package io.strimzi.plugin.security.profiles.impl;

import io.fabric8.kubernetes.api.model.SecurityContext;
import io.fabric8.kubernetes.api.model.SecurityContextBuilder;
import io.strimzi.plugin.security.profiles.ContainerSecurityProviderContext;

/* loaded from: input_file:io/strimzi/plugin/security/profiles/impl/RestrictedPodSecurityProvider.class */
public class RestrictedPodSecurityProvider extends BaselinePodSecurityProvider {
    private SecurityContext createRestrictedContainerSecurityContext(ContainerSecurityProviderContext containerSecurityProviderContext) {
        if (containerSecurityProviderContext == null) {
            return null;
        }
        return containerSecurityProviderContext.userSuppliedSecurityContext() != null ? containerSecurityProviderContext.userSuppliedSecurityContext() : ((SecurityContextBuilder) ((SecurityContextBuilder) new SecurityContextBuilder().withAllowPrivilegeEscalation(false).withRunAsNonRoot(true).withNewSeccompProfile().withType("RuntimeDefault").endSeccompProfile()).withNewCapabilities().withDrop(new String[]{"ALL"}).endCapabilities()).build();
    }

    @Override // io.strimzi.plugin.security.profiles.PodSecurityProvider
    public SecurityContext zooKeeperContainerSecurityContext(ContainerSecurityProviderContext containerSecurityProviderContext) {
        return createRestrictedContainerSecurityContext(containerSecurityProviderContext);
    }

    @Override // io.strimzi.plugin.security.profiles.PodSecurityProvider
    public SecurityContext kafkaContainerSecurityContext(ContainerSecurityProviderContext containerSecurityProviderContext) {
        return createRestrictedContainerSecurityContext(containerSecurityProviderContext);
    }

    @Override // io.strimzi.plugin.security.profiles.PodSecurityProvider
    public SecurityContext kafkaInitContainerSecurityContext(ContainerSecurityProviderContext containerSecurityProviderContext) {
        return createRestrictedContainerSecurityContext(containerSecurityProviderContext);
    }

    @Override // io.strimzi.plugin.security.profiles.PodSecurityProvider
    public SecurityContext entityTopicOperatorContainerSecurityContext(ContainerSecurityProviderContext containerSecurityProviderContext) {
        return createRestrictedContainerSecurityContext(containerSecurityProviderContext);
    }

    @Override // io.strimzi.plugin.security.profiles.PodSecurityProvider
    public SecurityContext entityUserOperatorContainerSecurityContext(ContainerSecurityProviderContext containerSecurityProviderContext) {
        return createRestrictedContainerSecurityContext(containerSecurityProviderContext);
    }

    @Override // io.strimzi.plugin.security.profiles.PodSecurityProvider
    public SecurityContext entityOperatorTlsSidecarContainerSecurityContext(ContainerSecurityProviderContext containerSecurityProviderContext) {
        return createRestrictedContainerSecurityContext(containerSecurityProviderContext);
    }

    @Override // io.strimzi.plugin.security.profiles.PodSecurityProvider
    public SecurityContext kafkaExporterContainerSecurityContext(ContainerSecurityProviderContext containerSecurityProviderContext) {
        return createRestrictedContainerSecurityContext(containerSecurityProviderContext);
    }

    @Override // io.strimzi.plugin.security.profiles.PodSecurityProvider
    public SecurityContext cruiseControlContainerSecurityContext(ContainerSecurityProviderContext containerSecurityProviderContext) {
        return createRestrictedContainerSecurityContext(containerSecurityProviderContext);
    }

    @Override // io.strimzi.plugin.security.profiles.PodSecurityProvider
    public SecurityContext kafkaConnectContainerSecurityContext(ContainerSecurityProviderContext containerSecurityProviderContext) {
        return createRestrictedContainerSecurityContext(containerSecurityProviderContext);
    }

    @Override // io.strimzi.plugin.security.profiles.PodSecurityProvider
    public SecurityContext kafkaConnectInitContainerSecurityContext(ContainerSecurityProviderContext containerSecurityProviderContext) {
        return createRestrictedContainerSecurityContext(containerSecurityProviderContext);
    }

    @Override // io.strimzi.plugin.security.profiles.PodSecurityProvider
    public SecurityContext kafkaConnectBuildContainerSecurityContext(ContainerSecurityProviderContext containerSecurityProviderContext) {
        if (containerSecurityProviderContext == null || containerSecurityProviderContext.userSuppliedSecurityContext() == null) {
            throw new UnsupportedOperationException("Kafka Connect Build using the Kaniko builder is not available under the restricted security profile");
        }
        return containerSecurityProviderContext.userSuppliedSecurityContext();
    }

    @Override // io.strimzi.plugin.security.profiles.PodSecurityProvider
    public SecurityContext kafkaMirrorMakerContainerSecurityContext(ContainerSecurityProviderContext containerSecurityProviderContext) {
        return createRestrictedContainerSecurityContext(containerSecurityProviderContext);
    }

    @Override // io.strimzi.plugin.security.profiles.PodSecurityProvider
    public SecurityContext bridgeContainerSecurityContext(ContainerSecurityProviderContext containerSecurityProviderContext) {
        return createRestrictedContainerSecurityContext(containerSecurityProviderContext);
    }

    @Override // io.strimzi.plugin.security.profiles.PodSecurityProvider
    public SecurityContext bridgeInitContainerSecurityContext(ContainerSecurityProviderContext containerSecurityProviderContext) {
        return createRestrictedContainerSecurityContext(containerSecurityProviderContext);
    }
}
