package clients

import (
	"context"
	"encoding/json"
	"fmt"

	"edge-infra.dev/pkg/edge/bsl"
	"edge-infra.dev/pkg/lib/gcp/secretmanager"
)

type ForemanSecretManagerClient struct {
	Client *secretmanager.SecretManager
}

func (f ForemanSecretManagerClient) GetForemanSecret(ctx context.Context, organization string) (*bsl.AccessKey, error) {
	bits, err := f.Client.GetLatestSecretValue(ctx, organization)
	if err != nil {
		return nil, err
	}
	return mapToAccessKey(bits)
}

func mapToAccessKey(bits []byte) (*bsl.AccessKey, error) {
	var keyMap map[string]string
	err := json.Unmarshal(bits, &keyMap)
	if err != nil {
		return nil, err
	}
	if err := validateKeys(keyMap); err != nil {
		return nil, err
	}
	return &bsl.AccessKey{
		SharedKey: keyMap[bsl.SharedKey],
		SecretKey: keyMap[bsl.SecretKey],
	}, nil
}

func validateKeys(keyMap map[string]string) error {
	if _, ok := keyMap[bsl.SharedKey]; !ok {
		return fmt.Errorf("missing %s", bsl.SharedKey)
	}
	if _, ok := keyMap[bsl.SecretKey]; !ok {
		return fmt.Errorf("missing %s", bsl.SecretKey)
	}
	return nil
}

func NewForemanSecretManagerClient(ctx context.Context, projectID string) (ForemanSecretManagerClient, error) {
	client, err := secretmanager.NewWithOptions(ctx, projectID)
	if err != nil {
		return ForemanSecretManagerClient{}, err
	}

	return ForemanSecretManagerClient{
		Client: &client,
	}, nil
}