package iam_test

import (
	"context"
	"log"
	"net/http"
	"os"
	"testing"

	"github.com/stretchr/testify/assert"
	"google.golang.org/api/cloudresourcemanager/v1"
	"google.golang.org/api/option"

	"edge-infra.dev/pkg/lib/gcp/iam"
	"edge-infra.dev/pkg/lib/gcp/iam/utils"
)

const (
	testProject             = "test"
	projectID               = "projects/test"
	testServiceAccountEmail = "test-app@appspot.gserviceaccount.com"
	testOauth2ClientID      = "test-oauth-2-client-id"
	displayName             = "test-sa"
	description             = "Test Service Account"
	accountID               = "test-account-id"
	roleName                = "test-role"
	roleTitle               = "Test Role"
	roleDescription         = "Test Role Description"
)

var (
	rolePermissions = []string{"compute.addresses.get", "compute.autoscalers.get", "compute.backendBuckets.get"}
)

var (
	hc         *http.Client
	iamservice *iam.IAMService
	crmservice *iam.CloudResourceManagerService
	closer     func()
)

func TestMain(m *testing.M) {
	hc, closer = utils.NewIAMTestServer(projectID, testProject, testServiceAccountEmail, testOauth2ClientID)
	ctx := context.Background()
	iamService, err := iam.NewIAMService(ctx, option.WithHTTPClient(hc))
	if err != nil {
		log.Fatal(err)
	}
	crmService, err := iam.NewCRMService(ctx, option.WithHTTPClient(hc))
	if err != nil {
		log.Fatal(err)
	}
	iamservice = iamService
	crmservice = crmService
	run := m.Run()
	closer()
	os.Exit(run)
}

func TestCreateServiceAccount(t *testing.T) {
	ctx := context.Background()
	assert.NotNil(t, iamservice)
	sa := iam.NewServiceAccount(displayName, description)
	actualSARequest := iam.NewServiceAccountRequest(accountID, sa)
	sa, err := iamservice.CreateServiceAccount(ctx, projectID, actualSARequest)
	assert.NoError(t, err)
	assert.NotEmpty(t, sa)
}

func TestGetServiceAccount(t *testing.T) {
	ctx := context.Background()
	assert.NotNil(t, iamservice)
	sa, err := iamservice.GetServiceAccount(ctx, projectID)
	assert.NoError(t, err)
	assert.NotEmpty(t, sa)
}

func TestCreateServiceAccountKey(t *testing.T) {
	ctx := context.Background()
	assert.NotNil(t, iamservice)
	saKeyRequest := iam.NewServiceAccountKeyRequest()
	saKey, err := iamservice.CreateServiceAccountKey(ctx, projectID, saKeyRequest)
	assert.NoError(t, err)
	assert.NotEmpty(t, saKey)
}

func TestCreateIamRole(t *testing.T) {
	ctx := context.Background()
	assert.NotNil(t, iamservice)
	role := iam.CreateRole(roleTitle, roleDescription, rolePermissions)
	roleRequest := iam.CreateRoleRequest(roleName, role)
	roleResponse, err := iamservice.CreateRole(ctx, projectID, roleRequest)
	assert.NoError(t, err)
	assert.NotEmpty(t, roleResponse)
}

func TestGetPolicy(t *testing.T) {
	ctx := context.Background()
	assert.NotNil(t, crmservice)
	policy, err := crmservice.GetPolicy(ctx, testProject)
	assert.NoError(t, err)
	assert.NotEmpty(t, policy)
}

func TestSetPolicy(t *testing.T) {
	ctx := context.Background()
	assert.NotNil(t, crmservice)
	expectedPolicy := &cloudresourcemanager.Policy{
		Bindings: []*cloudresourcemanager.Binding{
			{
				Role:    "roles/test.testRole",
				Members: []string{"testsa@test.com"},
			},
		},
	}
	policy, err := crmservice.SetPolicy(ctx, testProject, expectedPolicy)
	assert.NoError(t, err)
	assert.NotEmpty(t, policy)
}