// Package hclsecret contains functions for exposing secrets to HCL parsers.
package hclsecret

import (
	"github.com/zclconf/go-cty/cty"
	"github.com/zclconf/go-cty/cty/function"

	"git.maze.io/go/secret"
)

var templateSpec = &function.Spec{
	Description: "Retrieve a secret from the configured secret provider",
	Params: []function.Parameter{
		{
			Name:        "key",
			Description: "Unique key identifying the secret",
			Type:        cty.String,
		},
	},
	Type: func(args []cty.Value) (cty.Type, error) {
		return cty.String, nil
	},
}

// Function returns a HCL function for resolving secrets.
//
// Typically one would use this in a [hcl.EvalContext]:
//
//	ctx := &hcl.EvalContext{
//	  Functions: map[string]function.Function{
//	    "secret": Function(provider),
//	  }
//	}
//
// This exposes a new HCL function "secret".
func Function(p secret.Provider) function.Function {
	var spec = new(function.Spec)
	*spec = *templateSpec

	spec.Impl = func(args []cty.Value, returnType cty.Type) (cty.Value, error) {
		value, err := p.GetSecret(args[0].AsString())
		if err != nil {
			return cty.StringVal(""), err
		}
		return cty.StringVal(string(value)), nil
	}

	return function.New(spec)
}