package org.elasticsearch.xpack.transform.action;

import java.io.IOException;
import java.time.Instant;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.ElasticsearchStatusException;
import org.elasticsearch.ResourceAlreadyExistsException;
import org.elasticsearch.Version;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.support.ActionFilters;
import org.elasticsearch.action.support.IndicesOptions;
import org.elasticsearch.action.support.master.AcknowledgedResponse;
import org.elasticsearch.action.support.master.MasterNodeRequest;
import org.elasticsearch.action.support.master.TransportMasterNodeAction;
import org.elasticsearch.client.Client;
import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.block.ClusterBlockException;
import org.elasticsearch.cluster.block.ClusterBlockLevel;
import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.CheckedConsumer;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.ingest.IngestService;
import org.elasticsearch.license.License;
import org.elasticsearch.license.LicenseUtils;
import org.elasticsearch.license.RemoteClusterLicenseChecker;
import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.persistent.PersistentTasksCustomMetaData;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.RemoteClusterService;
import org.elasticsearch.transport.TransportService;
import org.elasticsearch.xpack.core.ClientHelper;
import org.elasticsearch.xpack.core.XPackPlugin;
import org.elasticsearch.xpack.core.XPackSettings;
import org.elasticsearch.xpack.core.common.validation.SourceDestValidator;
import org.elasticsearch.xpack.core.security.SecurityContext;
import org.elasticsearch.xpack.core.security.action.user.HasPrivilegesAction;
import org.elasticsearch.xpack.core.security.action.user.HasPrivilegesRequest;
import org.elasticsearch.xpack.core.security.action.user.HasPrivilegesResponse;
import org.elasticsearch.xpack.core.security.authz.RoleDescriptor;
import org.elasticsearch.xpack.core.security.support.Exceptions;
import org.elasticsearch.xpack.core.transform.TransformMessages;
import org.elasticsearch.xpack.core.transform.action.PutTransformAction;
import org.elasticsearch.xpack.core.transform.transforms.TransformConfig;
import org.elasticsearch.xpack.transform.Transform;
import org.elasticsearch.xpack.transform.TransformServices;
import org.elasticsearch.xpack.transform.notifications.TransformAuditor;
import org.elasticsearch.xpack.transform.persistence.TransformConfigManager;
import org.elasticsearch.xpack.transform.transforms.pivot.Pivot;
import org.elasticsearch.xpack.transform.utils.SourceDestValidations;

/* loaded from: input_file:org/elasticsearch/xpack/transform/action/TransportPutTransformAction.class */
public class TransportPutTransformAction extends TransportMasterNodeAction<PutTransformAction.Request, AcknowledgedResponse> {
    private static final Logger logger = LogManager.getLogger(TransportPutTransformAction.class);
    private final XPackLicenseState licenseState;
    private final Client client;
    private final TransformConfigManager transformConfigManager;
    private final SecurityContext securityContext;
    private final TransformAuditor auditor;
    private final SourceDestValidator sourceDestValidator;
    private final IngestService ingestService;

