from typing import List

from aws_cdk import core as cdk

from cache import elasticache_secret as secret
from config.default import default
from config import config_util as config


def get_user_secrets(scope: cdk.Construct) -> List:
    """
    Create and store username as well as autogenerated password in AWS SecretsManager.

    Args:
        scope: the cdk construct.

    Returns: None
    """
    secret_config = config.get_secret_config()
    if secret_config is None:
        return None

    auth_token_enabled = secret_config.get('auth_token_enabled', default['auth_token_enabled'])
    if auth_token_enabled is True:
        return None

    users = secret_config.get('users', None)
    if users is None:
        return None

    cluster_name = config.get_cluster_name()
    user_secrets = []
    for idx, user in enumerate(users):
        user_id = config.get_user_id(user)
        if user_id is None:
            return None

        user_name = config.get_user_name(user)
        if user_name is None:
            return None

        user_secret = secret.UserSecret(
            scope, f"ElasticacheUserSecret-{idx}",
            secret_name=f"/elasticache/{cluster_name}/{user_name}",
            user_id=user_id,
            user_name=user_name,
            user_acl=config.get_user_acl(user),
            cluster_name=cluster_name,
            cmk=config.get_cmk(),
        )
        user_secrets.append(user_secret)

    return user_secrets


def get_auth_token(scope: cdk.Construct) -> str:
    """
    Create and store the auto generated Redis Auth Token/Password in AWS SecretsManager.
    AuthToken can be specified only on replication groups where TransitEncryptionEnabled is true

    Args:
        scope: the cdk construct.

    Returns: str
    """

    auth_token_enabled = config.get_auth_token_enabled();
    if auth_token_enabled is False:
        return None

    if config.get_transit_encryption() is False:
        print('The AUTH token is only supported when encryption-in-transit is enabled')
        return None

    cluster_name = config.get_cluster_name()
    token_secret = secret.TokenSecret(
        scope, "ElasticacheTokenSecret",
        secret_name=f"/elasticache/{cluster_name}/auth-token",
        cluster_name=cluster_name,
        cmk=config.get_cmk()
    )
    return token_secret.secret.secret_value_from_json("token").to_string()