package sequel

import (
	"fmt"
	"testing"

	iamAPI "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/iam/v1beta1"
	sqlAPI "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/sql/v1beta1"
	"github.com/davecgh/go-spew/spew"
	testifyAssert "github.com/stretchr/testify/assert"
	"gotest.tools/v3/assert"
	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/apimachinery/pkg/types"
	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"

	backendv1 "edge-infra.dev/pkg/edge/apis/sequel/k8s/v1alpha2"
	"edge-infra.dev/pkg/k8s/testing/kmp"
	"edge-infra.dev/pkg/lib/uuid"
	"edge-infra.dev/test/f2"
	"edge-infra.dev/test/f2/x/ktest"
)

func TestCreateBuiltInUser(t *testing.T) {
	t.Skip("TODO(pa250194_ncrvoyix): fix errors")
	namespace := uuid.New().UUID
	usr := mockDatabaseUser("sequelbuiltinuser", namespace, backendv1.BuiltInUserType)

	sequelUser := f2.NewFeature("BuiltIn User").
		Test("BuiltIn User reconciles", func(ctx f2.Context, t *testing.T) f2.Context {
			k := ktest.FromContextT(ctx, t)
			assert.NilError(t, k.Client.Create(ctx, usr))
			k.WaitOn(t, k.Check(usr, kmp.IsReady()))
			return ctx
		}).
		Test("Finalizer is added", func(ctx f2.Context, t *testing.T) f2.Context {
			if controllerutil.ContainsFinalizer(usr, backendv1.SequelFinalizer) {
				t.Error("finalizer not added to database user", spew.Sprintln(usr))
			}
			return ctx
		}).
		Test("CloudSQL User created", func(ctx f2.Context, t *testing.T) f2.Context {
			k := ktest.FromContextT(ctx, t)
			cloudSQLUsr := &sqlAPI.SQLUser{}
			assert.NilError(t, k.Client.Get(ctx, types.NamespacedName{
				Name:      usr.Name,
				Namespace: usr.Namespace,
			}, cloudSQLUsr))
			assert.Equal(t, cloudSQLUsr.Name, usr.Name)
			assert.Equal(t, cloudSQLUsr.Namespace, usr.Namespace)
			assert.Equal(t, cloudSQLUsr.Spec.Type, backendv1.BuiltInUserType)
			testifyAssert.Empty(t, cloudSQLUsr)
			return ctx
		}).Feature()

	f.Test(t, sequelUser)
}

func TestCreateIAMServiceAccountUser(t *testing.T) {
	t.Skip("TODO(pa250194_ncrvoyix): fix errors")
	namespace := uuid.New().UUID
	usr := mockDatabaseUser("sequeliamsauser", namespace, backendv1.CloudSAUserType)

	sequelUser := f2.NewFeature("IAM Service Account User").
		Test("IAM Service Account User reconciles", func(ctx f2.Context, t *testing.T) f2.Context {
			k := ktest.FromContextT(ctx, t)
			assert.NilError(t, k.Client.Create(ctx, usr))
			k.WaitOn(t, k.Check(usr, kmp.IsReady()))
			return ctx
		}).Test("Finalizer is added", func(ctx f2.Context, t *testing.T) f2.Context {
		if !controllerutil.ContainsFinalizer(usr, backendv1.SequelFinalizer) {
			t.Error("finalizer not added to database user", spew.Sprintln(usr))
		}

		return ctx
	}).
		Test("CloudSQL User created", func(ctx f2.Context, t *testing.T) f2.Context {
			k := ktest.FromContextT(ctx, t)
			cloudSQLUsr := &sqlAPI.SQLUser{}
			assert.NilError(t, k.Client.Get(ctx, types.NamespacedName{
				Name:      usr.Name,
				Namespace: usr.Namespace,
			}, cloudSQLUsr))
			assert.Equal(t, cloudSQLUsr.Name, usr.Name)
			assert.Equal(t, cloudSQLUsr.Namespace, usr.Namespace)
			assert.Equal(t, cloudSQLUsr.Spec.Type, backendv1.CloudSAUserType)
			assert.Assert(t, cloudSQLUsr != nil)
			return ctx
		}).
		Test("SQL Client IAM Policy Member created", func(ctx f2.Context, t *testing.T) f2.Context {
			k := ktest.FromContextT(ctx, t)
			iamSQLClientPerms := &iamAPI.IAMPolicyMember{}
			assert.NilError(t, k.Client.Get(ctx, types.NamespacedName{
				Name:      fmt.Sprintf("%s-%s", usr.Name, sqlClientPrefix),
				Namespace: usr.Namespace,
			}, iamSQLClientPerms))
			assert.Equal(t, iamSQLClientPerms.Spec.Role, sqlClientPerms)
			assert.Equal(t, iamSQLClientPerms.Namespace, usr.Namespace)
			return ctx
		}).
		Test("SQL Instance User IAM Policy Member created", func(ctx f2.Context, t *testing.T) f2.Context {
			k := ktest.FromContextT(ctx, t)
			iamSQLUserPerms := &iamAPI.IAMPolicyMember{}
			assert.NilError(t, k.Client.Get(ctx, types.NamespacedName{
				Name:      fmt.Sprintf("%s-%s", usr.Name, sqlUserPrefix),
				Namespace: usr.Namespace,
			}, iamSQLUserPerms))
			assert.Equal(t, iamSQLUserPerms.Spec.Role, instanceUserPerms)
			assert.Equal(t, iamSQLUserPerms.Namespace, usr.Namespace)
			return ctx
		}).Feature()

	f.Test(t, sequelUser)
}

func mockDatabaseUser(name, namespace, _type string) *backendv1.DatabaseUser {
	return &backendv1.DatabaseUser{
		TypeMeta: v1.TypeMeta{
			APIVersion: backendv1.UserGVK.GroupVersion().String(),
			Kind:       backendv1.UserGVK.Kind,
		},
		ObjectMeta: v1.ObjectMeta{
			Name:      name,
			Namespace: namespace,
		},
		Spec: backendv1.UserSpec{
			Type: _type,
			InstanceRef: backendv1.InstanceReference{
				Name:      "sequel",
				ProjectID: "ret-dev-sequel",
			},
			Grants: []backendv1.Grant{
				{
					Schema: "public",
					TableGrant: []backendv1.TableGrant{
						{
							Table: "clusters",
							Permissions: []backendv1.Permissions{
								{
									Permission: "INSERT",
								},
							},
						},
					},
				},
			},
		},
	}
}