package provider

import (
	"context"

	"github.com/hashicorp/terraform-plugin-framework/datasource"
	"github.com/hashicorp/terraform-plugin-framework/path"
	"github.com/hashicorp/terraform-plugin-framework/provider"
	"github.com/hashicorp/terraform-plugin-framework/provider/schema"
	"github.com/hashicorp/terraform-plugin-framework/resource"
	"github.com/hashicorp/terraform-plugin-framework/types"
	"github.com/hashicorp/terraform-plugin-log/tflog"

	edgeclient "edp.buildth.ing/DevFW-CICD/edge-connect-client/v2/sdk/edgeconnect"
)

var _ provider.Provider = &EdgeConnectProvider{}

type EdgeConnectProvider struct {
	version string
}

type EdgeConnectProviderModel struct {
	Endpoint types.String `tfsdk:"endpoint"`
	Token    types.String `tfsdk:"token"`
	Username types.String `tfsdk:"username"`
	Password types.String `tfsdk:"password"`
}

func (p *EdgeConnectProvider) Metadata(ctx context.Context, req provider.MetadataRequest, resp *provider.MetadataResponse) {
	resp.TypeName = "edge-connect"
	resp.Version = p.version
}

func (p *EdgeConnectProvider) Schema(ctx context.Context, req provider.SchemaRequest, resp *provider.SchemaResponse) {
	resp.Schema = schema.Schema{
		MarkdownDescription: "Provider for Edge Connect API. Supports authentication via token or username/password.",
		Attributes: map[string]schema.Attribute{
			"endpoint": schema.StringAttribute{
				MarkdownDescription: "Edge Connect API endpoint",
				Required:            true,
			},
			"token": schema.StringAttribute{
				MarkdownDescription: "Edge Connect API token. Required if username/password are not provided.",
				Optional:            true,
				Sensitive:           true,
			},
			"username": schema.StringAttribute{
				MarkdownDescription: "Edge Connect API username. Required if token is not provided.",
				Optional:            true,
			},
			"password": schema.StringAttribute{
				MarkdownDescription: "Edge Connect API password. Required if token is not provided.",
				Optional:            true,
				Sensitive:           true,
			},
		},
	}
}

func (p *EdgeConnectProvider) Configure(ctx context.Context, req provider.ConfigureRequest, resp *provider.ConfigureResponse) {
	var data EdgeConnectProviderModel

	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)

	if resp.Diagnostics.HasError() {
		return
	}

	endpoint := data.Endpoint.ValueString()
	token := data.Token.ValueString()
	username := data.Username.ValueString()
	password := data.Password.ValueString()

	// Validate endpoint
	if endpoint == "" {
		resp.Diagnostics.AddAttributeError(
			path.Root("endpoint"),
			"Missing Edge Connect API Endpoint",
			"The provider cannot create the Edge Connect API client as there is a missing or empty value for the Edge Connect API endpoint.",
		)
	}

	// Validate authentication: either token OR username/password must be provided
	hasToken := token != ""
	hasUsernamePassword := username != "" && password != ""

	if !hasToken && !hasUsernamePassword {
		resp.Diagnostics.AddError(
			"Missing Authentication Credentials",
			"The provider requires authentication credentials. Please provide either:\n"+
				"  - token: API token for authentication, or\n"+
				"  - username and password: Username and password for authentication",
		)
	}

	if hasToken && hasUsernamePassword {
		resp.Diagnostics.AddError(
			"Conflicting Authentication Methods",
			"Both token and username/password authentication methods are provided. Please use only one authentication method.",
		)
	}

	// Validate username/password pair
	if (username != "" && password == "") || (username == "" && password != "") {
		resp.Diagnostics.AddError(
			"Incomplete Username/Password Credentials",
			"Both username and password must be provided together for username/password authentication.",
		)
	}

	if resp.Diagnostics.HasError() {
		return
	}

	ctx = tflog.SetField(ctx, "edge_connect_endpoint", endpoint)

	if hasToken {
		ctx = tflog.MaskFieldValuesWithFieldKeys(ctx, "edge_connect_token")
		tflog.Debug(ctx, "Creating Edge Connect client with token authentication")
	} else {
		ctx = tflog.SetField(ctx, "edge_connect_username", username)
		ctx = tflog.MaskFieldValuesWithFieldKeys(ctx, "edge_connect_password")
		tflog.Debug(ctx, "Creating Edge Connect client with username/password authentication")
	}

	client := edgeclient.NewClient(endpoint)

	// TODO: Configure client with authentication credentials
	// If using token: client.SetToken(token)
	// If using username/password: client.SetCredentials(username, password)

	resp.DataSourceData = client
	resp.ResourceData = client

	tflog.Info(ctx, "Configured Edge Connect client", map[string]any{"success": true})
}

func (p *EdgeConnectProvider) Resources(ctx context.Context) []func() resource.Resource {
	return []func() resource.Resource{
		NewAppResource,
		NewAppInstanceResource,
	}
}

func (p *EdgeConnectProvider) DataSources(ctx context.Context) []func() datasource.DataSource {
	return []func() datasource.DataSource{
		NewAppDataSource,
		NewAppInstanceDataSource,
	}
}

func New(version string) func() provider.Provider {
	return func() provider.Provider {
		return &EdgeConnectProvider{
			version: version,
		}
	}
}