/*
Copyright (c) Edgeless Systems GmbH

SPDX-License-Identifier: AGPL-3.0-only
*/

/*
Package constants contains the constants used by Constellation.
Constants should never be overwritable by command line flags or configuration files.
*/
package constants

import (
	"fmt"
	"time"

	"github.com/edgelesssys/constellation/v2/internal/semver"
)

const (
	//
	// Constellation.
	//

	// ConstellationNameLength is the maximum length of a Constellation's name.
	ConstellationNameLength = 37
	// AWSConstellationNameLength is the maximum length of a Constellation's name on AWS.
	AWSConstellationNameLength = 10
	// ConstellationMasterSecretStoreName is the name for the Constellation secrets in Kubernetes.
	ConstellationMasterSecretStoreName = "constellation-mastersecret"
	// ConstellationMasterSecretKey is the name of the key for the master secret in the master secret kubernetes secret.
	ConstellationMasterSecretKey = "mastersecret"
	// ConstellationSaltKey is the name of the key for the salt in the master secret kubernetes secret.
	ConstellationSaltKey = "salt"
	// ConstellationVerifyServiceUserData is the user data that the verification service includes in the attestation.
	ConstellationVerifyServiceUserData = "VerifyService"
	// AttestationVariant is the name of the environment variable that contains the attestation variant.
	AttestationVariant = "CONSTEL_ATTESTATION_VARIANT"
	// DefaultControlPlaneGroupName is the name of the default control plane node group.
	DefaultControlPlaneGroupName = "control_plane_default"
	// DefaultWorkerGroupName is the name of the default worker node group.
	DefaultWorkerGroupName = "worker_default"

	//
	// Ports.
	//

	// JoinServicePort is the port for reaching the join service within Kubernetes.
	JoinServicePort = 9090
	// JoinServiceNodePort is the port for reaching the join service outside of Kubernetes.
	JoinServiceNodePort = 30090
	// VerifyServicePortHTTP HTTP port for verification service.
	VerifyServicePortHTTP = 8080
	// VerifyServicePortGRPC GRPC port for verification service.
	VerifyServicePortGRPC = 9090
	// VerifyServiceNodePortHTTP HTTP node port for verification service.
	VerifyServiceNodePortHTTP = 30080
	// VerifyServiceNodePortGRPC GRPC node port for verification service.
	VerifyServiceNodePortGRPC = 30081
	// KeyServicePort is the port the KMS server listens on.
	KeyServicePort = 9000
	// BootstrapperPort port of bootstrapper.
	BootstrapperPort = 9000
	// KubernetesPort port for Kubernetes API.
	KubernetesPort = 6443
	// RecoveryPort port for Constellation recovery server.
	RecoveryPort = 9999
	// DebugdPort port for debugd process.
	DebugdPort = 4000

	//
	// Filenames.
	//

	// StateFilename filename that contains the entire state of the Constellation cluster.
	StateFilename = "constellation-state.yaml"
	// ConfigFilename filename of Constellation config file.
	ConfigFilename = "constellation-conf.yaml"
	// LicenseFilename filename of Constellation license file.
	LicenseFilename = "constellation.license"
	// AdminConfFilename filename of KubeConfig for admin access to Constellation.
	AdminConfFilename = "constellation-admin.conf"
	// MasterSecretFilename filename of Constellation mastersecret.
	MasterSecretFilename = "constellation-mastersecret.json"
	// TerraformWorkingDir is the directory name for the TerraformClient workspace.
	TerraformWorkingDir = "constellation-terraform"
	// TerraformIAMWorkingDir is the directory name for the Terraform IAM Client workspace.
	TerraformIAMWorkingDir = "constellation-iam-terraform"
	// GCPServiceAccountKeyFilename is the file name for the GCP service account key file.
	GCPServiceAccountKeyFilename = "gcpServiceAccountKey.json"
	// ErrorLog file which contains server errors during init.
	ErrorLog = "constellation-cluster.log"
	// ControlPlaneAdminConfFilename filepath to control plane kubernetes admin config.
	ControlPlaneAdminConfFilename = "/etc/kubernetes/admin.conf"
	// KubectlPath path to kubectl binary.
	KubectlPath = "/run/state/bin/kubectl"
	// UpgradeAgentSocketPath is the path to the UDS that is used for the gRPC connection to the upgrade agent.
	UpgradeAgentSocketPath = "/run/constellation-upgrade-agent.sock"
	// UpgradeAgentMountPath is the path inside the operator container where the UDS is mounted.
	UpgradeAgentMountPath = "/etc/constellation-upgrade-agent.sock"
	// CniPluginsDir path directory for CNI plugins.
	CniPluginsDir = "/opt/cni/bin"
	// BinDir install path for CNI config.
	BinDir = "/run/state/bin"
	// KubeadmPath install path for kubeadm.
	KubeadmPath = "/run/state/bin/kubeadm"
	// KubeletPath install path for kubelet.
	KubeletPath = "/run/state/bin/kubelet"

