# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

from multiprocessing import Pool
import os
import random
import uuid

import backoff
from google.api_core.exceptions import FailedPrecondition
from google.api_core.exceptions import ServiceUnavailable
import google.auth
from google.cloud.security import privateca_v1
import pytest

from create_ca_pool import create_ca_pool
from create_certificate_authority import create_certificate_authority
from create_certificate_template import create_certificate_template
from delete_certificate_authority import delete_certificate_authority
from delete_certificate_template import delete_certificate_template
from disable_certificate_authority import disable_certificate_authority
from enable_certificate_authority import enable_certificate_authority

PROJECT = google.auth.default()[1]
LOCATIONS = (
    "us-central1",
    "europe-north1",
    "europe-central2",
    "europe-west2",
    "us-east4",
    "europe-west1",
)
LOCATION = random.choice(LOCATIONS)
COMMON_NAME = "COMMON_NAME"
ORGANIZATION = "ORGANIZATION"
CA_DURATION = 1000000


def delete_cas_from_pool(ca_pool_name: str) -> None:
    client = privateca_v1.CertificateAuthorityServiceClient()
    for ca in client.list_certificate_authorities(parent=ca_pool_name):
        # Check if the CA is enabled.
        if ca.state == privateca_v1.CertificateAuthority.State.ENABLED:
            request = privateca_v1.DisableCertificateAuthorityRequest(name=ca.name)
            client.disable_certificate_authority(request=request)

        # Delete CA.
        ca_state = client.get_certificate_authority(name=ca.name).state
        try:
            if ca_state != privateca_v1.CertificateAuthority.State.DELETED:
                delete_ca_request = privateca_v1.DeleteCertificateAuthorityRequest()
                delete_ca_request.name = ca.name
                delete_ca_request.ignore_active_certificates = True
                delete_ca_request.skip_grace_period = True
                client.delete_certificate_authority(request=delete_ca_request).result(
                    timeout=300
                )
                print(f" * {ca.name} Deleted!")
        except FailedPrecondition as err:
            print(err)
            continue


def delete_one_pool(ca_pool_name: str) -> None:
    client = privateca_v1.CertificateAuthorityServiceClient()
    try:
        delete_ca_pool_request = privateca_v1.DeleteCaPoolRequest()
        delete_ca_pool_request.name = ca_pool_name
        print(f"Deleting {ca_pool_name}")
        client.delete_ca_pool(request=delete_ca_pool_request).result(timeout=300)
    except FailedPrecondition:
        print(f"Precondition failed for {ca_pool_name} :(")


@backoff.on_exception(backoff.expo, ServiceUnavailable, max_tries=3)
def delete_stale_resources() -> None:
    client = privateca_v1.CertificateAuthorityServiceClient()
    pool_names = []
    for location in LOCATIONS:
        location_path = client.common_location_path(PROJECT, location)
        request = privateca_v1.ListCaPoolsRequest(parent=location_path)
        for ca_pool in client.list_ca_pools(request=request):
            pool_names.append(ca_pool.name)

    with Pool(max(2, os.cpu_count() - 2)) as p:
        print(f"Going to clean up CAs from {len(pool_names)} pools.")
        p.map(delete_cas_from_pool, pool_names)

    with Pool(max(2, os.cpu_count() - 2)) as p:
        print(f"Going to delete {len(pool_names)} pools.")
        p.map(delete_one_pool, pool_names)


def generate_name() -> str:
    return "test-" + uuid.uuid4().hex[:10]


@pytest.fixture
def ca_pool(ca_pool_autodelete_name):
    create_ca_pool(PROJECT, LOCATION, ca_pool_autodelete_name)
    yield ca_pool_autodelete_name


@pytest.fixture
def certificate_authority(ca_pool):
    CA_NAME = generate_name()

    create_certificate_authority(
        PROJECT, LOCATION, ca_pool, CA_NAME, COMMON_NAME, ORGANIZATION, CA_DURATION
    )

    yield ca_pool, CA_NAME

    # CA Pool cleanup will remove the certificate.
    # delete_certificate_authority(PROJECT, LOCATION, ca_pool, CA_NAME)


@pytest.fixture
def deleted_certificate_authority(ca_pool):
    CA_NAME = generate_name()

    create_certificate_authority(
        PROJECT, LOCATION, ca_pool, CA_NAME, COMMON_NAME, ORGANIZATION, CA_DURATION
    )

    enable_certificate_authority(PROJECT, LOCATION, ca_pool, CA_NAME)
    disable_certificate_authority(PROJECT, LOCATION, ca_pool, CA_NAME)
    delete_certificate_authority(PROJECT, LOCATION, ca_pool, CA_NAME)

    yield ca_pool, CA_NAME


@pytest.fixture
def certificate_template():
    TEMPLATE_NAME = generate_name()

    create_certificate_template(PROJECT, LOCATION, TEMPLATE_NAME)

    yield TEMPLATE_NAME

    delete_certificate_template(PROJECT, LOCATION, TEMPLATE_NAME)


@pytest.fixture
def ca_pool_autodelete_name():
    name = generate_name()
    yield name
    ca_client = privateca_v1.CertificateAuthorityServiceClient()

    ca_pool_path = ca_client.ca_pool_path(PROJECT, LOCATION, name)
    delete_cas_from_pool(ca_pool_path)
    delete_one_pool(ca_pool_path)


@pytest.fixture
def ca_pool_autodelete_name2():
    name = generate_name()
    yield name
    ca_client = privateca_v1.CertificateAuthorityServiceClient()

    ca_pool_path = ca_client.ca_pool_path(PROJECT, LOCATION, name)
    delete_cas_from_pool(ca_pool_path)
    delete_one_pool(ca_pool_path)