package secret

import (
	"context"
	"os"
	"time"

	corev1 "k8s.io/api/core/v1"
	"k8s.io/apimachinery/pkg/api/errors"
	"sigs.k8s.io/controller-runtime/pkg/client"

	"edge-infra.dev/pkg/sds/remoteaccess/constants"
)

func CreateOrPatchSecret(ctx context.Context, c client.Client, secret *corev1.Secret) error {
	currentSecret := &corev1.Secret{}
	err := c.Get(ctx, client.ObjectKeyFromObject(secret), currentSecret)
	if errors.IsNotFound(err) {
		return c.Create(ctx, secret)
	} else if err != nil {
		return err
	}
	return c.Patch(ctx, secret, client.StrategicMergeFrom(currentSecret.DeepCopy()))
}

// Returns the time in the future that secrets should expire at
func ExpireAt() *time.Time {
	current := time.Now()
	rotateAfter, err := time.ParseDuration(os.Getenv(constants.SecretValidityEnvField))
	if err != nil {
		// if unable to parse secret rotation env variable, set to 30d as default
		future := current.AddDate(0, 0, 30)
		return &future
	}
	future := current.Add(rotateAfter)
	return &future
}