#!/bin/bash

# Comprehensive access testing for nginx-load-balancer
# Tests different networking scenarios and boundaries

set -e

echo "🌐 nginx-load-balancer Access Testing"
echo "====================================="
echo ""

# Colors
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
RED='\033[0;31m'
NC='\033[0m' # No Color

echo "🔍 Testing network accessibility and boundaries..."
echo ""

# Get service information
SERVICE_IP=$(kubectl get svc nginx-load-balancer-service -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
SERVICE_PORT="8080"

# Get all LoadBalancer IPs
LB_IPS=$(kubectl get svc nginx-load-balancer-service -o jsonpath='{.status.loadBalancer.ingress[*].ip}')
SERVICE_CLUSTER_IP=$(kubectl get svc nginx-load-balancer-service -o jsonpath='{.spec.clusterIP}')

# Get node information
WORKER_NODES=$(kubectl get nodes -l "!node-role.kubernetes.io/master" -o name)
MASTER_NODES=$(kubectl get nodes -l "node-role.kubernetes.io/master" -o name)

echo "📊 Service Information:"
echo "• Cluster IP: $SERVICE_CLUSTER_IP"
echo "• LoadBalancer IPs: $LB_IPS"
echo "• Port: $SERVICE_PORT"
echo ""

echo "🏗️  Cluster Node Information:"
echo "Worker nodes:"
for node in $WORKER_NODES; do
    echo "  • $node"
done

if [ -n "$MASTER_NODES" ]; then
    echo "Master nodes:"
    for node in $MASTER_NODES; do
        echo "  • $node"
    done
fi
echo ""

# Test 1: Cluster-internal access (from within cluster)
echo "🧪 Test 1: Cluster-Internal Access"
echo "=================================="
echo "Testing access from within the cluster..."
echo ""

# Create a test pod to access the service from inside the cluster
echo "Creating test pod in cluster..."
cat <<EOF | kubectl apply -f - > /dev/null 2>&1
apiVersion: v1
kind: Pod
metadata:
  name: access-test-pod
  labels:
    app: access-test
spec:
  containers:
  - name: curl
    image: curlimages/curl:latest
    command: ["sleep", "3600"]
  restartPolicy: Never
EOF

echo "Waiting for test pod to be ready..."
kubectl wait --for=condition=ready pod/access-test-pod --timeout=30s > /dev/null 2>&1

echo "Testing cluster-internal access:"
# Test via service name
echo "• Service name (nginx-load-balancer-service):"
if kubectl exec access-test-pod -- curl -s -f "http://nginx-load-balancer-service:$SERVICE_PORT" > /dev/null 2>&1; then
    echo -e "${GREEN}  ✅ SUCCESS: Can access via service name${NC}"
else
    echo -e "${RED}  ❌ FAILED: Cannot access via service name${NC}"
fi

# Test via cluster IP
echo "• Cluster IP ($SERVICE_CLUSTER_IP):"
if kubectl exec access-test-pod -- curl -s -f "http://$SERVICE_CLUSTER_IP:$SERVICE_PORT" > /dev/null 2>&1; then
    echo -e "${GREEN}  ✅ SUCCESS: Can access via cluster IP${NC}"
else
    echo -e "${RED}  ❌ FAILED: Cannot access via cluster IP${NC}"
fi

# Test via LoadBalancer IP
echo "• LoadBalancer IP ($SERVICE_IP):"
if [ -n "$SERVICE_IP" ]; then
    if kubectl exec access-test-pod -- curl -s -f "http://$SERVICE_IP:$SERVICE_PORT" > /dev/null 2>&1; then
        echo -e "${GREEN}  ✅ SUCCESS: Can access via LoadBalancer IP${NC}"
    else
        echo -e "${RED}  ❌ FAILED: Cannot access via LoadBalancer IP${NC}"
    fi
else
    echo -e "${YELLOW}  ⚠️  No LoadBalancer IP available${NC}"
fi

# Clean up test pod
kubectl delete pod access-test-pod --ignore-not-found=true > /dev/null 2>&1

echo ""
echo -e "${BLUE}💡 Cluster-Internal Access Results:${NC}"
echo "• This tests if the service works from inside the Kubernetes cluster"
echo "• Service name should always work (DNS resolution)"
echo "• Cluster IP should work (internal networking)"
echo "• LoadBalancer IP may or may not work from inside (depends on network config)"
echo ""

# Test 2: External access from current machine
echo "🧪 Test 2: External Access (Current Machine)"
echo "============================================"
echo "Testing access from your current machine (local PC)..."
echo ""

echo "Current machine location: $(hostname)"
echo "Current user: $(whoami)"
echo ""

# Test LoadBalancer IP access
if [ -n "$SERVICE_IP" ]; then
    echo "Testing LoadBalancer IP ($SERVICE_IP) from current machine:"
    
    # Test IPv4
    echo "• IPv4 access (http://$SERVICE_IP:$SERVICE_PORT):"
    if timeout 10 curl -s -f "http://$SERVICE_IP:$SERVICE_PORT" > /dev/null 2>&1; then
        echo -e "${GREEN}  ✅ SUCCESS: IPv4 access works from current machine${NC}"
        echo "  Content preview:"
        curl -s "http://$SERVICE_IP:$SERVICE_PORT" | head -3
    else
        echo -e "${RED}  ❌ FAILED: IPv4 access does not work from current machine${NC}"
        echo "  This means the LoadBalancer IP is not routable from your location"
    fi
    
