// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package api

import "time"

type ServiceIntentionsConfigEntry struct {
	Kind      string
	Name      string
	Partition string `json:",omitempty"`
	Namespace string `json:",omitempty"`

	Sources []*SourceIntention
	JWT     *IntentionJWTRequirement `json:",omitempty"`

	Meta map[string]string `json:",omitempty"`

	CreateIndex uint64
	ModifyIndex uint64
}

type SourceIntention struct {
	Name          string
	Peer          string                 `json:",omitempty"`
	Partition     string                 `json:",omitempty"`
	Namespace     string                 `json:",omitempty"`
	SamenessGroup string                 `json:",omitempty" alias:"sameness_group"`
	Action        IntentionAction        `json:",omitempty"`
	Permissions   []*IntentionPermission `json:",omitempty"`
	Precedence    int
	Type          IntentionSourceType
	Description   string `json:",omitempty"`

	LegacyID         string            `json:",omitempty" alias:"legacy_id"`
	LegacyMeta       map[string]string `json:",omitempty" alias:"legacy_meta"`
	LegacyCreateTime *time.Time        `json:",omitempty" alias:"legacy_create_time"`
	LegacyUpdateTime *time.Time        `json:",omitempty" alias:"legacy_update_time"`
}

func (e *ServiceIntentionsConfigEntry) GetKind() string            { return e.Kind }
func (e *ServiceIntentionsConfigEntry) GetName() string            { return e.Name }
func (e *ServiceIntentionsConfigEntry) GetPartition() string       { return e.Partition }
func (e *ServiceIntentionsConfigEntry) GetNamespace() string       { return e.Namespace }
func (e *ServiceIntentionsConfigEntry) GetMeta() map[string]string { return e.Meta }
func (e *ServiceIntentionsConfigEntry) GetCreateIndex() uint64     { return e.CreateIndex }
func (e *ServiceIntentionsConfigEntry) GetModifyIndex() uint64     { return e.ModifyIndex }

type IntentionPermission struct {
	Action IntentionAction
	HTTP   *IntentionHTTPPermission `json:",omitempty"`
	JWT    *IntentionJWTRequirement `json:",omitempty"`
}

type IntentionHTTPPermission struct {
	PathExact  string `json:",omitempty" alias:"path_exact"`
	PathPrefix string `json:",omitempty" alias:"path_prefix"`
	PathRegex  string `json:",omitempty" alias:"path_regex"`

	Header []IntentionHTTPHeaderPermission `json:",omitempty"`

	Methods []string `json:",omitempty"`
}

type IntentionHTTPHeaderPermission struct {
	Name    string
	Present bool   `json:",omitempty"`
	Exact   string `json:",omitempty"`
	Prefix  string `json:",omitempty"`
	Suffix  string `json:",omitempty"`
	Regex   string `json:",omitempty"`
	Invert  bool   `json:",omitempty"`
}

type IntentionJWTRequirement struct {
	// Providers is a list of providers to consider when verifying a JWT.
	Providers []*IntentionJWTProvider `json:",omitempty"`
}

type IntentionJWTProvider struct {
	// Name is the name of the JWT provider. There MUST be a corresponding
	// "jwt-provider" config entry with this name.
	Name string `json:",omitempty"`

	// VerifyClaims is a list of additional claims to verify in a JWT's payload.
	VerifyClaims []*IntentionJWTClaimVerification `json:",omitempty" alias:"verify_claims"`
}

type IntentionJWTClaimVerification struct {
	// Path is the path to the claim in the token JSON.
	Path []string `json:",omitempty"`

	// Value is the expected value at the given path:
	// - If the type at the path is a list then we verify
	//   that this value is contained in the list.
	//
	// - If the type at the path is a string then we verify
	//   that this value matches.
	Value string `json:",omitempty"`
}