	//
	// Filenames for Constellation's micro services.
	//

	// ServiceBasePath is the base path for the mounted micro service's files.
	ServiceBasePath = "/var/config"
	// AttestationConfigFilename is the filename of the config used for CC validation.
	AttestationConfigFilename = "attestationConfig"
	// MeasurementSaltFilename is the filename of the salt used in creation of the clusterID.
	MeasurementSaltFilename = "measurementSalt"
	// MeasurementSecretFilename is the filename of the secret used in creation of the clusterID.
	MeasurementSecretFilename = "measurementSecret"

	// K8sVersionFieldName is the name of the of the key holding the wanted Kubernetes version.
	K8sVersionFieldName = "cluster-version"
	// ComponentsListKey is the name of the key holding the list of components in the components configMap.
	ComponentsListKey = "components"
	// SevSnpCertCacheConfigMapName is the name of the configMap holding the SEV-SNP certificate cache in the join service.
	SevSnpCertCacheConfigMapName = "sev-snp-cert-cache"
	// CertCacheAskKey is the name of the key holding the ASK certificate in the SEV-SNP certificate cache.
	CertCacheAskKey = "ask"
	// CertCacheArkKey is the name of the key holding the ARK certificate in the SEV-SNP certificate cache.
	CertCacheArkKey = "ark"
	// NodeVersionResourceName resource name used for NodeVersion in constellation-operator and CLI.
	NodeVersionResourceName = "constellation-version"
	// NodeKubernetesComponentsAnnotationKey is the name of the annotation holding the reference to the ConfigMap listing all K8s components.
	NodeKubernetesComponentsAnnotationKey = "constellation.edgeless.systems/kubernetes-components"
	// JoiningNodesConfigMapName is the name of the configMap holding the joining nodes with the components hashes the node-operator should annotate the nodes with.
	JoiningNodesConfigMapName = "joining-nodes"

	//
	// CLI.
	//

	// MinControllerCount is the minimum number of control nodes.
	MinControllerCount = 1
	// MinWorkerCount is the minimum number of worker nodes.
	MinWorkerCount = 1
	// EnvVarPrefix is expected prefix for environment variables used to overwrite config parameters.
	EnvVarPrefix = "CONSTELL_"
	// EnvVarAzureClientSecretValue is environment variable to overwrite
	// provider.azure.clientSecretValue .
	EnvVarAzureClientSecretValue = EnvVarPrefix + "AZURE_CLIENT_SECRET_VALUE"
	// EnvVarOpenStackPassword is environment variable to overwrite
	// provider.openstack.password .
	EnvVarOpenStackPassword = EnvVarPrefix + "OS_PASSWORD"
	// EnvVarNoSpinner is environment variable used to disable the loading indicator (spinner)
	// displayed in Constellation CLI. Any non-empty value, e.g., CONSTELL_NO_SPINNER=1,
	// can be used to disable the spinner.
	EnvVarNoSpinner = EnvVarPrefix + "NO_SPINNER"
	// MiniConstellationUID is a sentinel value for the UID of a mini constellation.
	MiniConstellationUID = "mini"
	// MiniConstellationName is a sentinel value for the name of a mini constellation.
	MiniConstellationName = MiniConstellationUID + "-qemu"
	// TerraformLogFile is the file name of the Terraform log file.
	TerraformLogFile = "terraform.log"
	// TerraformUpgradeWorkingDir is the directory name for the Terraform workspace being used in an upgrade.
	TerraformUpgradeWorkingDir = "terraform"
	// TerraformIAMUpgradeWorkingDir is the directory name for the Terraform IAM workspace being used in an upgrade.
	TerraformIAMUpgradeWorkingDir = "terraform-iam"
	// TerraformUpgradeBackupDir is the directory name being used to backup the pre-upgrade state in an upgrade.
	TerraformUpgradeBackupDir = "terraform-backup"
	// TerraformIAMUpgradeBackupDir is the directory name being used to backup the pre-upgrade state of iam in an upgrade.
	TerraformIAMUpgradeBackupDir = "terraform-iam-backup"
	// TerraformEmbeddedDir is the name of the base directory embedded in the CLI binary containing the Terraform files.
	TerraformEmbeddedDir = "infrastructure"
	// UpgradeDir is the name of the directory being used for cluster upgrades.
	UpgradeDir = "constellation-upgrade"
	// ControlPlaneDefault is the name of the default control plane worker group.
	ControlPlaneDefault = "control_plane_default"
	// WorkerDefault is the name of the default worker group.
	WorkerDefault = "worker_default"