    @Inject
    public TransportPutTransformAction(Settings settings, TransportService transportService, ThreadPool threadPool, ActionFilters actionFilters, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService, XPackLicenseState xPackLicenseState, TransformServices transformServices, Client client, IngestService ingestService) {
        this("cluster:admin/transform/put", settings, transportService, threadPool, actionFilters, indexNameExpressionResolver, clusterService, xPackLicenseState, transformServices, client, ingestService);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TransportPutTransformAction(String str, Settings settings, TransportService transportService, ThreadPool threadPool, ActionFilters actionFilters, IndexNameExpressionResolver indexNameExpressionResolver, ClusterService clusterService, XPackLicenseState xPackLicenseState, TransformServices transformServices, Client client, IngestService ingestService) {
        super(str, transportService, clusterService, threadPool, actionFilters, PutTransformAction.Request::new, indexNameExpressionResolver);
        this.licenseState = xPackLicenseState;
        this.client = client;
        this.transformConfigManager = transformServices.getConfigManager();
        this.securityContext = ((Boolean) XPackSettings.SECURITY_ENABLED.get(settings)).booleanValue() ? new SecurityContext(settings, threadPool.getThreadContext()) : null;
        this.auditor = transformServices.getAuditor();
        this.sourceDestValidator = new SourceDestValidator(indexNameExpressionResolver, transportService.getRemoteClusterService(), ((Boolean) RemoteClusterService.ENABLE_REMOTE_CLUSTERS.get(settings)).booleanValue() ? new RemoteClusterLicenseChecker(client, XPackLicenseState::isTransformAllowedForOperationMode) : null, clusterService.getNodeName(), License.OperationMode.BASIC.description());
        this.ingestService = ingestService;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static HasPrivilegesRequest buildPrivilegeCheck(TransformConfig transformConfig, IndexNameExpressionResolver indexNameExpressionResolver, ClusterState clusterState, String str) {
        String index = transformConfig.getDestination().getIndex();
        String[] concreteIndexNames = indexNameExpressionResolver.concreteIndexNames(clusterState, IndicesOptions.lenientExpandOpen(), new String[]{transformConfig.getDestination().getIndex()});
        ArrayList arrayList = new ArrayList(2);
        arrayList.add("read");
        ArrayList arrayList2 = new ArrayList(3);
        arrayList2.add("read");
        arrayList2.add("index");
        if (concreteIndexNames.length == 0) {
            arrayList2.add("create_index");
            arrayList.add("view_index_metadata");
        }
        RoleDescriptor.IndicesPrivileges build = RoleDescriptor.IndicesPrivileges.builder().indices(new String[]{index}).privileges(arrayList2).build();
        RoleDescriptor.IndicesPrivileges build2 = RoleDescriptor.IndicesPrivileges.builder().indices(transformConfig.getSource().getIndex()).privileges(arrayList).build();
        HasPrivilegesRequest hasPrivilegesRequest = new HasPrivilegesRequest();
        hasPrivilegesRequest.applicationPrivileges(new RoleDescriptor.ApplicationResourcePrivileges[0]);
        hasPrivilegesRequest.username(str);
        hasPrivilegesRequest.clusterPrivileges(Strings.EMPTY_ARRAY);
        hasPrivilegesRequest.indexPrivileges(new RoleDescriptor.IndicesPrivileges[]{build2, build});
        return hasPrivilegesRequest;
    }

    protected String executor() {
        return "same";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: read, reason: merged with bridge method [inline-methods] */
    public AcknowledgedResponse m9read(StreamInput streamInput) throws IOException {
        return new AcknowledgedResponse(streamInput);
    }

    protected void masterOperation(PutTransformAction.Request request, ClusterState clusterState, ActionListener<AcknowledgedResponse> actionListener) throws Exception {
        if (!this.licenseState.isTransformAllowed()) {
            actionListener.onFailure(LicenseUtils.newComplianceException(Transform.NAME));
            return;
        }
        XPackPlugin.checkReadyForXPackCustomMetadata(clusterState);
        TransformConfig version = request.getConfig().setHeaders((Map) this.threadPool.getThreadContext().getHeaders().entrySet().stream().filter(entry -> {
            return ClientHelper.SECURITY_HEADER_FILTERS.contains(entry.getKey());
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }))).setCreateTime(Instant.now()).setVersion(Version.CURRENT);
        String id = version.getId();
        if (PersistentTasksCustomMetaData.getTaskWithId(clusterState, id) != null) {
            actionListener.onFailure(new ResourceAlreadyExistsException(TransformMessages.getMessage("Transform with id [{0}] already exists", new Object[]{id}), new Object[0]));
            return;
        }
        SourceDestValidator sourceDestValidator = this.sourceDestValidator;
        String[] index = version.getSource().getIndex();
        String index2 = version.getDestination().getIndex();
        List<SourceDestValidator.SourceDestValidation> list = request.isDeferValidation() ? SourceDestValidations.NON_DEFERABLE_VALIDATIONS : SourceDestValidations.ALL_VALIDATIONS;
        CheckedConsumer checkedConsumer = bool -> {
            if (!this.licenseState.isAuthAllowed() || request.isDeferValidation()) {
                putTransform(request, actionListener);
                return;
            }
            String principal = this.securityContext.getUser().principal();
            HasPrivilegesRequest buildPrivilegeCheck = buildPrivilegeCheck(version, this.indexNameExpressionResolver, clusterState, principal);
            CheckedConsumer checkedConsumer2 = hasPrivilegesResponse -> {
                handlePrivsResponse(principal, request, hasPrivilegesResponse, actionListener);
            };
            Objects.requireNonNull(actionListener);
            this.client.execute(HasPrivilegesAction.INSTANCE, buildPrivilegeCheck, ActionListener.wrap(checkedConsumer2, actionListener::onFailure));
        };
        Objects.requireNonNull(actionListener);
        sourceDestValidator.validate(clusterState, index, index2, list, ActionListener.wrap(checkedConsumer, actionListener::onFailure));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClusterBlockException checkBlock(PutTransformAction.Request request, ClusterState clusterState) {
        return clusterState.blocks().globalBlockedException(ClusterBlockLevel.METADATA_WRITE);
    }

