package clustersecrets

import (
	"context"
	"database/sql"

	"edge-infra.dev/pkg/edge/api/types"

	"edge-infra.dev/pkg/edge/api/graph/model"
	"edge-infra.dev/pkg/edge/api/services"
	cc "edge-infra.dev/pkg/sds/clustersecrets/common"
)

//go:generate mockgen -destination=../../mocks/mock_cluster_secret_service.go -package=mocks edge-infra.dev/pkg/edge/api/services/clustersecrets ClusterSecretService
type ClusterSecretService interface {
	VerifySecretAndLeaseExist(ctx context.Context, clusterEdgeID string, secret cc.Secret) error
	// Cluster Secret Leases
	ObtainLease(ctx context.Context, clusterEdgeID string) (bool, error)
	ReleaseLease(ctx context.Context, clusterEdgeID string) error
	RevokeLease(ctx context.Context, clusterEdgeID string, username string) error
	RemoveUserFromLease(ctx context.Context, clusterSecretLeaseEdgeID string) error
	FetchLease(ctx context.Context, clusterEdgeID string) (model.ClusterSecretLease, error)
	FetchLeaseID(ctx context.Context, clusterEdgeID string) (string, error)
	CreateLease(ctx context.Context, clusterEdgeID string) (string, error)
	VerifyLeaseExists(ctx context.Context, clusterEdgeID string) (string, error)
	// Cluster Secrets
	AddClusterSecret(ctx context.Context, secret cc.ClusterSecret) error
	UpdateClusterSecret(ctx context.Context, clusterSecretEdgeID string, clusterSecretType model.ClusterSecretType, version string) error
	FetchClusterSecret(ctx context.Context, clusterEdgeID string, secretType model.ClusterSecretType) (cc.ClusterSecret, error)
	ExpireClusterSecrets(ctx context.Context, clusterSecretLeaseEdgeID string) error
	FetchClusterSecretVersions(ctx context.Context, clusterEdgeID string, secretType model.ClusterSecretType) ([]*model.ClusterSecretVersionInfo, error)
	VerifyClusterSecretExists(ctx context.Context, clusterEdgeID string, secret cc.Secret, leaseID string) error
	CheckSecretIsExpired(ctx context.Context, clusterEdgeID string, clusterSecretType model.ClusterSecretType) (bool, error)
	// Terminal Cluster Secrets
	FetchLatestTerminalClusterSecrets(ctx context.Context, clusterEdgeID string) ([]cc.TerminalClusterSecret, error)
}

type clusterSecretService struct {
	SQLDB      *sql.DB
	GCPService services.GCPService
	*types.Config
}

type SecuritySettings struct {
	EdgeSecurityCompliance  bool
	MaxLeasePeriod          string
	MaxSecretValidityPeriod string
}

// NewClusterSecretService returns a new cluster secret service
func NewClusterSecretService(sqlDB *sql.DB, gcpService services.GCPService, cfg *types.Config) *clusterSecretService { //nolint:revive
	return &clusterSecretService{
		SQLDB:      sqlDB,
		GCPService: gcpService,
		Config:     cfg,
	}
}

// VerifySecretAndLeaseExist checks that the cluster secret and lease exist in the db
func (s *clusterSecretService) VerifySecretAndLeaseExist(ctx context.Context, clusterEdgeID string, secret cc.Secret) error {
	leaseID, err := s.VerifyLeaseExists(ctx, clusterEdgeID)
	if err != nil {
		return err
	}
	return s.VerifyClusterSecretExists(ctx, clusterEdgeID, secret, leaseID)
}