package dev.stratospheric.cdk;

import dev.stratospheric.cdk.Network;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import software.amazon.awscdk.core.Construct;
import software.amazon.awscdk.core.Environment;
import software.amazon.awscdk.core.RemovalPolicy;
import software.amazon.awscdk.services.ec2.CfnSecurityGroup;
import software.amazon.awscdk.services.ec2.CfnSecurityGroupIngress;
import software.amazon.awscdk.services.ecr.IRepository;
import software.amazon.awscdk.services.ecr.Repository;
import software.amazon.awscdk.services.ecs.CfnService;
import software.amazon.awscdk.services.ecs.CfnTaskDefinition;
import software.amazon.awscdk.services.elasticloadbalancingv2.CfnListenerRule;
import software.amazon.awscdk.services.elasticloadbalancingv2.CfnTargetGroup;
import software.amazon.awscdk.services.iam.Effect;
import software.amazon.awscdk.services.iam.PolicyDocument;
import software.amazon.awscdk.services.iam.PolicyStatement;
import software.amazon.awscdk.services.iam.Role;
import software.amazon.awscdk.services.iam.ServicePrincipal;
import software.amazon.awscdk.services.logs.LogGroup;
import software.amazon.awscdk.services.logs.RetentionDays;

/* loaded from: input_file:dev/stratospheric/cdk/Service.class */
public class Service extends Construct {

    /* loaded from: input_file:dev/stratospheric/cdk/Service$DockerImageSource.class */
    public static class DockerImageSource {
        private final String dockerRepositoryName;
        private final String dockerImageTag;
        private final String dockerImageUrl;

        public DockerImageSource(String str) {
            Objects.requireNonNull(str);
            this.dockerImageUrl = str;
            this.dockerImageTag = null;
            this.dockerRepositoryName = null;
        }

        public DockerImageSource(String str, String str2) {
            Objects.requireNonNull(str);
            Objects.requireNonNull(str2);
            this.dockerRepositoryName = str;
            this.dockerImageTag = str2;
            this.dockerImageUrl = null;
        }

        public boolean isEcrSource() {
            return this.dockerRepositoryName != null;
        }

        public String getDockerRepositoryName() {
            return this.dockerRepositoryName;
        }

        public String getDockerImageTag() {
            return this.dockerImageTag;
        }

        public String getDockerImageUrl() {
            return this.dockerImageUrl;
        }
    }

    /* loaded from: input_file:dev/stratospheric/cdk/Service$ServiceInputParameters.class */
    public static class ServiceInputParameters {
        private final DockerImageSource dockerImageSource;
        private final Map<String, String> environmentVariables;
        private final List<String> securityGroupIdsToGrantIngressFromEcs;
        private List<PolicyStatement> taskRolePolicyStatements;
        private int healthCheckIntervalSeconds;
        private String healthCheckPath;
        private int containerPort;
        private String containerProtocol;
        private int healthCheckTimeoutSeconds;
        private int healthyThresholdCount;
        private int unhealthyThresholdCount;
        private RetentionDays logRetention;
        private int cpu;
        private int memory;
        private int desiredInstancesCount;
        private int maximumInstancesPercent;
        private int minimumHealthyInstancesPercent;
        private boolean stickySessionsEnabled;

        public ServiceInputParameters(DockerImageSource dockerImageSource, List<String> list, Map<String, String> map) {
            this.taskRolePolicyStatements = new ArrayList();
            this.healthCheckIntervalSeconds = 15;
            this.healthCheckPath = "/";
            this.containerPort = 8080;
            this.containerProtocol = "HTTP";
            this.healthCheckTimeoutSeconds = 5;
            this.healthyThresholdCount = 2;
            this.unhealthyThresholdCount = 8;
            this.logRetention = RetentionDays.ONE_WEEK;
            this.cpu = 256;
            this.memory = 512;
            this.desiredInstancesCount = 2;
            this.maximumInstancesPercent = 200;
            this.minimumHealthyInstancesPercent = 50;
            this.stickySessionsEnabled = false;
            this.dockerImageSource = dockerImageSource;
            this.environmentVariables = map;
            this.securityGroupIdsToGrantIngressFromEcs = list;
        }