    echo ""
    # Test IPv6
    echo "• IPv6 access (curl -6 'http://$SERVICE_IP:$SERVICE_PORT'):"
    if timeout 10 curl -6 -s -f "http://$SERVICE_IP:$SERVICE_PORT" > /dev/null 2>&1; then
        echo -e "${GREEN}  ✅ SUCCESS: IPv6 access works from current machine${NC}"
        echo "  Content preview:"
        curl -6 -s "http://$SERVICE_IP:$SERVICE_PORT" | head -3
    else
        echo -e "${RED}  ❌ FAILED: IPv6 access does not work from current machine${NC}"
        echo "  This means the IPv6 address is not routable from your location"
    fi
else
    echo -e "${YELLOW}⚠️  No LoadBalancer IP to test${NC}"
fi

echo ""
echo -e "${BLUE}💡 External Access Results:${NC}"
echo "• This tests if you can access the service from your local machine"
echo "• If this fails, the service is only accessible from within the cluster"
echo "• This is normal for many cloud setups (LoadBalancer IPs are cluster-internal)"
echo ""

# Test 3: Network diagnostics
echo "🧪 Test 3: Network Diagnostics"
echo "=============================="
echo ""

echo "🔍 Network Interface Information:"
echo "Current machine network configuration:"
ip addr show 2>/dev/null | grep -E "(inet|interface)" | head -5 || echo "Could not retrieve network info"
echo ""

echo "🔍 Routing Information:"
echo "Current routing table:"
ip route 2>/dev/null | head -5 || echo "Could not retrieve routing info"
echo ""

echo "🔍 DNS Resolution:"
echo "Testing DNS for the LoadBalancer IP:"
host $SERVICE_IP 2>/dev/null || echo "No DNS record for $SERVICE_IP"
echo ""

echo "🔍 Ping Test:"
if [ -n "$SERVICE_IP" ]; then
    echo "Pinging LoadBalancer IP ($SERVICE_IP):"
    if ping -c 2 $SERVICE_IP > /dev/null 2>&1; then
        echo -e "${GREEN}  ✅ SUCCESS: IP is pingable${NC}"
    else
        echo -e "${RED}  ❌ FAILED: IP is not pingable${NC}"
    fi
fi
echo ""

# Test 4: Access method analysis
echo "🧪 Test 4: Access Method Analysis"
echo "================================="
echo ""

echo "🎯 Access Scenarios Analysis:"
echo ""

# Scenario 1: Cluster-internal only
echo "Scenario 1: Cluster-Internal Only (Most Common)"
echo "• How: kubectl exec into a pod and access the service"
echo "• Use case: Microservices communicating with each other"
echo "• Command: kubectl run test --image=curlimages/curl --rm -it -- curl http://nginx-load-balancer-service:8080"
echo ""

# Scenario 2: Local machine access
echo "Scenario 2: Local Machine Access"
echo "• How: Direct HTTP requests from your PC to LoadBalancer IP"
echo "• Use case: Testing services from development machine"
echo "• Command: curl http://$SERVICE_IP:$SERVICE_PORT"
echo ""

# Scenario 3: Node port access
echo "Scenario 3: Node Port Access (Alternative)"
echo "• How: Access via individual node IPs + port"
echo "• Use case: When LoadBalancer IP is not externally accessible"
echo "• Get node IPs: kubectl get nodes -o wide"
echo "• Test: curl http://[node-ip]:8080"
echo ""

# Final recommendations
echo "======================================"
echo "📋 NETWORK ACCESS SUMMARY"
echo "======================================"
echo ""

echo -e "${BLUE}🔍 Current Status:${NC}"

# Check if external access works
if [ -n "$SERVICE_IP" ]; then
    if timeout 5 curl -s -f "http://$SERVICE_IP:$SERVICE_PORT" > /dev/null 2>&1; then
        echo -e "${GREEN}✅ EXTERNAL ACCESS: Works from your local machine${NC}"
        echo "  You can access http://$SERVICE_IP:$SERVICE_PORT directly"
        echo "  LoadBalancer is externally routable"
    else
        echo -e "${YELLOW}⚠️  EXTERNAL ACCESS: Does not work from your local machine${NC}"
        echo "  LoadBalancer IP is cluster-internal only"
        echo "  This is normal for many cloud environments"
    fi
else
    echo -e "${YELLOW}⚠️  NO LOADBALANCER IP ASSIGNED${NC}"
fi

echo ""
echo -e "${BLUE}🎯 Recommended Access Methods:${NC}"

echo "1. For testing from local machine:"
if [ -n "$SERVICE_IP" ]; then
    echo "   • Try: curl http://$SERVICE_IP:$SERVICE_PORT"
    echo "   • Try: curl -6 http://$SERVICE_IP:$SERVICE_PORT"
else
    echo "   • LoadBalancer IP not available"
fi

echo ""
echo "2. For cluster-internal testing:"
echo "   • kubectl run test --image=curlimages/curl --rm -it -- curl http://nginx-load-balancer-service:8080"

echo ""
echo "3. For alternative access (if LoadBalancer doesn't work externally):"
echo "   • kubectl get nodes -o wide"
echo "   • Test direct node access: curl http://[node-ip]:8080"

echo ""
echo -e "${BLUE}🛠️  If External Access Doesn't Work:${NC}"
echo "• This is normal for many Kubernetes setups"
echo "• LoadBalancer services may only be accessible within the cluster"
echo "• Mycelium Cloud may require specific network configuration for external access"
echo "• Consider using port forwarding: kubectl port-forward svc/nginx-load-balancer-service 8080:8080"

echo ""
echo "✅ Access testing complete!"
echo ""
echo "💡 Next steps based on results:"
echo "• If external access works: Use LoadBalancer IP for development"
echo "• If external access doesn't work: Use port-forwarding or internal testing"
echo "• Always test both IPv4 and IPv6 when available"