# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

from cdktf import (
    TerraformLocal,
)
from imports.org_policy_v2 import OrgPolicyV2
from cdktf_cdktf_provider_google.org_policy_custom_constraint import (
    OrgPolicyCustomConstraint,
)
import util


def create_org_policy(self, org_policy):
    node_type = org_policy["policy_root"]
    node = org_policy.get("policy_root_id", "org")
    name = org_policy["constraint"]
    org_policy["policy_root_id"] = self.tf_ref(node_type, node)
    org_policy["constraint"] = self.tf_ref("custom_org_policy", name)

    OrgPolicyV2(
        self,
        f"org_policy_{name}_{node_type}_{util.clean_tf_folder(node)}",
        **org_policy,
    )


def create_custom_org_policy(self, c_org_policy):
    org_policy = {
        "constraint": c_org_policy["name"],
        "policy_type": "boolean",
        "policy_root": c_org_policy["policy_root"],
        "policy_root_id": c_org_policy.get("policy_root_id", "org"),
        "rules": [{"enforcement": True, "allow": [], "deny": [], "conditions": []}],
    }
    del c_org_policy["policy_root"]
    del c_org_policy["policy_root_id"]

    name = c_org_policy["name"]
    c_org_policy["parent"] = f'organizations/{self.tf_ref("organization", "")}'

    self.created["custom_org_policy"][name] = OrgPolicyCustomConstraint(
        self,
        f"c_org_policy_{name}",
        **c_org_policy,
    )
    create_org_policy(self, org_policy)


def generate_org_policies(self, my_resource, resource):
    self.ensure_data(["google_org"])
    for org_policy in self.eztf_config.get(my_resource, []):
        name = org_policy["constraint"]
        if name == "iam.allowedPolicyMemberDomains":
            org_allow_domain = org_policy["rules"][0]["allow"]
            org_allow_domain.append(
                self.created["data"]["google_org"].directory_customer_id
            )
            org_policy["rules"][0]["allow"] = TerraformLocal(
                self,
                "org_allow_member_domain",
                org_allow_domain,
            ).as_list

        create_org_policy(self, org_policy)


def generate_custom_org_policies(self, my_resource, resource):
    self.ensure_data(["google_org"])
    for custom_org_policy in self.eztf_config.get(my_resource, []):
        create_custom_org_policy(self, custom_org_policy)