# Copyright 2024-2025 Ping Identity Corporation. All Rights Reserved
#
# This code is to be used exclusively in connection with Ping Identity
# Corporation software or services. Ping Identity Corporation only offers
# such software or services to legal entities who have entered into a
# binding license agreement with Ping Identity Corporation.
# -*- coding: utf-8 -*-

# load tasks used by configuration file
from pyrock.tests.stress.am.authn_rest.tasks.mytasks import EnablePrometheusMonitoring
from pyrock.tasks.deployment.configuration_idm import PrepareWorkloadTask
from pyrock.tasks.scenario.gatling import GatlingTask
from pyrock.tasks.idm.general import DumpIDMIDWithAPITask
from pyrock.lib.scheduler.tasks.StepTask import StepTask
from pyrock.lib.PyRockRun import get_pyrock_run
from shared.lib.platform_utils import PlatformUtils
from shared.lib.utils.exception import FailException

pyrock_run = get_pyrock_run()


class CreatePolicyUserAndGroup(StepTask):

    def __init__(self, **kwargs):
        super().__init__(**kwargs)
        self.cookies = None
        self.group_id = None
        self.user_id = None
        self.platform_utils = None
        self.am = None
        self.idm = None

    def pre(self):
        if pyrock_run.is_component(self.target_name) and self.target.component_type == "am":
            pyrock_run.log(f"target ({self.target_name}) is an AM component")
        else:
            raise FailException(f"target ({self.target_name}) must be an AM component or pod")

        self.platform_utils = PlatformUtils(
            pyrock_run.get_components(), deployment=pyrock_run.deployment.default_deployment
        )
        self.am = pyrock_run.get_component("am")
        self.idm = pyrock_run.get_component("idm")
        self.cookies = self.am.get_user_cookies()

    def step1(self):
        """Create managed group with Entitlement Rest Access privilege to edit evaluate policies"""
        response = self.platform_utils.create_managed_group(
            group_name="polievals", group_description="Group with Entitlement Rest Access privilege"
        )
        self.group_id = response.json()["_id"]
        self.platform_utils.update_group_privileges(cookies=self.cookies, group_id=self.group_id)

    def step2(self):
        """Create a managed user"""
        username = "poliEval"
        password = "Secret12!"
        response = self.platform_utils.create_idm_test_user(
            username=username, password=password, given_name="Poli", sn="Eval"
        ).json()

        if "userName" in response and "_id" in response:
            self.user_id = response["_id"]

            # Verification
            username = response["userName"]
            self.platform_utils.query_idm_for_user(self.user_id)
            self.am.authenticate_user(username, password)

            headers = {"X-OpenIDM-Username": username, "X-OpenIDM-Password": password, "X-OpenIDM-NoSession": "false"}
            self.idm.authenticate_user(headers)
        else:
            raise FailException(f'"username" and "_id" keys are not present in the json response: {response}')

    def step3(self):
        """Add the user to the managed group"""
        response = self.platform_utils.add_group_member_statically(group_id=self.group_id, user_id=self.user_id)


class CreatePolicies(StepTask):

    def __init__(self, **kwargs):
        super().__init__(**kwargs)
        self.cookies = None
        self.url_uuid = None
        self.platform_utils = None
        self.group_id = None
        self.user_id = None
        self.response = None
        self.am = None
        self.actions = {"POST": True, "GET": True}
        self.condition = {"type": "AuthenticateToService", "authenticateToService": "TxAuthZ"}

    def pre(self):
        if pyrock_run.is_component(self.target_name) and self.target.component_type == "am":
            pyrock_run.log(f"target ({self.target_name}) is an AM component")
        else:
            raise FailException(f"target ({self.target_name}) must be an AM component or pod")

        self.platform_utils = PlatformUtils(
            pyrock_run.get_components(), deployment=pyrock_run.deployment.default_deployment
        )
        self.am = pyrock_run.get_component("am")
        self.cookies = self.am.get_user_cookies()
        self.url_uuid = self.platform_utils.get_url_resource_uuid(self.cookies)

    def step1(self):
        """Create the policy set"""
        self.response = self.platform_utils.create_url_authorization_policy_set(
            cookies=self.cookies, name="PolicySet1", description="MS Journey", url_uuid=self.url_uuid
        )
        pyrock_run.log(f"Response {self.response}")

    def step2(self):
        """Create the policy rule"""
        self.platform_utils.add_policy(
            cookies=self.cookies,
            url_uuid=self.url_uuid,
            name="CustomMSPolicy",
            endpoint="txauthz",
            description="session upgrade for txauthz",
            application_name=self.response.json()["name"],
            actions=self.actions,
            subjects="AuthenticatedUsers",
            environments=self.condition,
        )