package dsdssandboxes

import (
	"context"
	"strings"
	"time"

	crm "google.golang.org/api/cloudresourcemanager/v1"
)

var (
	ownerRole = "roles/owner"
)

type IamPolicyClient struct {
	getIamPolicy func(string, *crm.GetIamPolicyRequest) (*crm.Policy, error)
}

func NewIamPolicyClient() (*IamPolicyClient, error) {
	ctx := context.Background()
	crmService, err := crm.NewService(ctx)
	if err != nil {
		return nil, err
	}

	// Wrap crm service call in a closure to allow for mocking
	fetchPolicyMethod := func(project string, request *crm.GetIamPolicyRequest) (*crm.Policy, error) {
		return crmService.Projects.GetIamPolicy(project, request).Do()
	}

	return &IamPolicyClient{getIamPolicy: fetchPolicyMethod}, nil
}

// Return  list of users who have the owner role on a GCP project
func (i *IamPolicyClient) GetProjectOwners(project string) ([]string, error) {
	policy, err := i.getProjectPolicy(project)
	if err != nil {
		return nil, err
	}

	ownerList := ownersFromPolicy(policy)
	return filterUsers(ownerList), nil
}

func (i *IamPolicyClient) getProjectPolicy(project string) (*crm.Policy, error) {
	ctx := context.Background()

	_, cancel := context.WithTimeout(ctx, time.Second*10)
	defer cancel()
	request := new(crm.GetIamPolicyRequest)

	return i.getIamPolicy(project, request)
}

func ownersFromPolicy(policy *crm.Policy) []string {
	ret := make([]string, 0)
	for _, binding := range policy.Bindings {
		if binding.Role == ownerRole {
			ret = append(ret, binding.Members...)
		}
	}
	return ret
}

func filterUsers(memberList []string) []string {
	ret := make([]string, 0)
	for _, member := range memberList {
		if strings.HasPrefix(member, "user") {
			ret = append(ret, member)
		}
	}
	return ret
}