package smartconfig

import (
	"context"
	"fmt"
	"strings"

	secretmanager "cloud.google.com/go/secretmanager/apiv1"
	secretmanagerpb "cloud.google.com/go/secretmanager/apiv1/secretmanagerpb"
)

// GCPSecretManagerResolver retrieves secrets from Google Cloud Secret Manager.
// Usage: ${GCPSM:projects/PROJECT_ID/secrets/SECRET_NAME}
type GCPSecretManagerResolver struct{}

// Resolve retrieves the secret value from GCP Secret Manager.
func (r *GCPSecretManagerResolver) Resolve(value string) (string, error) {
	ctx := context.Background()
	client, err := secretmanager.NewClient(ctx)
	if err != nil {
		return "", fmt.Errorf("failed to create GCP Secret Manager client: %w", err)
	}
	defer func() {
		_ = client.Close()
	}()

	// If value doesn't contain a version, append /versions/latest
	if !strings.Contains(value, "/versions/") {
		value = value + "/versions/latest"
	}

	req := &secretmanagerpb.AccessSecretVersionRequest{
		Name: value,
	}

	result, err := client.AccessSecretVersion(ctx, req)
	if err != nil {
		return "", fmt.Errorf("failed to access secret %s: %w", value, err)
	}

	return string(result.Payload.Data), nil
}