# -*- coding: utf-8 -*- #
# Copyright 2017 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The python hooks for IAM surface."""

from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals

import re

from googlecloudsdk.api_lib.iam import util
from googlecloudsdk.api_lib.util import apis
from googlecloudsdk.calliope import arg_parsers
from googlecloudsdk.calliope import exceptions as gcloud_exceptions
from googlecloudsdk.command_lib.iam import iam_util
from googlecloudsdk.command_lib.util.apis import arg_utils
from googlecloudsdk.core import log


def UpdateRequestWithConditionFromFile(ref, args, request):
  """Python hook to add condition from --condition-from-file to request.

  Args:
    ref: A resource ref to the parsed resource.
    args: Parsed args namespace.
    request: The apitools request message to be modified.

  Returns:
    The modified apitools request message.
  """
  del ref
  if args.IsSpecified('condition_from_file'):
    _, messages = util.GetClientAndMessages()
    condition_message = messages.Expr(
        description=args.condition_from_file.get('description'),
        title=args.condition_from_file.get('title'),
        expression=args.condition_from_file.get('expression'),
    )
    request.condition = condition_message
  return request


def _ConditionFileFormatException(filename):
  return gcloud_exceptions.InvalidArgumentException(
      'condition-from-file',
      '{filename} must be a path to a YAML or JSON file containing the '
      'condition. `expression` and `title` are required keys. `description` is '
      'optional.'.format(filename=filename),
  )


def ParseConditionFromFile(condition_from_file):
  """Read condition from YAML or JSON file."""

  condition = arg_parsers.FileContents()(condition_from_file)
  condition_dict = iam_util.ParseYamlOrJsonCondition(
      condition, _ConditionFileFormatException(condition_from_file)
  )
  return condition_dict


def EnableIamAccountConfirmation(response, args):
  del response
  if args.command_path[len(args.command_path) - 3 :] == [
      'iam',
      'service-accounts',
      'enable',
  ]:
    log.status.Print(
        'Enabled service account [{}].'.format(args.service_account)
    )


def DisableIamAccountConfirmation(response, args):
  del response
  if args.command_path[len(args.command_path) - 3 :] == [
      'iam',
      'service-accounts',
      'disable',
  ]:
    log.status.Print(
        'Disabled service account [{}].'.format(args.service_account)
    )


def EnableIamKeyConfirmation(response, args):
  del response  # Unused.
  log.status.Print(
      'Enabled key [{0}] for service account [{1}].'.format(
          args.iam_key, args.iam_account
      )
  )


def DisableIamKeyConfirmation(response, args):
  del response  # Unused.
  log.status.Print(
      'Disabled key [{0}] for service account [{1}].'.format(
          args.iam_key, args.iam_account
      )
  )


def SetServiceAccountResource(ref, unused_args, request):
  """Add service account name to request name."""

  request.name = ref.RelativeName()
  return request


def ValidateUpdateFieldMask(ref, unused_args, request):
  """Validate the field mask for an update request."""

  del ref, unused_args  # Unused.
  # Confirm update has at least one path in fieldmask.
  if not request.patchServiceAccountRequest.updateMask:
    update_fields = ['--display-name', '--description']
    raise gcloud_exceptions.OneOfArgumentsRequiredException(
        update_fields, 'Specify at least one field to update.'
    )
  return request


def UseMaxRequestedPolicyVersion(api_field):
  """Set requestedPolicyVersion to max supported in GetIamPolicy request."""

  def Process(ref, args, request):
    del ref, args  # Unused.

    arg_utils.SetFieldInMessage(
        request, api_field, iam_util.MAX_LIBRARY_IAM_SUPPORTED_VERSION
    )
    return request

  return Process


def AddVersionToUpdateMaskIfNotPresent(update_mask_path):
  """Add ',version' to update_mask if it is not present."""

  def Process(ref, args, request):
    """The implementation of Process for the hook."""
    del ref, args  # Unused.

    update_mask = arg_utils.GetFieldValueFromMessage(request, update_mask_path)
    if 'version' not in update_mask:
      if update_mask is None:
        update_mask = 'version'
      else:
        update_mask += ',version'

    arg_utils.SetFieldInMessage(request, update_mask_path, update_mask)
    return request

  return Process


def CreateFullServiceAccountNameFromId(account_id):
  if not account_id.isdigit():
    raise gcloud_exceptions.InvalidArgumentException(
        'account_id',
        'Account unique ID should be a number. Please double check your input'
        ' and try again.',
    )
  return 'projects/-/serviceAccounts/' + account_id


def GeneratePublicKeyDataFromFile(path):
  """Generate public key data from a path.