        public ServiceInputParameters(DockerImageSource dockerImageSource, Map<String, String> map) {
            this.taskRolePolicyStatements = new ArrayList();
            this.healthCheckIntervalSeconds = 15;
            this.healthCheckPath = "/";
            this.containerPort = 8080;
            this.containerProtocol = "HTTP";
            this.healthCheckTimeoutSeconds = 5;
            this.healthyThresholdCount = 2;
            this.unhealthyThresholdCount = 8;
            this.logRetention = RetentionDays.ONE_WEEK;
            this.cpu = 256;
            this.memory = 512;
            this.desiredInstancesCount = 2;
            this.maximumInstancesPercent = 200;
            this.minimumHealthyInstancesPercent = 50;
            this.stickySessionsEnabled = false;
            this.dockerImageSource = dockerImageSource;
            this.environmentVariables = map;
            this.securityGroupIdsToGrantIngressFromEcs = Collections.emptyList();
        }

        public ServiceInputParameters withHealthCheckIntervalSeconds(int i) {
            this.healthCheckIntervalSeconds = i;
            return this;
        }

        public ServiceInputParameters withHealthCheckPath(String str) {
            Objects.requireNonNull(str);
            this.healthCheckPath = str;
            return this;
        }

        public ServiceInputParameters withContainerPort(int i) {
            Objects.requireNonNull(Integer.valueOf(i));
            this.containerPort = i;
            return this;
        }

        public ServiceInputParameters withContainerProtocol(String str) {
            Objects.requireNonNull(str);
            this.containerProtocol = str;
            return this;
        }

        public ServiceInputParameters withHealthCheckTimeoutSeconds(int i) {
            this.healthCheckTimeoutSeconds = i;
            return this;
        }

        public ServiceInputParameters withHealthyThresholdCount(int i) {
            this.healthyThresholdCount = i;
            return this;
        }

        public ServiceInputParameters withUnhealthyThresholdCount(int i) {
            this.unhealthyThresholdCount = i;
            return this;
        }

        public ServiceInputParameters withCpu(int i) {
            this.cpu = i;
            return this;
        }

        public ServiceInputParameters withMemory(int i) {
            this.memory = i;
            return this;
        }

        public ServiceInputParameters withLogRetention(RetentionDays retentionDays) {
            Objects.requireNonNull(retentionDays);
            this.logRetention = retentionDays;
            return this;
        }

        public ServiceInputParameters withDesiredInstances(int i) {
            this.desiredInstancesCount = i;
            return this;
        }

        public ServiceInputParameters withMaximumInstancesPercent(int i) {
            this.maximumInstancesPercent = i;
            return this;
        }

        public ServiceInputParameters withMinimumHealthyInstancesPercent(int i) {
            this.minimumHealthyInstancesPercent = i;
            return this;
        }

        public ServiceInputParameters withTaskRolePolicyStatements(List<PolicyStatement> list) {
            this.taskRolePolicyStatements = list;
            return this;
        }

        public ServiceInputParameters withStickySessionsEnabled(boolean z) {
            this.stickySessionsEnabled = z;
            return this;
        }
    }

