package builder

import (
	"fmt"

	zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1"
	configuration "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/configuration"
	"gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/masterkey"
	batchv1 "k8s.io/api/batch/v1"
	corev1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/apimachinery/pkg/types"
	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
)

func (b *Builder) BuildInitJob(zitadel *zitadelv1alpha1.Cluster, key types.NamespacedName) (*batchv1.Job, error) {

	backOffLimit := int32(5)
	activeDeadlineSeconds := int64(1800)
	runAsNonRoot := true
	enableServiceLinks := false
	user := int64(1000)
	// mode := int32(0444)
	initJob := &batchv1.Job{
		ObjectMeta: metav1.ObjectMeta{
			Name:      key.Name,
			Namespace: key.Namespace,
		},
		Spec: batchv1.JobSpec{
			BackoffLimit:          &backOffLimit,
			ActiveDeadlineSeconds: &activeDeadlineSeconds,
			Template: corev1.PodTemplateSpec{
				Spec: corev1.PodSpec{
					RestartPolicy: corev1.RestartPolicyOnFailure,
					SecurityContext: &corev1.PodSecurityContext{
						RunAsNonRoot: &runAsNonRoot,
						RunAsUser:    &user,
					},
					EnableServiceLinks: &enableServiceLinks,
					Volumes: []corev1.Volume{
						// {Name: "certs", VolumeSource: corev1.VolumeSource{
						// 	Secret: &corev1.SecretVolumeSource{
						// 		SecretName:  zitadel.Spec.RootTLSSecret.Name,
						// 		DefaultMode: &mode,
						// 	},
						// }},
						{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
					},
					Containers: []corev1.Container{
						{
							Name:  "zitadel-init",
							Image: zitadel.Spec.Image.Name + ":" + zitadel.Spec.Image.Tag,
							Args: []string{
								"init",
								"zitadel",
								"--config", "/config/zitadel-config-yaml",
							},
							Env: []corev1.EnvVar{
								// {
								// 	Name:  "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_ROOTCERT",
								// 	Value: "/certs/ca.crt",
								// },
								// {
								// 	Name:  "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_CERT",
								// 	Value: "/certs/tls.crt",
								// },
								// {
								// 	Name:  "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_KEY",
								// 	Value: "/certs/tls.key",
								// },
								// {
								// 	Name:  "ZITADEL_DATABASE_COCKROACH_USER_SSL_ROOTCERT",
								// 	Value: "/certs/ca.crt",
								// },
								// {
								// 	Name:  "ZITADEL_DATABASE_COCKROACH_USER_SSL_CERT",
								// 	Value: "/certs/tls.crt",
								// },
								// {
								// 	Name:  "ZITADEL_DATABASE_COCKROACH_USER_SSL_KEY",
								// 	Value: "/certs/tls.key",
								// },
								{
									Name:      "ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD",
									ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-superuser"}, Key: "password"}},
								},

								{
									Name:      "ZITADEL_DATABASE_POSTGRES_USER_PASSWORD",
									ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-user"}, Key: "password"}},
								},
							},
							VolumeMounts: []corev1.VolumeMount{
								{Name: "zitadel-config-yaml", MountPath: "/config"},
								// {Name: "certs", MountPath: "/certs"},
							},
						},
					},
				},
			},
		},
	}
	if err := controllerutil.SetControllerReference(zitadel, initJob, b.scheme); err != nil {
		return nil, fmt.Errorf("error setting controller reference to InitJob: %v", err)
	}
	return initJob, nil
}

func (b *Builder) BuildSetupJob(zitadel *zitadelv1alpha1.Cluster, key types.NamespacedName) (*batchv1.Job, error) {

	backOffLimit := int32(5)
	activeDeadlineSeconds := int64(1800)
	runAsNonRoot := true
	enableServiceLinks := false
	user := int64(1000)
	// mode := int32(0444)
	setupJob := &batchv1.Job{
		ObjectMeta: metav1.ObjectMeta{
			Name:      key.Name,
			Namespace: key.Namespace,
		},
		Spec: batchv1.JobSpec{
			BackoffLimit:          &backOffLimit,
			ActiveDeadlineSeconds: &activeDeadlineSeconds,
			Template: corev1.PodTemplateSpec{
				Spec: corev1.PodSpec{
					RestartPolicy: corev1.RestartPolicyOnFailure,
					SecurityContext: &corev1.PodSecurityContext{
						RunAsNonRoot: &runAsNonRoot,
						RunAsUser:    &user,
					},
					EnableServiceLinks: &enableServiceLinks,
					Volumes: []corev1.Volume{
						// {Name: "certs", VolumeSource: corev1.VolumeSource{
						// 	Secret: &corev1.SecretVolumeSource{
						// 		SecretName:  zitadel.Spec.RootTLSSecret.Name,
						// 		DefaultMode: &mode,
						// 	},
						// }},
						{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
					},
					Containers: []corev1.Container{
						{
							Name:  "zitadel-setup",
							Image: zitadel.Spec.Image.Name + ":" + zitadel.Spec.Image.Tag,
							Args: []string{
								"setup",
								"--config", "/config/zitadel-config-yaml",
								"--steps", "/config/zitadel-config-yaml",
								"--masterkeyFromEnv",
								"--init-projections=true",
							},

							Env: []corev1.EnvVar{
								{
									Name:      "ZITADEL_MASTERKEY",
									ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: masterkey.MasterKeyName(zitadel)}, Key: masterkey.Key}},
								},
								// {
								// 	Name:  "ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH",
								// 	Value: "/machinekey/sa.json",
								// },
								// {
								// 	Name:  "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_ROOTCERT",
								// 	Value: "/certs/ca.crt",
								// },
								// {
								// 	Name:  "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_CERT",
								// 	Value: "/certs/tls.crt",
								// },
								// {
								// 	Name:  "ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_KEY",
								// 	Value: "/certs/tls.key",
								// },

								// {
								// 	Name:  "ZITADEL_DATABASE_COCKROACH_USER_SSL_ROOTCERT",
								// 	Value: "/certs/ca.crt",
								// },
								// {
								// 	Name:  "ZITADEL_DATABASE_COCKROACH_USER_SSL_CERT",
								// 	Value: "/certs/tls.crt",
								// },
								// {
								// 	Name:  "ZITADEL_DATABASE_COCKROACH_USER_SSL_KEY",
								// 	Value: "/certs/tls.key",
								// },
								//
								{
									Name:      "ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD",
									ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-superuser"}, Key: "password"}},
								},

								{
									Name:      "ZITADEL_DATABASE_POSTGRES_USER_PASSWORD",
									ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: zitadel.Spec.PostgreSQLClusterRef.Name + "-user"}, Key: "password"}},
								},
							},
							VolumeMounts: []corev1.VolumeMount{
								{Name: "zitadel-config-yaml", MountPath: "/config"},
								// {Name: "certs", MountPath: "/certs"},
							},
						},
					},
				},
			},
		},
	}
	if err := controllerutil.SetControllerReference(zitadel, setupJob, b.scheme); err != nil {
		return nil, fmt.Errorf("error setting controller reference to SetupJob: %v", err)
	}
	return setupJob, nil
}