# ------------------------------------
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# ------------------------------------
import functools
import os
from typing import Any, Optional, Dict, Mapping

from azure.core.pipeline.transport import HttpRequest

from .._constants import EnvironmentVariables
from .._internal import within_dac
from .._internal.managed_identity_client import ManagedIdentityClient
from .._internal.managed_identity_base import ManagedIdentityBase


def validate_client_id_and_config(client_id: Optional[str], identity_config: Optional[Mapping[str, str]]) -> None:
    if within_dac.get():
        return
    if client_id:
        raise ValueError("client_id should not be set for cloud shell managed identity.")
    if identity_config:
        valid_keys = {"object_id", "resource_id", "client_id"}
        if len(identity_config.keys() & valid_keys) > 0:
            raise ValueError(f"identity_config must not contain the following keys: {', '.join(valid_keys)}")


class CloudShellCredential(ManagedIdentityBase):
    def get_client(self, **kwargs: Any) -> Optional[ManagedIdentityClient]:
        client_id = kwargs.get("client_id")
        identity_config = kwargs.get("identity_config")
        validate_client_id_and_config(client_id, identity_config)

        url = os.environ.get(EnvironmentVariables.MSI_ENDPOINT)
        if url:
            return ManagedIdentityClient(
                request_factory=functools.partial(_get_request, url), base_headers={"Metadata": "true"}, **kwargs
            )
        return None

    def get_unavailable_message(self, desc: str = "") -> str:
        return f"Cloud Shell managed identity configuration not found in environment. {desc}"


def _get_request(url: str, scope: str, identity_config: Dict) -> HttpRequest:
    request = HttpRequest("POST", url, data=dict({"resource": scope}, **identity_config))
    return request