/*
Package projectinit provides a simple K8s controller for automating some common
infrastructure set up in GCP for Project resources.

This controller does not manage anything that is specific to Edge, such as
Banner setup.  Only actions that would be common to every GCP Project, such
as configuring firewall rules, should be taken by this controller.

# Firewall Configuration

- Assumes usage of the default network

# Compute SSL Policy Configuration

- Creates the "ncr-default" ComputeSSLPolicy that enforces a minimum TLS version of 1.2

# Artifact Registry Permissions

- Wires up the default Compute Engine service account for the reconciled project to be able to pull from the configured artifact registry.
*/
package projectinit

import (
	"os"

	compute "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/compute/v1beta1"
	iam "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/iam/v1beta1"
	resourcemgr "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/resourcemanager/v1beta1"
	secretmgr "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/secretmanager/v1beta1"
	"k8s.io/apimachinery/pkg/runtime"
	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
	ctrl "sigs.k8s.io/controller-runtime"

	"edge-infra.dev/pkg/k8s/runtime/controller"
	"edge-infra.dev/pkg/lib/logging"
)

// Run creates the manager, sets up the controller, and then starts the
// manager.
func Run(o ...controller.Option) error {
	ctrl.SetLogger(logging.NewLogger().Logger)
	log := ctrl.Log.WithName("setup")

	cfg, err := newConfig(os.Args)
	if err != nil {
		log.Error(err, "failed to parse startup configuration")
		return err
	}

	mgr, err := create(cfg, o...)
	if err != nil {
		log.Error(err, "failed to create controller")
		return err
	}

	log.Info("starting manager")
	if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
		log.Error(err, "problem running manager")
		return err
	}

	return nil
}

// create wires up the reconciler(s) with a created manager and returns the
// manager + setup logger
func create(cfg Config, o ...controller.Option) (ctrl.Manager, error) {
	mgr, err := CreateMgr(o...)
	if err != nil {
		return nil, err
	}

	if err := RegisterController(mgr, cfg); err != nil {
		return nil, err
	}

	return mgr, nil
}

func CreateMgr(o ...controller.Option) (ctrl.Manager, error) {
	restcfg, opts := controller.ProcessOptions(o...)
	opts.LeaderElectionID = "187187.project-manager.edge.ncr.com"
	opts.Scheme = createScheme()

	return ctrl.NewManager(restcfg, opts)
}

func RegisterController(mgr ctrl.Manager, cfg Config) error {
	return (&Reconciler{
		Client:             mgr.GetClient(),
		FirewallConfig:     cfg.Firewall,
		ArtifactRegistries: cfg.ArtifactRegistries,
		Name:               ControllerName,
		Namespace:          cfg.Namespace,
		retryInterval:      cfg.RetryInterval,
		GCPRegion:          cfg.gcpRegion,
	}).SetupWithManager(mgr)
}

func createScheme() *runtime.Scheme {
	scheme := runtime.NewScheme()

	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
	utilruntime.Must(compute.AddToScheme(scheme))
	utilruntime.Must(resourcemgr.AddToScheme(scheme))
	utilruntime.Must(iam.AddToScheme(scheme))
	utilruntime.Must(secretmgr.AddToScheme(scheme))

	return scheme
}