# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
# with the License. A copy of the License is located at
#
# http://aws.amazon.com/apache2.0/
#
# or in the "LICENSE.txt" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and
# limitations under the License.

from pcluster.aws.aws_api import AWSApi
from pcluster.aws.common import AWSClientError
from pcluster.validators.common import FailureLevel, Validator


class KmsKeyValidator(Validator):
    """Kms key validator."""

    def _validate(self, kms_key_id: str):
        try:
            AWSApi.instance().kms.describe_key(kms_key_id=kms_key_id)
        except AWSClientError as e:
            self._add_failure(str(e), FailureLevel.ERROR)


class KmsKeyIdEncryptedValidator(Validator):
    """
    KmsKeyId encrypted validator.

    Validate KmsKeyId value based on encrypted value.
    """

    def _validate(self, kms_key_id, encrypted):
        if kms_key_id and not encrypted:
            self._add_failure(
                "Kms Key Id {0} is specified, the encrypted state must be True.".format(kms_key_id),
                FailureLevel.ERROR,
            )