    private void handlePrivsResponse(String str, PutTransformAction.Request request, HasPrivilegesResponse hasPrivilegesResponse, ActionListener<AcknowledgedResponse> actionListener) {
        if (hasPrivilegesResponse.isCompleteMatch()) {
            putTransform(request, actionListener);
        } else {
            actionListener.onFailure(Exceptions.authorizationError("Cannot create transform [{}] because user {} lacks all the required permissions for indices: {}", new Object[]{request.getConfig().getId(), str, (List) hasPrivilegesResponse.getIndexPrivileges().stream().map((v0) -> {
                return v0.getResource();
            }).collect(Collectors.toList())}));
        }
    }

    private void putTransform(PutTransformAction.Request request, ActionListener<AcknowledgedResponse> actionListener) {
        TransformConfig config = request.getConfig();
        Pivot pivot = new Pivot(config.getPivotConfig());
        CheckedConsumer checkedConsumer = bool -> {
            logger.debug("[{}] created transform", config.getId());
            this.auditor.info(config.getId(), "Created transform.");
            actionListener.onResponse(new AcknowledgedResponse(true));
        };
        Objects.requireNonNull(actionListener);
        ActionListener wrap = ActionListener.wrap(checkedConsumer, actionListener::onFailure);
        ActionListener<Boolean> wrap2 = ActionListener.wrap(bool2 -> {
            this.transformConfigManager.putTransformConfiguration(config, wrap);
        }, exc -> {
            if (exc instanceof ElasticsearchStatusException) {
                actionListener.onFailure(new ElasticsearchStatusException("Failed to validate configuration", ((ElasticsearchStatusException) exc).status(), exc, new Object[0]));
            } else {
                actionListener.onFailure(new ElasticsearchStatusException("Failed to validate configuration", RestStatus.INTERNAL_SERVER_ERROR, exc, new Object[0]));
            }
        });
        try {
            pivot.validateConfig();
            if (request.isDeferValidation()) {
                wrap2.onResponse(true);
            } else if (config.getDestination().getPipeline() == null || this.ingestService.getPipeline(config.getDestination().getPipeline()) != null) {
                pivot.validateQuery(this.client, config.getSource(), wrap2);
            } else {
                actionListener.onFailure(new ElasticsearchStatusException(TransformMessages.getMessage("Pipeline with id [{0}] could not be found", new Object[]{config.getDestination().getPipeline()}), RestStatus.BAD_REQUEST, new Object[0]));
            }
        } catch (ElasticsearchStatusException e) {
            actionListener.onFailure(new ElasticsearchStatusException("Failed to validate configuration", e.status(), e, new Object[0]));
        } catch (Exception e2) {
            actionListener.onFailure(new ElasticsearchStatusException("Failed to validate configuration", RestStatus.INTERNAL_SERVER_ERROR, e2, new Object[0]));
        }
    }

    protected /* bridge */ /* synthetic */ void masterOperation(MasterNodeRequest masterNodeRequest, ClusterState clusterState, ActionListener actionListener) throws Exception {
        masterOperation((PutTransformAction.Request) masterNodeRequest, clusterState, (ActionListener<AcknowledgedResponse>) actionListener);
    }
}
