using System;
using System.Collections.Generic;
using System.Text.RegularExpressions;
using static StellaOps.Localization.T;

namespace StellaOps.Configuration;

public sealed partial class AuthorityServiceAccountSeedOptions
{
    private static readonly Regex _accountIdRegex = new("^[a-z0-9][a-z0-9:_-]{2,63}$", RegexOptions.Compiled | RegexOptions.CultureInvariant);
    private static readonly HashSet<string> _allowedAttributeKeys = new(new[]
    {
        "env",
        "owner",
        "business_tier"
    }, StringComparer.OrdinalIgnoreCase);

    internal void Validate(ISet<string> tenantIds)
    {
        if (string.IsNullOrWhiteSpace(AccountId))
        {
            throw new InvalidOperationException(_t("config.service_account.id_required"));
        }

        if (!_accountIdRegex.IsMatch(AccountId))
        {
            throw new InvalidOperationException(_t("config.service_account.id_format", AccountId));
        }

        if (string.IsNullOrWhiteSpace(Tenant))
        {
            throw new InvalidOperationException(_t("config.service_account.tenant_required", AccountId));
        }

        if (tenantIds.Count > 0 && !tenantIds.Contains(Tenant))
        {
            throw new InvalidOperationException(_t("config.service_account.tenant_unknown", AccountId, Tenant));
        }

        if (AllowedScopes.Count == 0)
        {
            throw new InvalidOperationException(_t("config.service_account.scope_required", AccountId));
        }

        if (Attributes.Count > 0)
        {
            foreach (var attributeName in Attributes.Keys)
            {
                if (!_allowedAttributeKeys.Contains(attributeName))
                {
                    throw new InvalidOperationException(_t("config.service_account.unsupported_attribute", AccountId, attributeName));
                }
            }
        }
    }
}