/*
Copyright (c) Edgeless Systems GmbH

SPDX-License-Identifier: AGPL-3.0-only
*/

package provider

import (
	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
	"github.com/hashicorp/terraform-plugin-framework/types"
)

const (
	// attributeInput is the attribute type used for input variables.
	attributeInput attributeType = true
	// attributeOutput is the attribute type used for output variables.
	attributeOutput attributeType = false
)

type attributeType bool

func newAttestationVariantAttribute(t attributeType) schema.Attribute {
	isInput := bool(t)
	return schema.StringAttribute{
		Description: "Attestation variant the image should work with. (e.g. `azure-sev-snp`)",
		MarkdownDescription: "Attestation variant the image should work with. Can be one of:\n" +
			"  * `aws-sev-snp`\n" +
			"  * `aws-nitro-tpm`\n" +
			"  * `azure-sev-snp`\n" +
			"  * `gcp-sev-es`\n",
		Required: isInput,
		Computed: !isInput,
		Validators: []validator.String{
			stringvalidator.OneOf("aws-sev-snp", "aws-nitro-tpm", "azure-sev-snp", "gcp-sev-es"),
		},
	}
}

func newCSPAttribute() schema.Attribute {
	return schema.StringAttribute{
		Description: "CSP (Cloud Service Provider) to use. (e.g. `azure`)",
		MarkdownDescription: "CSP (Cloud Service Provider) to use. (e.g. `azure`)\n" +
			"See the [full list of CSPs](https://docs.edgeless.systems/constellation/overview/clouds) that Constellation supports.",
		Required: true,
		Validators: []validator.String{
			stringvalidator.OneOf("aws", "azure", "gcp"),
		},
	}
}

func newMeasurementsAttribute(t attributeType) schema.Attribute {
	isInput := bool(t)
	return schema.MapNestedAttribute{
		Computed: !isInput,
		Required: isInput,
		NestedObject: schema.NestedAttributeObject{
			Attributes: map[string]schema.Attribute{
				"expected": schema.StringAttribute{
					Required: isInput,
					Computed: !isInput,
				},
				"warn_only": schema.BoolAttribute{
					Required: isInput,
					Computed: !isInput,
				},
			},
		},
	}
}

func newAttestationConfigAttribute(t attributeType) schema.Attribute {
	isInput := bool(t)
	return schema.SingleNestedAttribute{
		Computed:            !isInput,
		Required:            isInput,
		MarkdownDescription: "Attestation comprises the measurements and SEV-SNP specific parameters.",
		Description:         "The values provide sensible defaults. See the docs for advanced usage.", // TODO(elchead): AB#3568
		Attributes: map[string]schema.Attribute{
			"variant": newAttestationVariantAttribute(t), // duplicated for convenience in cluster resource
			"bootloader_version": schema.Int64Attribute{
				Computed: !isInput,
				Required: isInput,
			},
			"tee_version": schema.Int64Attribute{
				Computed: !isInput,
				Required: isInput,
			},
			"snp_version": schema.Int64Attribute{
				Computed: !isInput,
				Required: isInput,
			},
			"microcode_version": schema.Int64Attribute{
				Computed: !isInput,
				Required: isInput,
			},
			"azure_firmware_signer_config": schema.SingleNestedAttribute{
				Computed: !isInput,
				Optional: isInput,
				Attributes: map[string]schema.Attribute{
					"accepted_key_digests": schema.ListAttribute{
						Computed:    !isInput,
						Optional:    isInput,
						ElementType: types.StringType,
					},
					"enforcement_policy": schema.StringAttribute{
						Computed: !isInput,
						Optional: isInput,
					},
					"maa_url": schema.StringAttribute{
						Computed: !isInput,
						Optional: isInput,
					},
				},
			},
			"amd_root_key": schema.StringAttribute{
				Computed: !isInput,
				Required: isInput,
			},
			"measurements": newMeasurementsAttribute(t),
		},
	}
}