package com.bigstep.bdl.eks.role;

import com.amazonaws.services.identitymanagement.AmazonIdentityManagement;
import com.amazonaws.services.identitymanagement.model.AttachRolePolicyRequest;
import com.amazonaws.services.identitymanagement.model.AttachedPolicy;
import com.amazonaws.services.identitymanagement.model.CreateRoleRequest;
import com.amazonaws.services.identitymanagement.model.DeleteRoleRequest;
import com.amazonaws.services.identitymanagement.model.DetachRolePolicyRequest;
import com.amazonaws.services.identitymanagement.model.GetRoleRequest;
import com.amazonaws.services.identitymanagement.model.ListAttachedRolePoliciesRequest;
import com.amazonaws.services.identitymanagement.model.NoSuchEntityException;
import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest;
import com.amazonaws.services.securitytoken.model.GetCallerIdentityResult;
import com.bigstep.bdl.datalakes.common.backends.providers.EKS.configuration.EKSConfiguration;
import com.bigstep.bdl.datalakes.common.backends.providers.EKS.credentials.EKSCredentials;
import com.bigstep.bdl.eks.client.EKSClientFactory;

/* loaded from: input_file:BOOT-INF/lib/bdl-eks-lib-0.1.0.4.jar:com/bigstep/bdl/eks/role/RoleOperations.class */
public class RoleOperations {
    public static void createRole(EKSCredentials eKSCredentials, EKSConfiguration eKSConfiguration, String str, String str2) throws Exception {
        GetCallerIdentityResult callerIdentity = EKSClientFactory.getStsClient(eKSCredentials, eKSConfiguration.getRegion()).getCallerIdentity(new GetCallerIdentityRequest());
        AmazonIdentityManagement iamClient = EKSClientFactory.getIamClient(eKSCredentials, eKSConfiguration.getRegion());
        CreateRoleRequest createRoleRequest = new CreateRoleRequest();
        createRoleRequest.setRoleName(str);
        createRoleRequest.setDescription(str2);
        createRoleRequest.setAssumeRolePolicyDocument("{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"eks.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"},{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"" + callerIdentity.getArn() + "\"},\"Action\":\"sts:AssumeRole\"}]}");
        iamClient.createRole(createRoleRequest);
    }

    public static void attachEKSPolicies(EKSCredentials eKSCredentials, EKSConfiguration eKSConfiguration, String str) throws Exception {
        AmazonIdentityManagement iamClient = EKSClientFactory.getIamClient(eKSCredentials, eKSConfiguration.getRegion());
        AttachRolePolicyRequest attachRolePolicyRequest = new AttachRolePolicyRequest();
        attachRolePolicyRequest.setRoleName(str);
        attachRolePolicyRequest.setPolicyArn("arn:aws:iam::aws:policy/AmazonEKSServicePolicy");
        iamClient.attachRolePolicy(attachRolePolicyRequest);
        attachRolePolicyRequest.setPolicyArn("arn:aws:iam::aws:policy/AmazonEKSClusterPolicy");
        iamClient.attachRolePolicy(attachRolePolicyRequest);
    }

    public static void deleteRole(EKSCredentials eKSCredentials, EKSConfiguration eKSConfiguration, String str) throws Exception {
        AmazonIdentityManagement iamClient = EKSClientFactory.getIamClient(eKSCredentials, eKSConfiguration.getRegion());
        GetRoleRequest getRoleRequest = new GetRoleRequest();
        getRoleRequest.setRoleName(str);
        try {
            iamClient.getRole(getRoleRequest);
            ListAttachedRolePoliciesRequest listAttachedRolePoliciesRequest = new ListAttachedRolePoliciesRequest();
            listAttachedRolePoliciesRequest.setRoleName(str);
            for (AttachedPolicy attachedPolicy : iamClient.listAttachedRolePolicies(listAttachedRolePoliciesRequest).getAttachedPolicies()) {
                DetachRolePolicyRequest detachRolePolicyRequest = new DetachRolePolicyRequest();
                detachRolePolicyRequest.setRoleName(str);
                detachRolePolicyRequest.setPolicyArn(attachedPolicy.getPolicyArn());
                iamClient.detachRolePolicy(detachRolePolicyRequest);
            }
            DeleteRoleRequest deleteRoleRequest = new DeleteRoleRequest();
            deleteRoleRequest.setRoleName(str);
            iamClient.deleteRole(deleteRoleRequest);
        } catch (NoSuchEntityException e) {
        }
    }
}