    public Service(Construct construct, String str, Environment environment, ApplicationEnvironment applicationEnvironment, ServiceInputParameters serviceInputParameters, Network.NetworkOutputParameters networkOutputParameters) {
        super(construct, str);
        String str2;
        CfnTargetGroup build = CfnTargetGroup.Builder.create(this, "targetGroup").healthCheckIntervalSeconds(Integer.valueOf(serviceInputParameters.healthCheckIntervalSeconds)).healthCheckPath(serviceInputParameters.healthCheckPath).healthCheckPort(String.valueOf(serviceInputParameters.containerPort)).healthCheckProtocol(serviceInputParameters.containerProtocol).healthCheckTimeoutSeconds(Integer.valueOf(serviceInputParameters.healthCheckTimeoutSeconds)).healthyThresholdCount(Integer.valueOf(serviceInputParameters.healthyThresholdCount)).unhealthyThresholdCount(Integer.valueOf(serviceInputParameters.unhealthyThresholdCount)).targetGroupAttributes(serviceInputParameters.stickySessionsEnabled ? Arrays.asList(CfnTargetGroup.TargetGroupAttributeProperty.builder().key("stickiness.enabled").value("true").build(), CfnTargetGroup.TargetGroupAttributeProperty.builder().key("stickiness.type").value("lb_cookie").build(), CfnTargetGroup.TargetGroupAttributeProperty.builder().key("stickiness.lb_cookie.duration_seconds").value("3600").build()) : Arrays.asList(new Object[0])).targetType("ip").port(Integer.valueOf(serviceInputParameters.containerPort)).protocol(serviceInputParameters.containerProtocol).vpcId(networkOutputParameters.getVpcId()).build();
        CfnListenerRule.ActionProperty build2 = CfnListenerRule.ActionProperty.builder().targetGroupArn(build.getRef()).type("forward").build();
        CfnListenerRule.RuleConditionProperty build3 = CfnListenerRule.RuleConditionProperty.builder().field("path-pattern").values(Collections.singletonList("*")).build();
        Optional<String> httpsListenerArn = networkOutputParameters.getHttpsListenerArn();
        CfnListenerRule build4 = httpsListenerArn.isPresent() ? CfnListenerRule.Builder.create(this, "httpsListenerRule").actions(Collections.singletonList(build2)).conditions(Collections.singletonList(build3)).listenerArn(httpsListenerArn.get()).priority(1).build() : null;
        CfnListenerRule build5 = CfnListenerRule.Builder.create(this, "httpListenerRule").actions(Collections.singletonList(build2)).conditions(Collections.singletonList(build3)).listenerArn(networkOutputParameters.getHttpListenerArn()).priority(2).build();
        LogGroup build6 = LogGroup.Builder.create(this, "ecsLogGroup").logGroupName(applicationEnvironment.prefix("logs")).retention(serviceInputParameters.logRetention).removalPolicy(RemovalPolicy.DESTROY).build();
        Role build7 = Role.Builder.create(this, "ecsTaskExecutionRole").assumedBy(ServicePrincipal.Builder.create("ecs-tasks.amazonaws.com").build()).path("/").inlinePolicies(Map.of(applicationEnvironment.prefix("ecsTaskExecutionRolePolicy"), PolicyDocument.Builder.create().statements(Collections.singletonList(PolicyStatement.Builder.create().effect(Effect.ALLOW).resources(Collections.singletonList("*")).actions(Arrays.asList("ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "logs:CreateLogStream", "logs:PutLogEvents")).build())).build())).build();
        Role.Builder path = Role.Builder.create(this, "ecsTaskRole").assumedBy(ServicePrincipal.Builder.create("ecs-tasks.amazonaws.com").build()).path("/");
        if (!serviceInputParameters.taskRolePolicyStatements.isEmpty()) {
            path.inlinePolicies(Map.of(applicationEnvironment.prefix("ecsTaskRolePolicy"), PolicyDocument.Builder.create().statements(serviceInputParameters.taskRolePolicyStatements).build())).build();
        }
        Role build8 = path.build();
        if (serviceInputParameters.dockerImageSource.isEcrSource()) {
            IRepository fromRepositoryName = Repository.fromRepositoryName(this, "ecrRepository", serviceInputParameters.dockerImageSource.getDockerRepositoryName());
            fromRepositoryName.grantPull(build7);
            str2 = fromRepositoryName.repositoryUriForTag(serviceInputParameters.dockerImageSource.getDockerImageTag());
        } else {
            str2 = serviceInputParameters.dockerImageSource.dockerImageUrl;
