EntityLocal;
import org.apache.brooklyn.api.location.Location;
import org.apache.brooklyn.api.sensor.AttributeSensor;
import org.apache.brooklyn.api.sensor.SensorEvent;
import org.apache.brooklyn.api.sensor.SensorEventListener;
import org.apache.brooklyn.config.ConfigKey;
import org.apache.brooklyn.core.config.ConfigKeys;
import org.apache.brooklyn.core.entity.AbstractEntity;
import org.apache.brooklyn.core.policy.AbstractPolicy;
import org.apache.brooklyn.core.sensor.Sensors;
import org.apache.brooklyn.location.ssh.SshMachineLocation;
import org.apache.brooklyn.util.core.flags.SetFromFlag;
import org.apache.brooklyn.util.core.internal.ssh.SshTool;
import org.apache.brooklyn.util.ssh.BashCommands;
import org.apache.brooklyn.util.text.Identifiers;
import org.jclouds.compute.config.AdminAccessConfiguration;
import org.jclouds.scriptbuilder.domain.OsFamily;
import org.jclouds.scriptbuilder.functions.InitAdminAccess;
import org.jclouds.scriptbuilder.statements.login.AdminAccess;
import org.jclouds.scriptbuilder.statements.ssh.SshdConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Beta
/* loaded from: input_file:org/apache/brooklyn/policy/jclouds/os/CreateUserPolicy.class */
public class CreateUserPolicy extends AbstractPolicy implements SensorEventListener<Location> {
    private static final Logger LOG = LoggerFactory.getLogger(CreateUserPolicy.class);

    @SetFromFlag("user")
    public static final ConfigKey<String> VM_USERNAME = ConfigKeys.newStringConfigKey("createuser.vm.user.name");

    @SetFromFlag("grantSudo")
    public static final ConfigKey<Boolean> GRANT_SUDO = ConfigKeys.newBooleanConfigKey("createuser.vm.user.grantSudo", "Whether to give the new user sudo rights", false);
    public static final AttributeSensor<String> VM_USER_CREDENTIALS = Sensors.newStringSensor("createuser.vm.user.credentials", "The \"<user> : <password> @ <hostname>:<port>\"");

    @SetFromFlag("resetLoginUser")
    public static final ConfigKey<Boolean> RESET_LOGIN_USER = ConfigKeys.newBooleanConfigKey("createuser.vm.user.resetLoginUser", "Whether to reset the password used for user login", false);

    public void setEntity(EntityLocal entityLocal) {
        super.setEntity(entityLocal);
        subscriptions().subscribe(entityLocal, AbstractEntity.LOCATION_ADDED, this);
    }

    public void onEvent(SensorEvent<Location> sensorEvent) {
        Entity source = sensorEvent.getSource();
        Location location = (Location) sensorEvent.getValue();
        if (location instanceof SshMachineLocation) {
            addUserAsync(source, (SshMachineLocation) location);
        }
    }

    protected void addUserAsync(Entity entity, SshMachineLocation sshMachineLocation) {
        getExecutionContext().execute(() -> {
            addUser(entity, sshMachineLocation);
        });
    }

    protected void addUser(Entity entity, SshMachineLocation sshMachineLocation) {
        boolean booleanValue = ((Boolean) getRequiredConfig(GRANT_SUDO)).booleanValue();
        boolean booleanValue2 = ((Boolean) getRequiredConfig(RESET_LOGIN_USER)).booleanValue();
        String str = (String) getRequiredConfig(VM_USERNAME);
        String makeRandomId = Identifiers.makeRandomId(12);
        String hostName = sshMachineLocation.getAddress().getHostName();
        int port = sshMachineLocation.getPort();
        String str2 = str + " : " + makeRandomId + " @ " + hostName + ":" + port;
        LOG.info("Adding auto-generated user " + str + " @ " + hostName + ":" + port);
        AdminAccess build = AdminAccess.builder().adminUsername(str).adminPassword(makeRandomId).grantSudoToAdminUser(false).resetLoginPassword(booleanValue2).loginPassword(makeRandomId).authorizeAdminPublicKey(false).adminPublicKey("ignored").installAdminPrivateKey(false).adminPrivateKey("ignore").lockSsh(false).build();
        OsFamily osFamily = sshMachineLocation.getMachineDetails().getOsDetails().isWindows() ? OsFamily.WINDOWS : OsFamily.UNIX;
        new InitAdminAccess(new AdminAccessConfiguration.Default()).visit(build);
        String render = build.render(osFamily);
        if (sshMachineLocation.execScript(ImmutableMap.of(SshTool.PROP_RUN_AS_ROOT.getName(), true), "create-user-" + str, ImmutableList.of(render), ImmutableMap.of("PATH", BashCommands.sbinPath())) != 0) {
            throw new IllegalStateException("Failed to auto-generate user, using command " + render);
        }
        String render2 = new SshdConfig(ImmutableMap.of("PasswordAuthentication", "yes")).render(osFamily);
        if (sshMachineLocation.execScript(ImmutableMap.of(SshTool.PROP_RUN_AS_ROOT.getName(), true), "create-user-" + str, ImmutableList.of(render2), ImmutableMap.of("PATH", BashCommands.sbinPath())) != 0) {
            throw new IllegalStateException("Failed to enable ssh-login-with-password, using command " + render2);
        }
        if (booleanValue) {
            ImmutableList of = ImmutableList.of("cat >> /etc/sudoers <<-'END_OF_JCLOUDS_FILE'\n" + str + " ALL = (ALL) NOPASSWD:ALL\nEND_OF_JCLOUDS_FILE\n", "chmod 0440 /etc/sudoers");
            if (sshMachineLocation.execScript(ImmutableMap.of(SshTool.PROP_RUN_AS_ROOT.getName(), true), "add-user-to-sudoers-" + str, of, ImmutableMap.of("PATH", BashCommands.sbinPath())) != 0) {
                throw new IllegalStateException("Failed to auto-generate user, using command " + of);
            }
        }
        entity.sensors().set(VM_USER_CREDENTIALS, str2);
    }
}
