package integration

import (
	"context"
	"fmt"
	"net"
	"os"
	"strings"
	"testing"
	"time"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

	corev1 "k8s.io/api/core/v1"

	v1cluster "edge-infra.dev/pkg/edge/apis/cluster/v1alpha1"
	"edge-infra.dev/pkg/sds/remoteaccess/constants"
	v1vpnconfig "edge-infra.dev/pkg/sds/remoteaccess/k8s/apis/vpnconfigs/v1"
	s "edge-infra.dev/pkg/sds/remoteaccess/wireguard/store"
	"edge-infra.dev/test/f2"
	"edge-infra.dev/test/f2/x/ktest"
)

var f f2.Framework

var (
	projectID     = "ret-edge-b79we3ikmc7j9mihuwst2"
	testPublicKey = "wbWuHrJEPC2Ui7XVQoWuM/8HZAG1FlLC/08L2vvEEgw="

	isEnabled = true

	inSubnetIPAddress = "172.16.16.12"

	clusterAName = "cluster-a"
	testClusterA = createCluster(clusterAName)

	testVPNConfig = createVPNConfig(clusterAName, inSubnetIPAddress, isEnabled)

	expectedStoreSecretInterfaceLines = []string{
		"[Interface]",
	}
	expectedStoreSecretPeerLines = []string{
		"",
		"[Peer]",
	}

	vpnNamespace = &corev1.Namespace{
		ObjectMeta: metav1.ObjectMeta{
			Name: constants.VPNNamespace,
		},
	}
)

func TestMain(m *testing.M) {
	f = f2.New(context.Background(),
		f2.WithExtensions(
			ktest.New(),
		)).
		Setup(func(ctx f2.Context) (f2.Context, error) {
			k, err := ktest.FromContext(ctx)
			if err != nil {
				return ctx, err
			}
			// Override timeouts if we aren't using a live cluster
			if !*k.Env.UseExistingCluster {
				k.Timeout = 5 * time.Second
				k.Tick = 10 * time.Millisecond
			}
			return ctx, nil
		}).Teardown()
	os.Exit(f.Run(m))
}

func TestStoreWireguard(t *testing.T) {
	var (
		store    *s.Store
		subnet   *net.IPNet
		clientIP net.IP
		relayIP  net.IP
	)
	feature := f2.NewFeature("StoreWireguard").
		Setup("create wireguard instances", func(ctx f2.Context, t *testing.T) f2.Context {
			var err error
			k := ktest.FromContextT(ctx, t)
			require.NoError(t, k.Client.Create(ctx, vpnNamespace.DeepCopy()))

			store, err = s.Get(ctx, k.Client, testVPNConfig.DeepCopy(), testClusterA)
			require.NoError(t, err)

			storeIP := net.ParseIP("172.16.16.120")
			require.NoError(t, store.UpdateIPAddress(ctx, k.Client, constants.StoreName, clusterAName, storeIP))
			return ctx
		}).
		Setup("create subnet and client IP", func(ctx f2.Context, t *testing.T) f2.Context {
			var err error
			_, subnet, err = net.ParseCIDR("172.16.16.0/28")
			require.NoError(t, err)

			clientIP = net.ParseIP("172.16.16.1")

			relayIP = net.ParseIP("34.148.150.151")
			return ctx
		}).
		Test("store secret contains expected data", func(ctx f2.Context, t *testing.T) f2.Context {
			secretData := store.GenerateConfigurationSecretData(subnet, clientIP, relayIP, testPublicKey)
			secretLines := strings.Split(string(secretData), "\n")

			// assert expected lines appear in interface and peer sections
			assert.Equal(t, expectedStoreSecretInterfaceLines, secretLines[:1])
			assert.Equal(t, expectedStoreSecretPeerLines, secretLines[4:6])

			// check store interface address is set
			expectedInterfaceLine := fmt.Sprintf("Address = %s/28", store.GetIPAddress())
			assert.Equal(t, expectedInterfaceLine, secretLines[2])

			// check store interface MTU is set
			expectedMTULine := fmt.Sprintf("MTU = %s", constants.MTU)
			assert.Equal(t, expectedMTULine, secretLines[3])

			// check endpoint is set in peer config
			expectedEndpointLine := fmt.Sprintf("Endpoint = %s:51820", relayIP)
			assert.Equal(t, expectedEndpointLine, secretLines[7])

			// check relay public key is set in peer config
			expectedRelayPublicKeyLine := fmt.Sprintf("PublicKey = %s", testPublicKey)
			assert.Equal(t, expectedRelayPublicKeyLine, secretLines[8])

			// check client ip address is set in peer config
			expectedStoreAllowedIPsLine := fmt.Sprintf("AllowedIPs = %s/32", clientIP)
			assert.Equal(t, expectedStoreAllowedIPsLine, secretLines[9])
			return ctx
		}).Feature()

	f.Test(t, feature)
}

func createCluster(name string) *v1cluster.Cluster {
	return &v1cluster.Cluster{
		ObjectMeta: metav1.ObjectMeta{Name: name},
		Spec: v1cluster.ClusterSpec{
			Banner:       "dev0-zynstra",
			Fleet:        "store",
			Location:     "us-east1-c",
			Name:         "4c4d-30-05-22",
			Organization: "edge-dev0-retail-gmi062",
			ProjectID:    projectID,
			Type:         "sds",
		},
	}
}

func createVPNConfig(name, ip string, enabled bool) *v1vpnconfig.VPNConfig {
	return &v1vpnconfig.VPNConfig{
		TypeMeta:   metav1.TypeMeta{Kind: "VPNConfig", APIVersion: "remoteaccess.edge.ncr.com"},
		ObjectMeta: metav1.ObjectMeta{Namespace: constants.VPNNamespace, Name: name, UID: "1234"},
		Spec: v1vpnconfig.VPNConfigSpec{
			Enabled: enabled,
		},
		Status: &v1vpnconfig.VPNConfigStatus{
			IP: ip,
		},
	}
}