  Args:
    path: (bytes) the public key file path given by the command.

  Raises:
    InvalidArgumentException: if the public key file path provided does not
                              exist or is too large.
  Returns:
    A public key encoded using the UTF-8 charset.
  """
  try:
    public_key_data = arg_parsers.FileContents()(path).strip()
  except arg_parsers.ArgumentTypeError as e:
    raise gcloud_exceptions.InvalidArgumentException(
        'public_key_file',
        '{}. Please double check your input and try again.'.format(e),
    )
  return public_key_data.encode('utf-8')


def AddCreateExtraAndExtendedAttributesConfigToRequest(ref, args, request):
  """Add ExtraAttributesOAuth2Client and ExtendedAttributesOAuth2Client fields to create workforcePoolProvider requests."""

  del ref
  messages = apis.GetMessagesModule('iam', 'v1')
  SetExtraAttributesOauth2ClientFields(request, args, messages)
  SetExtendedAttributesOauth2ClientFields(request, args, messages)
  return request


def AddClearableExtraAttributesConfigToRequest(ref, args, request):
  """Add ExtraAttributesOAuth2Client fields to update workforcePoolProvider requests."""
  del ref
  messages = apis.GetMessagesModule('iam', 'v1')
  if (
      args.clear_extra_attributes_config is not None
      and args.clear_extra_attributes_config
  ):
    arg_utils.SetFieldInMessage(
        request,
        'workforcePoolProvider.extraAttributesOauth2Client',
        None,
    )
  else:
    SetExtraAttributesOauth2ClientFields(request, args, messages)

  return request


def AddClearableExtendedAttributesConfigToRequest(ref, args, request):
  """Add ExtraAttributesOAuth2Client fields to update workforcePoolProvider requests."""
  del ref
  messages = apis.GetMessagesModule('iam', 'v1')
  if (
      args.clear_extended_attributes_config is not None
      and args.clear_extended_attributes_config
  ):
    arg_utils.SetFieldInMessage(
        request,
        'workforcePoolProvider.extendedAttributesOauth2Client',
        None,
    )
  else:
    SetExtendedAttributesOauth2ClientFields(request, args, messages)

  return request


def SetExtraAttributesOauth2ClientFields(request, args, messages):
  """Set ExtraAttributesOauth2Client fields in the request."""
  if args.extra_attributes_type is not None:
    response_type = (
        messages.GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2Client.AttributesTypeValueValuesEnum
    )
    if 'azure-ad-groups-mail' in args.extra_attributes_type:
      arg_utils.SetFieldInMessage(
          request,
          'workforcePoolProvider.extraAttributesOauth2Client.attributesType',
          response_type.AZURE_AD_GROUPS_MAIL,
      )
    elif 'azure-ad-groups-id' in args.extra_attributes_type:
      arg_utils.SetFieldInMessage(
          request,
          'workforcePoolProvider.extraAttributesOauth2Client.attributesType',
          response_type.AZURE_AD_GROUPS_ID,
      )
    elif 'azure-ad-groups-display-name' in args.extra_attributes_type:
      arg_utils.SetFieldInMessage(
          request,
          'workforcePoolProvider.extraAttributesOauth2Client.attributesType',
          response_type.AZURE_AD_GROUPS_DISPLAY_NAME,
      )
  if args.extra_attributes_client_id is not None:
    arg_utils.SetFieldInMessage(
        request,
        'workforcePoolProvider.extraAttributesOauth2Client.clientId',
        args.extra_attributes_client_id,
    )
  if args.extra_attributes_client_secret_value is not None:
    arg_utils.SetFieldInMessage(
        request,
        'workforcePoolProvider.extraAttributesOauth2Client.clientSecret.value.plainText',
        args.extra_attributes_client_secret_value,
    )
  if args.extra_attributes_issuer_uri is not None:
    arg_utils.SetFieldInMessage(
        request,
        'workforcePoolProvider.extraAttributesOauth2Client.issuerUri',
        args.extra_attributes_issuer_uri,
    )
  if args.extra_attributes_filter is not None:
    arg_utils.SetFieldInMessage(
        request,
        'workforcePoolProvider.extraAttributesOauth2Client.queryParameters.filter',
        args.extra_attributes_filter,
    )


