import logging
import json
import base64
import datetime
import os

from requests import Request, Session
from util.config.validator import EXTRA_CA_DIRECTORY, EXTRA_CA_DIRECTORY_PREFIX

from config_app.config_util.k8sconfig import KubernetesConfig

logger = logging.getLogger(__name__)

QE_DEPLOYMENT_LABEL = 'quay-enterprise-component'


class KubernetesAccessorSingleton(object):
  """ Singleton allowing access to kubernetes operations """
  _instance = None

  def __init__(self, kube_config=None):
    self.kube_config = kube_config
    if kube_config is None:
      self.kube_config = KubernetesConfig.from_env()

    KubernetesAccessorSingleton._instance = self

  @classmethod
  def get_instance(cls, kube_config=None):
    """
    Singleton getter implementation, returns the instance if one exists, otherwise creates the
    instance and ties it to the class.
    :return: KubernetesAccessorSingleton
    """
    if cls._instance is None:
      return cls(kube_config)

    return cls._instance

  def save_secret_to_directory(self, dir_path):
    """
    Saves all files in the kubernetes secret to a local directory.
    Assumes the directory is empty.
    """
    secret = self._lookup_secret()

    secret_data = secret.get('data', {})

    # Make the `extra_ca_certs` dir to ensure we can populate extra certs
    extra_ca_dir_path = os.path.join(dir_path, EXTRA_CA_DIRECTORY)
    os.mkdir(extra_ca_dir_path)

    for secret_filename, data in secret_data.iteritems():
      write_path = os.path.join(dir_path, secret_filename)

      if EXTRA_CA_DIRECTORY_PREFIX in secret_filename:
        write_path = os.path.join(extra_ca_dir_path, secret_filename.replace(EXTRA_CA_DIRECTORY_PREFIX, ''))

      with open(write_path, 'w') as f:
        f.write(base64.b64decode(data))

    return 200

  def save_file_as_secret(self, name, file_pointer):
    value = file_pointer.read()
    self._update_secret_file(name, value)

  def replace_qe_secret(self, new_secret_data):
    """
    Removes the old config and replaces it with the new_secret_data as one action
    """
    # Check first that the namespace for Quay Enterprise exists. If it does not, report that
    # as an error, as it seems to be a common issue.
    namespace_url = 'namespaces/%s' % (self.kube_config.qe_namespace)
    response = self._execute_k8s_api('GET', namespace_url)
    if response.status_code // 100 != 2:
      msg = 'A Kubernetes namespace with name `%s` must be created to save config' % self.kube_config.qe_namespace
      raise Exception(msg)

    # Check if the secret exists. If not, then we create an empty secret and then update the file
    # inside.
    secret_url = 'namespaces/%s/secrets/%s' % (self.kube_config.qe_namespace, self.kube_config.qe_config_secret)
    secret = self._lookup_secret()
    if secret is None:
      self._assert_success(self._execute_k8s_api('POST', secret_url, {
        "kind": "Secret",
        "apiVersion": "v1",
        "metadata": {
          "name": self.kube_config.qe_config_secret
        },
        "data": {}
      }))

    # Update the secret to reflect the file change.
    secret['data'] = new_secret_data

    self._assert_success(self._execute_k8s_api('PUT', secret_url, secret))

  def get_qe_deployments(self):
    """"
    Returns all deployments matching the label selector provided in the KubeConfig
    """
    deployment_selector_url = 'namespaces/%s/deployments?labelSelector=%s%%3D%s' % (
      self.kube_config.qe_namespace, QE_DEPLOYMENT_LABEL, self.kube_config.qe_deployment_selector
    )

    response = self._execute_k8s_api('GET', deployment_selector_url, api_prefix='apis/extensions/v1beta1')
    if response.status_code != 200:
      return None
    return json.loads(response.text)

  def cycle_qe_deployments(self, deployment_names):
    """"
    Triggers a rollout of all desired deployments in the qe namespace
    """

    for name in deployment_names:
      logger.debug('Cycling deployment %s', name)
      deployment_url = 'namespaces/%s/deployments/%s' % (self.kube_config.qe_namespace, name)

      # There is currently no command to simply rolling restart all the pods: https://github.com/kubernetes/kubernetes/issues/13488
      # Instead, we modify the template of the deployment with a dummy env variable to trigger a cycle of the pods
      # (based off this comment: https://github.com/kubernetes/kubernetes/issues/13488#issuecomment-240393845)
      self._assert_success(self._execute_k8s_api('PATCH', deployment_url, {
        'spec': {
          'template': {
            'spec': {
              'containers': [{
                'name': 'quay-enterprise-app', 'env': [{
                  'name': 'RESTART_TIME',
                  'value': str(datetime.datetime.now())
                }]
              }]
            }
          }
        }
      }, api_prefix='apis/extensions/v1beta1', content_type='application/strategic-merge-patch+json'))

  def _assert_success(self, response):
    if response.status_code != 200:
      logger.error('Kubernetes API call failed with response: %s => %s', response.status_code,
                   response.text)
      raise Exception('Kubernetes API call failed: %s' % response.text)

  def _update_secret_file(self, relative_file_path, value=None):
    if '/' in relative_file_path:
      raise Exception('Expected path from get_volume_path, but found slashes')

    # Check first that the namespace for Quay Enterprise exists. If it does not, report that
    # as an error, as it seems to be a common issue.
    namespace_url = 'namespaces/%s' % (self.kube_config.qe_namespace)
    response = self._execute_k8s_api('GET', namespace_url)
    if response.status_code // 100 != 2:
      msg = 'A Kubernetes namespace with name `%s` must be created to save config' % self.kube_config.qe_namespace
      raise Exception(msg)

    # Check if the secret exists. If not, then we create an empty secret and then update the file
    # inside.
    secret_url = 'namespaces/%s/secrets/%s' % (self.kube_config.qe_namespace, self.kube_config.qe_config_secret)
    secret = self._lookup_secret()
    if secret is None:
      self._assert_success(self._execute_k8s_api('POST', secret_url, {
        "kind": "Secret",
        "apiVersion": "v1",
        "metadata": {
          "name": self.kube_config.qe_config_secret
        },
        "data": {}
      }))

    # Update the secret to reflect the file change.
    secret['data'] = secret.get('data', {})

    if value is not None:
      secret['data'][relative_file_path] = base64.b64encode(value)
    else:
      secret['data'].pop(relative_file_path)

    self._assert_success(self._execute_k8s_api('PUT', secret_url, secret))

  def _lookup_secret(self):
    secret_url = 'namespaces/%s/secrets/%s' % (self.kube_config.qe_namespace, self.kube_config.qe_config_secret)
    response = self._execute_k8s_api('GET', secret_url)
    if response.status_code != 200:
      return None
    return json.loads(response.text)

  def _execute_k8s_api(self, method, relative_url, data=None, api_prefix='api/v1', content_type='application/json'):
    headers = {
      'Authorization': 'Bearer ' + self.kube_config.service_account_token
    }

    if data:
      headers['Content-Type'] = content_type

    data = json.dumps(data) if data else None
    session = Session()
    url = 'https://%s/%s/%s' % (self.kube_config.api_host, api_prefix, relative_url)

    request = Request(method, url, data=data, headers=headers)
    return session.send(request.prepare(), verify=False, timeout=2)