package mapper

import (
	"encoding/base64"
	"encoding/json"
	"fmt"

	goext "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
	"github.com/rs/zerolog/log"
	corev1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
	"k8s.io/apimachinery/pkg/runtime"

	"edge-infra.dev/pkg/edge/api/graph/model"
	"edge-infra.dev/pkg/edge/api/utils"
)

func ToSecrets(secrets []corev1.Secret) []*model.Secret {
	var secretModels []*model.Secret
	for _, secret := range secrets {
		secretModels = append(secretModels, ToSecret(&secret)) //nolint
	}
	return secretModels
}

func ToSecret(secret *corev1.Secret) *model.Secret {
	return &model.Secret{
		Name:      secret.Name,
		Namespace: secret.Namespace,
		CreatedOn: secret.ObjectMeta.CreationTimestamp.Format(TimeFormat),
	}
}

func ToCreateSecretObject(name string, namespace string, values []*model.KeyValues) (*corev1.Secret, error) {
	v1secret := corev1.Secret{
		TypeMeta: metav1.TypeMeta{
			Kind:       "Secret",
			APIVersion: "v1",
		},
	}
	v1secret.ObjectMeta.Name = name
	v1secret.ObjectMeta.Namespace = ConvertK8sName(namespace)
	var data = make(map[string][]byte)
	for _, value := range values {
		var decodedValue []byte
		decodedValue, err := base64.StdEncoding.DecodeString(value.Value)
		if err != nil {
			log.Err(err).Msg("invalid decodedValue, value needs to be in base64")
			return nil, fmt.Errorf("invalid decodedValue, value needs to be in base64")
		}
		data[value.Key] = decodedValue
	}
	v1secret.Data = data
	return &v1secret, nil
}

func ToConvertUnstructuredToSecret(resources *unstructured.UnstructuredList) ([]corev1.Secret, error) {
	resp := make([]corev1.Secret, 0)
	for _, item := range resources.Items {
		converted := &corev1.Secret{}
		err := runtime.DefaultUnstructuredConverter.
			FromUnstructured(item.UnstructuredContent(), &converted)
		if err != nil {
			return nil, err
		}
		resp = append(resp, *converted)
	}

	return resp, nil
}

func ToConvertSecretToUnstructured(secret *corev1.Secret) (*unstructured.Unstructured, error) {
	converted, err := runtime.DefaultUnstructuredConverter.ToUnstructured(secret)
	if err != nil {
		return nil, err
	}

	return &unstructured.Unstructured{Object: converted}, nil
}

func BuildSecret(secret *corev1.Secret, endpoint string, isRedacted bool) string {
	s := `
apiVersion: v1
kind: Secret
data:
	clientCert:	""
	clientKey:	""
	clusterCA: %s
	endpoint: %s
	password: ""
	username: %s
	namespace: %s
metadata:
	namespace: %s
	name: %s
`
	if isRedacted {
		return fmt.Sprintf(s, "********", endpoint, "default-agent", secret.Namespace, secret.Namespace, secret.Name)
	}
	return fmt.Sprintf(s, base64.StdEncoding.EncodeToString(secret.Data["ca.crt"]), endpoint, "default-agent", secret.Namespace, secret.Namespace, secret.Name)
}

func ToBase64StringFromExternalSecret(externalSecret *goext.ExternalSecret) (string, error) {
	esByte, err := json.Marshal(externalSecret)
	if err != nil {
		return "", err
	}
	esBase64 := utils.ToBase64(esByte)
	return esBase64, nil
}

func ToBase64StringFromClusterExternalSecret(clusterExternalSecret *goext.ClusterExternalSecret) (string, error) {
	cesByte, err := json.Marshal(clusterExternalSecret)
	if err != nil {
		return "", err
	}
	cesBase64 := utils.ToBase64(cesByte)
	return cesBase64, nil
}