def SetExtendedAttributesOauth2ClientFields(request, args, messages):
  """Set ExtendedAttributesOauth2Client fields in the request."""
  if args.extended_attributes_type is not None:
    response_type = (
        messages.GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2Client.AttributesTypeValueValuesEnum
    )
    if 'azure-ad-groups-id' in args.extended_attributes_type:
      arg_utils.SetFieldInMessage(
          request,
          'workforcePoolProvider.extendedAttributesOauth2Client.attributesType',
          response_type.AZURE_AD_GROUPS_ID,
      )
  if args.extended_attributes_client_id is not None:
    arg_utils.SetFieldInMessage(
        request,
        'workforcePoolProvider.extendedAttributesOauth2Client.clientId',
        args.extended_attributes_client_id,
    )
  if args.extended_attributes_client_secret_value is not None:
    arg_utils.SetFieldInMessage(
        request,
        'workforcePoolProvider.extendedAttributesOauth2Client.clientSecret.value.plainText',
        args.extended_attributes_client_secret_value,
    )
  if args.extended_attributes_issuer_uri is not None:
    arg_utils.SetFieldInMessage(
        request,
        'workforcePoolProvider.extendedAttributesOauth2Client.issuerUri',
        args.extended_attributes_issuer_uri,
    )
  if args.extended_attributes_filter is not None:
    arg_utils.SetFieldInMessage(
        request,
        'workforcePoolProvider.extendedAttributesOauth2Client.queryParameters.filter',
        args.extended_attributes_filter,
    )


def AddExtraAttributesConfigFieldMask(unused_ref, args, request):
  """Adds ExtraAttributesOauth2Client specific fieldmask entries to the update workforcePoolProvider request."""
  mask_fields = []
  if request.updateMask:
    mask_fields = request.updateMask.split(',')
  if (
      args.clear_extra_attributes_config is not None
      and args.clear_extra_attributes_config
  ):
    mask_fields.append('extraAttributesOauth2Client')
  if args.extra_attributes_type is not None:
    mask_fields.append('extraAttributesOauth2Client.attributesType')
  if args.extra_attributes_client_id is not None:
    mask_fields.append('extraAttributesOauth2Client.clientId')
  if args.extra_attributes_client_secret_value is not None:
    mask_fields.append(
        'extraAttributesOauth2Client.clientSecret.value.plainText'
    )
  if args.extra_attributes_issuer_uri is not None:
    mask_fields.append('extraAttributesOauth2Client.issuerUri')
  if args.extra_attributes_filter is not None:
    mask_fields.append('extraAttributesOauth2Client.queryParameters.filter')
  if mask_fields:
    request.updateMask = ','.join(mask_fields)
  return request


def AddExtendedAttributesConfigFieldMask(unused_ref, args, request):
  """Adds ExtendedAttributesOauth2Client specific fieldmask entries to the update workforcePoolProvider request."""
  mask_fields = []
  if request.updateMask:
    mask_fields = request.updateMask.split(',')
  if (
      args.clear_extended_attributes_config is not None
      and args.clear_extended_attributes_config
  ):
    mask_fields.append('extendedAttributesOauth2Client')
  if args.extended_attributes_type is not None:
    mask_fields.append('extendedAttributesOauth2Client.attributesType')
  if args.extended_attributes_client_id is not None:
    mask_fields.append('extendedAttributesOauth2Client.clientId')
  if args.extended_attributes_client_secret_value is not None:
    mask_fields.append(
        'extendedAttributesOauth2Client.clientSecret.value.plainText'
    )
  if args.extended_attributes_issuer_uri is not None:
    mask_fields.append('extendedAttributesOauth2Client.issuerUri')
  if args.extended_attributes_filter is not None:
    mask_fields.append('extendedAttributesOauth2Client.queryParameters.filter')
  if mask_fields:
    request.updateMask = ','.join(mask_fields)
  return request


def ClearFlag(args):
  """Clear the value for a flag."""
  del args
  return None


def ModifyHardDeleteFlagInRequest(ref, args, request):
  """Remove the flag from the request when it is not specified."""
  del ref
  if not args.hard_delete:
    arg_utils.SetFieldInMessage(
        request,
        'hardDelete',
        None,
    )
  return request


def EraseProjectHook(unused_ref, unused_args, request):
  """Hook to erase the project identifier from the request.

  Args:
    unused_ref: The resource reference of the response.
    unused_args: The arguments of the command.
    request: The request of the command.

  Returns:
    The modified apitools request message.
  """
  request.name = re.sub('projects/[^/]+/', 'projects/-/', request.name)
  return request