package main

import (
	"context"
	"flag"
	"fmt"
	"log"
	"os"
	"path/filepath"

	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/client-go/kubernetes"
	"k8s.io/client-go/tools/clientcmd"
	"k8s.io/client-go/util/homedir"
)

func main() {
	var kubeconfig *string
	if home := homedir.HomeDir(); home != "" {
		kubeconfig = flag.String("kubeconfig", filepath.Join(home, ".kube", "config"), "(optional) absolute path to the kubeconfig file")
	} else {
		kubeconfig = flag.String("kubeconfig", "", "absolute path to the kubeconfig file")
	}

	var namespace string
	var secretName string
	var operation string
	var key string
	var value string

	flag.StringVar(&namespace, "namespace", "default", "Namespace of the secret")
	flag.StringVar(&secretName, "secret", "", "Name of the secret")
	flag.StringVar(&operation, "op", "list", "Operation: add, delete, list")
	flag.StringVar(&key, "key", "", "Key for add/delete operation")
	flag.StringVar(&value, "value", "", "Value for add operation")
	flag.Parse()

	if secretName == "" {
		fmt.Println("Usage: secret-manager --secret <name> [--namespace <ns>] [--op <add|delete|list>] [--key <k>] [--value <v>]")
		os.Exit(1)
	}

	config, err := clientcmd.BuildConfigFromFlags("", *kubeconfig)
	if err != nil {
		log.Fatalf("Error building kubeconfig: %v", err)
	}

	clientset, err := kubernetes.NewForConfig(config)
	if err != nil {
		log.Fatalf("Error creating clientset: %v", err)
	}

	ctx := context.TODO()
	secret, err := clientset.CoreV1().Secrets(namespace).Get(ctx, secretName, metav1.GetOptions{})
	if err != nil {
		log.Fatalf("Error getting secret %s/%s: %v", namespace, secretName, err)
	}

	switch operation {
	case "list":
		fmt.Printf("Content of secret %s/%s:\n", namespace, secretName)
		if len(secret.Data) == 0 {
			fmt.Println("  (empty)")
		}
		for k, v := range secret.Data {
			fmt.Printf("  - %s: %s\n", k, string(v))
		}

	case "add":
		if key == "" || value == "" {
			log.Fatal("Error: --key and --value are required for 'add' operation")
		}
		if secret.Data == nil {
			secret.Data = make(map[string][]byte)
		}
		secret.Data[key] = []byte(value)
		_, err = clientset.CoreV1().Secrets(namespace).Update(ctx, secret, metav1.UpdateOptions{})
		if err != nil {
			log.Fatalf("Error updating secret: %v", err)
		}
		fmt.Printf("Successfully added/updated key '%s' in secret %s/%s\n", key, namespace, secretName)

	case "delete":
		if key == "" {
			log.Fatal("Error: --key is required for 'delete' operation")
		}
		if _, ok := secret.Data[key]; !ok {
			fmt.Printf("Warning: Key '%s' not found in secret %s/%s\n", key, namespace, secretName)
			return
		}
		delete(secret.Data, key)
		_, err = clientset.CoreV1().Secrets(namespace).Update(ctx, secret, metav1.UpdateOptions{})
		if err != nil {
			log.Fatalf("Error updating secret: %v", err)
		}
		fmt.Printf("Successfully deleted key '%s' from secret %s/%s\n", key, namespace, secretName)

	default:
		log.Fatalf("Unknown operation: %s. Use list, add, or delete.", operation)
	}
}