package integrations

import "gorm.io/gorm"

// KubeIntegrationName is the name of a kube auth mechanism
type KubeIntegrationName string

// The supported kube auth mechanisms
const (
	KubeX509   KubeIntegrationName = "x509"
	KubeBasic                      = "basic"
	KubeBearer                     = "bearer"
	KubeLocal                      = "local"
)

// KubeIntegration represents the kube-native auth mechanisms: using x509 certs,
// basic (username/password), bearer tokens, or local (using local kubeconfig)
type KubeIntegration struct {
	gorm.Model

	// The name of the auth mechanism
	Mechanism KubeIntegrationName `json:"mechanism"`

	// The id of the user that linked this auth mechanism
	UserID uint `json:"user_id"`

	// The project that this integration belongs to
	ProjectID uint `json:"project_id"`

	// ------------------------------------------------------------------
	// All fields encrypted before storage.
	// ------------------------------------------------------------------

	// Certificate data is used by x509 auth mechanisms over TLS
	ClientCertificateData []byte `json:"client-certificate-data,omitempty"`
	ClientKeyData         []byte `json:"client-key-data,omitempty"`

	// Token is used for bearer-token auth mechanisms
	Token []byte `json:"token,omitempty"`

	// Username/Password for basic authentication to a cluster
	Username []byte `json:"username,omitempty"`
	Password []byte `json:"password,omitempty"`

	// The raw kubeconfig, used by local auth mechanisms
	Kubeconfig []byte `json:"kubeconfig"`
}

// KubeIntegrationExternal is a KubeIntegration to be shared over REST
type KubeIntegrationExternal struct {
	ID uint `json:"id"`

	// The name of the auth mechanism
	Mechanism KubeIntegrationName `json:"mechanism"`

	// The id of the user that linked this auth mechanism
	UserID uint `json:"user_id"`

	// The project that this integration belongs to
	ProjectID uint `json:"project_id"`
}

// Externalize generates an external KubeIntegration to be shared over REST
func (k *KubeIntegration) Externalize() *KubeIntegrationExternal {
	return &KubeIntegrationExternal{
		ID:        k.ID,
		Mechanism: k.Mechanism,
		UserID:    k.UserID,
		ProjectID: k.ProjectID,
	}
}

// ToProjectIntegration converts a gcp integration to a project integration
func (k *KubeIntegration) ToProjectIntegration(
	category string,
	service IntegrationService,
) *ProjectIntegration {
	return &ProjectIntegration{
		ID:            k.ID,
		ProjectID:     k.ProjectID,
		AuthMechanism: "kube",
		Category:      category,
		Service:       service,
	}
}