        }
        CfnTaskDefinition build9 = CfnTaskDefinition.Builder.create(this, "taskDefinition").cpu(String.valueOf(serviceInputParameters.cpu)).memory(String.valueOf(serviceInputParameters.memory)).networkMode("awsvpc").requiresCompatibilities(Collections.singletonList("FARGATE")).executionRoleArn(build7.getRoleArn()).taskRoleArn(build8.getRoleArn()).containerDefinitions(Collections.singletonList(CfnTaskDefinition.ContainerDefinitionProperty.builder().name(containerName(applicationEnvironment)).cpu(Integer.valueOf(serviceInputParameters.cpu)).memory(Integer.valueOf(serviceInputParameters.memory)).image(str2).logConfiguration(CfnTaskDefinition.LogConfigurationProperty.builder().logDriver("awslogs").options(Map.of("awslogs-group", build6.getLogGroupName(), "awslogs-region", environment.getRegion(), "awslogs-stream-prefix", applicationEnvironment.prefix("stream"), "awslogs-multiline-pattern", "^[0-9]{4}-[0-9]{2}-[0-9]{2}")).build()).portMappings(Collections.singletonList(CfnTaskDefinition.PortMappingProperty.builder().containerPort(Integer.valueOf(serviceInputParameters.containerPort)).build())).environment(toKeyValuePairs(serviceInputParameters.environmentVariables)).build())).build();
        CfnSecurityGroup build10 = CfnSecurityGroup.Builder.create(this, "ecsSecurityGroup").vpcId(networkOutputParameters.getVpcId()).groupDescription("SecurityGroup for the ECS containers").build();
        CfnSecurityGroupIngress.Builder.create(this, "ecsIngressFromSelf").ipProtocol("-1").sourceSecurityGroupId(build10.getAttrGroupId()).groupId(build10.getAttrGroupId()).build();
        CfnSecurityGroupIngress.Builder.create(this, "ecsIngressFromLoadbalancer").ipProtocol("-1").sourceSecurityGroupId(networkOutputParameters.getLoadbalancerSecurityGroupId()).groupId(build10.getAttrGroupId()).build();
        allowIngressFromEcs(serviceInputParameters.securityGroupIdsToGrantIngressFromEcs, build10);
        CfnService build11 = CfnService.Builder.create(this, "ecsService").cluster(networkOutputParameters.getEcsClusterName()).launchType("FARGATE").deploymentConfiguration(CfnService.DeploymentConfigurationProperty.builder().maximumPercent(Integer.valueOf(serviceInputParameters.maximumInstancesPercent)).minimumHealthyPercent(Integer.valueOf(serviceInputParameters.minimumHealthyInstancesPercent)).build()).desiredCount(Integer.valueOf(serviceInputParameters.desiredInstancesCount)).taskDefinition(build9.getRef()).loadBalancers(Collections.singletonList(CfnService.LoadBalancerProperty.builder().containerName(containerName(applicationEnvironment)).containerPort(Integer.valueOf(serviceInputParameters.containerPort)).targetGroupArn(build.getRef()).build())).networkConfiguration(CfnService.NetworkConfigurationProperty.builder().awsvpcConfiguration(CfnService.AwsVpcConfigurationProperty.builder().assignPublicIp("ENABLED").securityGroups(Collections.singletonList(build10.getAttrGroupId())).subnets(networkOutputParameters.getPublicSubnets()).build()).build()).build();
        if (httpsListenerArn.isPresent()) {
            build11.addDependsOn(build4);
        }
        build11.addDependsOn(build5);
        applicationEnvironment.tag(this);
    }

    private void allowIngressFromEcs(List<String> list, CfnSecurityGroup cfnSecurityGroup) {
        int i = 1;
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            CfnSecurityGroupIngress.Builder.create(this, "securityGroupIngress" + i).sourceSecurityGroupId(cfnSecurityGroup.getAttrGroupId()).groupId(it.next()).ipProtocol("-1").build();
            i++;
        }
    }

    private String containerName(ApplicationEnvironment applicationEnvironment) {
        return applicationEnvironment.prefix("container");
    }

    private CfnTaskDefinition.KeyValuePairProperty keyValuePair(String str, String str2) {
        return CfnTaskDefinition.KeyValuePairProperty.builder().name(str).value(str2).build();
    }

    public List<CfnTaskDefinition.KeyValuePairProperty> toKeyValuePairs(Map<String, String> map) {
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            arrayList.add(keyValuePair(entry.getKey(), entry.getValue()));
        }
        return arrayList;
    }
}
