package gkeauth

import (
	"context"
	"fmt"
	"log"
	"net/http"

	"golang.org/x/oauth2"
	"golang.org/x/oauth2/google"
	"k8s.io/client-go/rest"
)

var (
	gkeAuthPlugin = "gke-auth"
	googleScopes  = []string{
		"https://www.googleapis.com/auth/cloud-platform",
		"https://www.googleapis.com/auth/userinfo.email"}
)

func init() {
	if err := rest.RegisterAuthProviderPlugin(gkeAuthPlugin, newGCPAuthProvider); err != nil {
		log.Fatalf("Failed to register gcp auth plugin: %v", err)
	}
}

var _ rest.AuthProvider = &gcpAuthProvider{}

type gcpAuthProvider struct {
	tokenSource oauth2.TokenSource
}

func (g *gcpAuthProvider) WrapTransport(rt http.RoundTripper) http.RoundTripper {
	return &oauth2.Transport{
		Base:   rt,
		Source: g.tokenSource,
	}
}
func (g *gcpAuthProvider) Login() error { return nil }

func newGCPAuthProvider(_ string, _ map[string]string, _ rest.AuthProviderConfigPersister) (rest.AuthProvider, error) {
	ts, err := google.DefaultTokenSource(context.Background(), googleScopes...)
	if err != nil {
		return nil, fmt.Errorf("failed to create google token source: %+v", err)
	}
	return &gcpAuthProvider{tokenSource: ts}, nil
}