package secretsengine

import (
	"context"

	"github.com/hashicorp/vault/sdk/framework"
	"github.com/hashicorp/vault/sdk/logical"
)

const staticCredPath = "static-cred/"

func pathStaticCreds(b *krbBackend) []*framework.Path {
	return []*framework.Path{
		{
			Pattern: staticCredPath + framework.GenericNameRegex("name"),
			Fields: map[string]*framework.FieldSchema{
				"name": {
					Type:        framework.TypeLowerCaseString,
					Description: "Name of the static role.",
				},
			},
			Operations: map[logical.Operation]framework.OperationHandler{
				logical.ReadOperation: &framework.PathOperation{
					Callback: b.pathStaticCredsRead,
				},
			},
			HelpSynopsis:    pathStaticCredsReadHelpSyn,
			HelpDescription: pathStaticCredsReadHelpDesc,
		},
	}
}

func (b *krbBackend) pathStaticCredsRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
	name := data.Get("name").(string)

	role, err := b.getRole(ctx, req.Storage, name)
	if err != nil {
		return nil, err
	}
	if role == nil {
		return logical.ErrorResponse("unknown role: %s", name), nil
	}

	return &logical.Response{
		Data: map[string]interface{}{
			"principal":           role.Principal,
			"password":            role.Password,
			"last_vault_rotation": role.LastVaultRotation,
		},
	}, nil
}

const pathStaticCredsReadHelpSyn = `
Request credentials for a certain static role. These credentials are
rotated periodically.`

const pathStaticCredsReadHelpDesc = `
This path reads credentials for a certain static role.
The credentials are rotated periodically according to their configuration, and will
return the same password until they are rotated.
`