package externalsecrets

import (
	"edge-infra.dev/pkg/edge/constants"
	"edge-infra.dev/pkg/k8s/konfigkonnector/apis/meta"

	goext "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"

	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func BuildDefaultEdgeClusterSecretStore(projectID string) *goext.ClusterSecretStore {
	goExtSecNamespace := SecretNamespace
	return &goext.ClusterSecretStore{
		TypeMeta: metav1.TypeMeta{
			APIVersion: goext.SchemeGroupVersion.String(),
			Kind:       goext.ClusterSecretStoreKind,
		},
		ObjectMeta: metav1.ObjectMeta{
			Labels: map[string]string{
				constants.Tenant: projectID,
			},
			Annotations: map[string]string{
				meta.ProjectAnnotation: projectID,
			},
			Name: gcpProvider,
		},
		Spec: goext.SecretStoreSpec{
			Provider: &goext.SecretStoreProvider{
				GCPSM: &goext.GCPSMProvider{
					Auth: goext.GCPSMAuth{
						SecretRef: &goext.GCPSMAuthSecretRef{
							SecretAccessKey: esmeta.SecretKeySelector{
								Namespace: &goExtSecNamespace,
								Name:      SecretName,
								Key:       SecretKey,
							},
						},
					},
					ProjectID: projectID,
				},
			},
		},
	}
}