package io.strimzi.plugin.security.profiles.impl;

import io.fabric8.kubernetes.api.model.PodSecurityContext;
import io.fabric8.kubernetes.api.model.PodSecurityContextBuilder;
import io.strimzi.api.kafka.model.kafka.JbodStorage;
import io.strimzi.api.kafka.model.kafka.PersistentClaimStorage;
import io.strimzi.api.kafka.model.kafka.SingleVolumeStorage;
import io.strimzi.api.kafka.model.kafka.Storage;
import io.strimzi.platform.PlatformFeatures;
import io.strimzi.plugin.security.profiles.PodSecurityProvider;
import io.strimzi.plugin.security.profiles.PodSecurityProviderContext;
import java.util.Iterator;

/* loaded from: input_file:io/strimzi/plugin/security/profiles/impl/BaselinePodSecurityProvider.class */
public class BaselinePodSecurityProvider implements PodSecurityProvider {
    protected static final Long DEFAULT_FS_GROUP_ID = 0L;
    protected boolean isOpenShift = false;

    @Override // io.strimzi.plugin.security.profiles.PodSecurityProvider
    public void configure(PlatformFeatures platformFeatures) {
        this.isOpenShift = platformFeatures.isOpenshift();
    }

    private boolean usesPersistentStorage(Storage storage) {
        if (!(storage instanceof JbodStorage)) {
            return storage instanceof PersistentClaimStorage;
        }
        Iterator<SingleVolumeStorage> it = ((JbodStorage) storage).getVolumes().iterator();
        while (it.hasNext()) {
            if (it.next() instanceof PersistentClaimStorage) {
                return true;
            }
        }
        return false;
    }

    private PodSecurityContext createStatefulPodSecurityContext(PodSecurityProviderContext podSecurityProviderContext) {
        if (podSecurityProviderContext == null) {
            return null;
        }
        if (podSecurityProviderContext.userSuppliedSecurityContext() != null) {
            return podSecurityProviderContext.userSuppliedSecurityContext();
        }
        if (!this.isOpenShift && usesPersistentStorage(podSecurityProviderContext.storage())) {
            return new PodSecurityContextBuilder().withFsGroup(DEFAULT_FS_GROUP_ID).build();
        }
        return null;
    }

    @Override // io.strimzi.plugin.security.profiles.PodSecurityProvider
    public PodSecurityContext zooKeeperPodSecurityContext(PodSecurityProviderContext podSecurityProviderContext) {
        return createStatefulPodSecurityContext(podSecurityProviderContext);
    }

    @Override // io.strimzi.plugin.security.profiles.PodSecurityProvider
    public PodSecurityContext kafkaPodSecurityContext(PodSecurityProviderContext podSecurityProviderContext) {
        return createStatefulPodSecurityContext(podSecurityProviderContext);
    }
}
