from airflow import DAG
from airflow.operators.python import PythonOperator
from datetime import datetime
import os
import oci
import base64
from oci.auth.signers import InstancePrincipalsSecurityTokenSigner, get_resource_principals_signer

def debug_oci_authentication_method(**context):
    resource_principal_version = os.environ.get('OCI_RESOURCE_PRINCIPAL_VERSION')
    
    if resource_principal_version:
        print("RESOURCE PRINCIPAL - Container")
        signer = get_resource_principals_signer()
    else:
        print("INSTANCE PRINCIPAL - VM/Compute")
        signer = InstancePrincipalsSecurityTokenSigner()
    
    env = os.getenv("MRDS_ENV")
    
    if env == "dev":
        secret_ocid = "ocid1.vaultsecret.oc1.eu-frankfurt-1.amaaaaaa2ky4jjya3tsglrzfgiyfisxchref774l5y4nrler2vn54lr3li7q"
        secret_name = "ap-devo_lab-mrds"
        region = "eu-frankfurt-1"
        
    elif env == "tst":
        secret_ocid = "ocid1.vaultsecret.oc1.eu-frankfurt-1.amaaaaaa2ky4jjyayqqotyowhpoml3v5szkwhmtu4rq6bplpkvdruzupz3ma"
        secret_name = "ap-devo_tst-mrds"
        region = "eu-frankfurt-1"
        
    else:
        raise ValueError(f"Unsupported environment: {env}. Expected 'dev' or 'tst'")

    print(f"Environment: {env}")
    print(f"Secret Name: {secret_name}")
    print(f"Secret OCID: {secret_ocid}")
    print(f"Region: {region}")

    config = {"region": region}
    secrets_client = oci.secrets.SecretsClient(config=config, signer=signer)
    
    try:
        bundle = secrets_client.get_secret_bundle(secret_id=secret_ocid)
        password = base64.b64decode(bundle.data.secret_bundle_content.content).decode('utf-8')
        
        print(f"Secret '{secret_name}' retrieved successfully: {len(password)} characters")
        
        return {
            'password': password,
            'secret_name': secret_name,
            'secret_ocid': secret_ocid,
            'environment': env,
            'region': region
        }
        
    except Exception as e:
        print(f"Error retrieving secret '{secret_name}' with OCID '{secret_ocid}': {str(e)}")
        raise

dag = DAG(
    'oci_principal_authentication_debug',
    start_date=datetime(2024, 1, 1),
    schedule_interval=None,
    catchup=False,
    description='Debug OCI authentication and retrieve secrets using Secret OCID'
)

debug_task = PythonOperator(
    task_id='detect_principal_type_and_get_secret',
    python_callable=debug_oci_authentication_method,
    dag=dag
)