from typing import List

import os.path
dirname = os.path.dirname(__file__)

from aws_cdk import core, aws_iam as iam, aws_lambda as _lambda

from aws_cdk.core import CustomResource

import aws_cdk.custom_resources as cr



class ScpAttachmentResource(core.Construct):
    def __init__(
        self,
        scope: core.Construct,
        id: str,
        policy_id: str,
        account_targets: List[str] = None,
        organization_unit_targets: List[str] = None,
    ) -> None:
        super().__init__(scope, id)

        on_event = _lambda.Function(
            self,
            "ON-SCP-ATTACHMENT-EVENT",
            runtime=_lambda.Runtime.PYTHON_3_8,
            handler="app.on_event",
            timeout=core.Duration.seconds(600),
            memory_size=128,
            code=_lambda.Code.asset(os.path.join(dirname,"attachment_lambda")),
            description="Service control policy attachment resource",
        )

        on_event.add_to_role_policy(
            iam.PolicyStatement(
                actions=[
                    "organizations:CreatePolicy",
                    "organizations:DeletePolicy",
                    "organizations:AttachPolicy",
                    "organizations:DetachPolicy",
                ],
                resources=["*"],
            )
        )

        attachment_provider = cr.Provider(
            self,
            "ON_EVENT_CUSTOM_RESOURCE_PROVIDER",
            on_event_handler=on_event,
        )

        CustomResource(
            self,
            "scp-attachment-custom-resource",
            service_token=attachment_provider.service_token,
            properties={
                "PolicyId": policy_id,
                "AccountTargets": account_targets,
                "OrganizationUnitTargets": organization_unit_targets,
            },
        )