package io.trino.aws.proxy.server.testing.containers;

import com.google.common.net.HostAndPort;
import com.google.inject.BindingAnnotation;
import com.google.inject.Inject;
import com.google.inject.Provider;
import io.airlift.log.Logger;
import io.trino.aws.proxy.server.testing.TestingUtil;
import io.trino.aws.proxy.spi.credentials.Credential;
import io.trino.aws.proxy.spi.credentials.Credentials;
import jakarta.annotation.PostConstruct;
import jakarta.annotation.PreDestroy;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.net.URI;
import java.util.List;
import java.util.Objects;
import java.util.UUID;
import org.testcontainers.containers.Container;
import org.testcontainers.containers.MinIOContainer;
import org.testcontainers.images.builder.Transferable;
import org.testcontainers.utility.DockerImageName;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.s3.S3Client;

/* loaded from: input_file:io/trino/aws/proxy/server/testing/containers/S3Container.class */
public class S3Container implements Provider<S3Client> {
    private static final Logger log = Logger.get(S3Container.class);
    public static final String POLICY_NAME = "managedPolicy";
    private static final String IMAGE_NAME = "minio/minio";
    private static final String IMAGE_TAG = "RELEASE.2024-07-15T19-02-30Z";
    private static final String CONFIG_TEMPLATE = "{\n    \"version\": \"10\",\n    \"aliases\": {\n        \"local\": {\n            \"url\": \"http://localhost:9000\",\n            \"accessKey\": \"%s\",\n            \"secretKey\": \"%s\",\n            \"api\": \"S3v4\",\n            \"path\": \"auto\"\n        }\n    }\n}\n";
    private static final String POLICY = "{\n   \"Version\": \"2012-10-17\",\n   \"Statement\": [\n      {\n         \"Effect\": \"Allow\",\n         \"Action\": \"s3:*\",\n         \"Resource\": \"arn:aws:s3:::*\",\n         \"Condition\": {\n           \"StringEquals\": {\n             \"aws:principaltype\": \"AssumedRole\"\n           }\n         }\n      }\n   ]\n}\n";
    private final MinIOContainer container;
    private final S3Client storageClient;
    private final List<String> initialBuckets;
    private final Credential credential;
    private final Credential policyUserCredential;
    private volatile Credentials sessionCredentials;

    @Target({ElementType.FIELD, ElementType.PARAMETER, ElementType.METHOD})
    @Retention(RetentionPolicy.RUNTIME)
    @BindingAnnotation
    /* loaded from: input_file:io/trino/aws/proxy/server/testing/containers/S3Container$ForS3Container.class */
    public @interface ForS3Container {
    }

    /* renamed from: get, reason: merged with bridge method [inline-methods] */
    public S3Client m22get() {
        return this.storageClient;
    }

    @Inject
    public S3Container(@ForS3Container List<String> list, @TestingUtil.ForTesting Credentials credentials) {
        this.initialBuckets = (List) Objects.requireNonNull(list, "initialBuckets is null");
        this.credential = ((Credentials) Objects.requireNonNull(credentials, "credentials is null")).requiredRemoteCredential();
        this.container = new MinIOContainer(DockerImageName.parse(IMAGE_NAME).withTag(IMAGE_TAG)).withUserName(this.credential.accessKey()).withPassword(this.credential.secretKey()).withEnv("MC_CONFIG_DIR", "/root/.mc/").withCopyToContainer(Transferable.of(CONFIG_TEMPLATE.formatted(this.credential.accessKey(), this.credential.secretKey())), "/root/.mc/config.json").withCopyToContainer(Transferable.of(POLICY), "/root/policy.json");
        this.container.withEnv("MINIO_DOMAIN", TestingUtil.LOCALHOST_DOMAIN);
        this.container.start();
        log.info("S3 container started on port: %s", new Object[]{this.container.getFirstMappedPort()});
        this.storageClient = (S3Client) S3Client.builder().region(Region.US_EAST_1).endpointOverride(endpoint()).forcePathStyle(true).credentialsProvider(() -> {
            return AwsBasicCredentials.create(this.credential.accessKey(), this.credential.secretKey());
        }).build();
        this.policyUserCredential = new Credential(UUID.randomUUID().toString(), UUID.randomUUID().toString());
    }

    public URI endpoint() {
        return URI.create(this.container.getS3URL());
    }

    public HostAndPort containerHost() {
        return HostAndPort.fromParts(this.container.getHost(), this.container.getFirstMappedPort().intValue());
    }

    public Credential policyUserCredential() {
        return this.policyUserCredential;
    }

    @PostConstruct
    public void setUp() {
        this.initialBuckets.forEach(str -> {
            this.storageClient.createBucket(builder -> {
                builder.bucket(str);
            });
        });
        execInContainer("Could not create user in container", "mc", "admin", "user", "add", "local", this.policyUserCredential.accessKey(), this.policyUserCredential.secretKey());
        execInContainer("Could not create policy in container", "mc", "admin", "policy", "create", "local", POLICY_NAME, "/root/policy.json");
        execInContainer("Could not attach policy in container", "mc", "admin", "policy", "attach", "local", POLICY_NAME, "--user", this.policyUserCredential.accessKey());
    }

    @PreDestroy
    public void shutdown() {
        this.container.stop();
    }

    private void execInContainer(String str, String... strArr) {
        try {
            Container.ExecResult execInContainer = this.container.execInContainer(strArr);
            if (execInContainer.getExitCode() != 0) {
                throw new RuntimeException(str + "\n" + execInContainer.getStdout() + "\n" + execInContainer.getStderr());
            }
        } catch (Exception e) {
            throw new RuntimeException(str, e);
        }
    }
}
