terraform {
  required_version = ">= 1.0"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 6.23"
    }
  }
}

provider "aws" {
  region = var.aws_region

  default_tags {
    tags = {
      Project     = "airun-pathfinder"
      Component   = "crud"
      Service     = "pricing"
      Environment = var.environment
      ManagedBy   = "terraform"
    }
  }
}

# Data source: Get Gateway ID from platform-core
data "aws_ssm_parameter" "gateway_id" {
  name = "/airun-pathfinder/${var.environment}/gateway-id"
}

# Get current AWS account ID
data "aws_caller_identity" "current" {}

# Lambda function
resource "aws_lambda_function" "crud_pricing" {
  filename      = "../target/lambda/bootstrap/bootstrap.zip"
  function_name = "airun-pathfinder-crud-pricing-${var.environment}"
  role          = aws_iam_role.lambda.arn
  handler       = "bootstrap"
  runtime       = "provided.al2023"
  architectures = ["arm64"]
  timeout       = var.lambda_timeout
  memory_size   = var.lambda_memory

  source_code_hash = filebase64sha256("../target/lambda/bootstrap/bootstrap.zip")

  environment {
    variables = {
      RUST_LOG   = var.log_level
      TABLE_NAME = local.table_name
      ENVIRONMENT = var.environment
    }
  }

  # Enable X-Ray tracing for observability
  tracing_config {
    mode = "Active"
  }

  tags = {
    Name = "airun-pathfinder-crud-pricing"
  }
}

# CloudWatch Log Group
resource "aws_cloudwatch_log_group" "crud_pricing" {
  name              = "/aws/lambda/${aws_lambda_function.crud_pricing.function_name}"
  retention_in_days = var.log_retention_days

  tags = {
    Name = "crud-pricing-logs"
  }
}

# IAM Role for Lambda
resource "aws_iam_role" "lambda" {
  name = "airun-pathfinder-crud-pricing-role-${var.environment}"

  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [{
      Action = "sts:AssumeRole"
      Effect = "Allow"
      Principal = {
        Service = "lambda.amazonaws.com"
      }
    }]
  })

  tags = {
    Name = "airun-pathfinder-crud-pricing-role"
  }
}

# Basic Lambda execution policy
resource "aws_iam_role_policy_attachment" "lambda_basic" {
  role       = aws_iam_role.lambda.name
  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}

# X-Ray permissions for tracing
resource "aws_iam_role_policy_attachment" "lambda_xray" {
  role       = aws_iam_role.lambda.name
  policy_arn = "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess"
}

# DynamoDB access policy
resource "aws_iam_role_policy" "dynamodb_access" {
  name = "airun-pathfinder-crud-pricing-dynamodb-policy"
  role = aws_iam_role.lambda.id

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect = "Allow"
        Action = [
          "dynamodb:GetItem",
          "dynamodb:PutItem",
          "dynamodb:UpdateItem",
          "dynamodb:Query"
        ]
        Resource = [
          "arn:aws:dynamodb:${var.aws_region}:${data.aws_caller_identity.current.account_id}:table/${local.table_name}",
          "arn:aws:dynamodb:${var.aws_region}:${data.aws_caller_identity.current.account_id}:table/${local.table_name}/index/AccessCountIndex"
        ]
      }
    ]
  })
}

# Local variables
locals {
  table_name = var.table_name != "" ? var.table_name : "pathfinder-${var.environment}-pricing"
}