	//
	// Kubernetes.
	//

	// KubernetesJoinTokenTTL time to live for Kubernetes join token.
	KubernetesJoinTokenTTL = 15 * time.Minute
	// ConstellationNamespace namespace to deploy Constellation components into.
	ConstellationNamespace = "kube-system"
	// JoinConfigMap k8s config map with node join config.
	JoinConfigMap = "join-config"
	// InternalConfigMap k8s config map with internal Constellation config.
	InternalConfigMap = "internal-config"
	// KubeadmConfigMap k8s config map with kubeadm config
	// (holds ClusterConfiguration).
	KubeadmConfigMap = "kubeadm-config"
	// ClusterConfigurationKey key in kubeadm config map with ClusterConfiguration.
	ClusterConfigurationKey = "ClusterConfiguration"

	//
	// Helm.
	//

	// HelmNamespace namespace for helm charts.
	HelmNamespace = "kube-system"

	//
	// Releases.
	//

	// CDNRepositoryURL is the base URL of the Constellation CDN artifact repository.
	CDNRepositoryURL = "https://cdn.confidential.cloud"
	// CDNAPIBase is the (un-versioned) prefix of the Constellation API.
	CDNAPIBase = "constellation"
	// CDNAPIPrefix is the prefix of the Constellation API (V1).
	CDNAPIPrefix = CDNAPIBase + "/v1"
	// CDNAPIPrefixV2 is the prefix of the Constellation API (v2).
	CDNAPIPrefixV2 = CDNAPIBase + "/v2"
	// CDNAttestationConfigPrefixV1 is the prefix of the Constellation AttestationConfig API (v1).
	CDNAttestationConfigPrefixV1 = CDNAPIPrefix + "/attestation"
	// CDNMeasurementsFile is name of file containing image measurements.
	CDNMeasurementsFile = "measurements.json"
	// CDNMeasurementsSignature is name of file containing signature for CDNMeasurementsFile.
	CDNMeasurementsSignature = "measurements.json.sig"
	// CDNDefaultDistributionID is the default CloudFront distribution ID to use.
	CDNDefaultDistributionID = "E1H77EZTHC3NE4"

	//
	// PKI.
	//

	// CosignPublicKeyReleases signs all our releases.
	CosignPublicKeyReleases = `-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT
JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw==
-----END PUBLIC KEY-----
`
	// CosignPublicKeyDev signs all our development builds.
	CosignPublicKeyDev = `-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELcPl4Ik+qZuH4K049wksoXK/Os3Z
b92PDCpM7FZAINQF88s1TZS/HmRXYk62UJ4eqPduvUnJmXhNikhLbMi6fw==
-----END PUBLIC KEY-----
`
)

// BinaryVersion returns the version of this Binary.
func BinaryVersion() semver.Semver {
	version, err := semver.New(versionInfo)
	if err != nil {
		// This is not user input, unrecoverable, should never happen.
		panic(fmt.Sprintf("parsing embedded version information: %s", err))
	}

	return version
}

// Timestamp returns the commit timestamp of a binary.
func Timestamp() string {
	return timestamp
}

// Commit returns the commit hash of a binary.
func Commit() string {
	return commit
}

// State returns the git state of the working directory.
func State() string {
	return state
}

var (
	// versionInfo is the version of a binary. Left as a separate variable to allow override during build.
	versionInfo = "0.0.0"
	// timestamp is the commit timestamp of a binary. Left as a separate variable to allow override during build.
	timestamp = "1970-01-01T00:00:00Z"
	// commit is the commit hash of a binary. Left as a separate variable to allow override during build.
	commit = "0000000000000000000000000000000000000000"
	// state is the git state of the working directory. Left as a separate variable to allow override during build.
	state = "unknown"
)