import { SecretNotFoundError } from '../errors';
import AwsSecretsManagerProvider, { ICredentials } from '../providers/AwsSecretsManager';
import AzureKeyVaultProvider from '../providers/AzureKeyVault';
import CloudProviderBase from '../providers/CloudProviderBase';
import EnvironmentProvider from '../providers/Environment';
import ProviderBase from '../providers/ProviderBase';

export interface IAwsConfig {
  secretsManagerSecretId: string;
  region: string;
  credentials?: ICredentials;
}

export interface IAzureConfig {
  keyVaultName: string;
}

export interface ISecretServiceParams {
  awsConfig?: IAwsConfig;
  azureConfig?: IAzureConfig;
}

export default class SecretService {
  private readonly secretProvider: ProviderBase | CloudProviderBase;

  constructor(params?: ISecretServiceParams) {
    this.secretProvider = this.getSecretProvider(params);
  }

  private getSecretProvider(params?: ISecretServiceParams): ProviderBase {
    const { awsConfig, azureConfig } = params || {};

    if (azureConfig) {
      return new AzureKeyVaultProvider(azureConfig.keyVaultName);
    }

    if (awsConfig) {
      const awsProvider = new AwsSecretsManagerProvider(
        awsConfig.secretsManagerSecretId,
        awsConfig.region,
        awsConfig.credentials,
      );

      return awsProvider;
    }

    return new EnvironmentProvider();
  }

  public async getSecret(key: string) {
    const secretValue = await this.secretProvider.getSecret(key);

    if (!secretValue) {
      throw new SecretNotFoundError(key);
    }

    return secretValue;
  }

  public async getAll(): Promise<Record<string, string>> {
    return this.secretProvider.getAll();
  }

  public async getOptionalSecret(key: string) {
    try {
      return await this.secretProvider.getSecret(key);
    } catch (error) {
      return new EnvironmentProvider().getSecret(key);
    }
  }
}