# Copyright 2014 Google Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

"""Boto auth plugin for OAuth2.0 for Google Cloud Storage."""

from __future__ import absolute_import

from boto.auth_handler import AuthHandler
from boto.auth_handler import NotReadyToAuthenticate

from gcs_oauth2_boto_plugin import oauth2_client
from gcs_oauth2_boto_plugin import oauth2_helper

IS_SERVICE_ACCOUNT = False


class OAuth2Auth(AuthHandler):

  capability = ['google-oauth2', 's3']

  def __init__(self, path, config, provider):
    self.oauth2_client = None
    if (provider.name == 'google'):
      if config.has_option('Credentials', 'gs_oauth2_refresh_token'):
        self.oauth2_client = oauth2_helper.OAuth2ClientFromBotoConfig(config)
      elif config.has_option('GoogleCompute', 'service_account'):
        self.oauth2_client = oauth2_client.CreateOAuth2GCEClient()
    if not self.oauth2_client:
      raise NotReadyToAuthenticate()

  def add_auth(self, http_request):
    http_request.headers['Authorization'] = \
        self.oauth2_client.GetAuthorizationHeader()


class OAuth2ServiceAccountAuth(AuthHandler):

  capability = ['google-oauth2', 's3']

  def __init__(self, path, config, provider):
    if (provider.name == 'google'
        and config.has_option('Credentials', 'gs_service_key_file')):
      self.oauth2_client = oauth2_helper.OAuth2ClientFromBotoConfig(config,
          cred_type=oauth2_client.CredTypes.OAUTH2_SERVICE_ACCOUNT)

      # If we make it to this point, then we will later attempt to authenticate
      # as a service account based on how the boto auth plugins work. This is
      # global so that command.py can access this value once it's set.
      # TODO: replace this approach with a way to get the current plugin
      # from boto so that we don't have to have global variables.
      global IS_SERVICE_ACCOUNT
      IS_SERVICE_ACCOUNT = True
    else:
      raise NotReadyToAuthenticate()

  def add_auth(self, http_request):
    http_request.headers['Authorization'] = \
        self.oauth2_client.GetAuthorizationHeader()