import { type AwsService } from '../services.js';
export type DataSourceType = 'aws-sdk' | 'aws-config';
export interface DataSourceConfig {
    /**
     * The type of data source to use for collecting AWS resource data
     * - 'aws-sdk': Use direct AWS SDK calls (default)
     * - 'aws-config': Use AWS Config service for resource queries
     */
    name: DataSourceType;
    config: any;
}
export interface AuthConfig {
    /**
     * The profile to use when authenticating with AWS. If not present, the default AWS SDK credential resolution chain will be used.
     */
    profile?: string;
    /**
     * An optional initial Role to assume in the first phase of the authentication process before
     * assuming any roles in the target accounts.
     */
    initialRole?: (({
        /**
         * Specify the ARN OR the path and name of the role to assume.
         *
         * Use arn if you want to always assume a role in a specific account.
         */
        arn: string;
    } | {
        /**
         * Specify the path and name OR the ARN of the role to assume.
         *
         * Use pathAndName if you want to assume a role in the same account as your default credentials.
         */
        pathAndName: string;
    }) & {
        /**
         * Optional, the external id to use when assuming the role.
         */
        externalId?: string;
        /**
         * Optional, the session name to use when assuming the role.
         */
        sessionName?: string;
    }) | null;
    role?: {
        /**
         * The path and name of the role to assume. Required if using a role.
         */
        pathAndName: string;
        /**
         * Optional, the external id to use when assuming the role.
         */
        externalId?: string;
        /**
         * Optional, the session name to use when assuming the role.
         */
        sessionName?: string;
    };
}
/**
 * An AuthConfig that is completely optional for all fields.
 * This is used to allow for partial auth configs in the account/service/region configs.
 */
export interface OptionalAuthConfig extends Omit<AuthConfig, 'role'> {
    role?: Partial<AuthConfig['role']>;
}
export interface FileSystemStorageConfig {
    type: 'file';
    path: string;
}
export interface S3StorageConfig {
    type: 's3';
    bucket: string;
    prefix?: string;
    region: string;
    endpoint?: string;
    auth?: AuthConfig;
}
export interface SqliteStorageConfig {
    type: 'sqlite';
    path: string;
}
export type StorageConfig = FileSystemStorageConfig | S3StorageConfig | SqliteStorageConfig;
interface BaseConfig {
    regions?: {
        included?: string[];
        excluded?: string[];
    };
    services?: {
        included?: string[];
        excluded?: string[];
    };
    auth?: AuthConfig;
}
interface ServiceConfig extends Omit<BaseConfig, 'auth'> {
    endpoint?: string;
    regionConfigs?: Record<string, Omit<ServiceConfig, 'regionConfigs'>>;
    syncConfigs?: Record<string, SyncConfig>;
    auth?: OptionalAuthConfig;
}
interface SyncConfig {
    custom?: Record<string, any>;
    regions?: {
        included?: string[];
        excluded?: string[];
    };
    auth?: AuthConfig;
}
interface AccountConfig extends Omit<BaseConfig, 'auth'> {
    serviceConfigs?: Record<string, ServiceConfig>;
    auth?: OptionalAuthConfig;
}
export interface TopLevelConfig extends BaseConfig {
    name?: string;
    iamCollectVersion: string;
    dataSource?: DataSourceConfig;
    storage?: StorageConfig;
    auth?: AuthConfig;
    accounts?: {
        included?: string[];
    };
    accountConfigs?: Record<string, AccountConfig>;
    serviceConfigs?: Record<string, ServiceConfig>;
}
type ServicesForAccount = AwsService[];
type RegionsForAccountService = string[];
type AccountRegionList = string[];
export interface ResolvedAccountServiceRegionConfig {
    accountId: string;
    service: string;
    region: string;
    auth?: AuthConfig;
    endpoint?: string;
}
/**
 * Get the default auth config from the provided configs.
 *
 * @param configs the configs to search for the default auth config
 * @returns the default auth config, or an empty object if none found
 */
export declare function getDefaultAuthConfig(configs: TopLevelConfig[]): AuthConfig;
export declare function servicesForAccount(account: string, configs: TopLevelConfig[], allServices: string[]): ServicesForAccount;
/**
 * Look up the custom config for a specific sync for a service in an account and region.
 *
 * @param service the service to look up the sync for
 * @param syncName the name of the sync to look up
 * @param account the account to look up the sync for
 * @param region the region to look up the sync for
 * @param configs the configs to search
 * @returns the custom config for the sync, or undefined if not found
 */
export declare function customConfigForSync(service: string, syncName: string, account: string, region: string, configs: TopLevelConfig[]): Record<string, any> | undefined;
/**
 * Look up the region list from the provided configs, if any.
 *
 * @param configs the configs to search
 * @param accountId the account id to look up the region list for
 * @returns the configured region list for the account, or undefined if none found
 */
export declare function configuredRegionListForAccount(configs: TopLevelConfig[], accountId: string): AccountRegionList | undefined;
/**
 * Get the regions for a specific service and account.
 *
 * @param service the service to get the regions for
 * @param account the account to get the regions for
 * @param configs the configs to search
 * @param allRegions the list of all regions to filter from
 * @returns the regions for the service and account
 */
export declare function regionsForService(service: string, account: string, configs: TopLevelConfig[], allRegions: string[]): RegionsForAccountService;
export declare function accountServiceRegionConfig(service: string, accountId: string, region: string, configs: TopLevelConfig[]): ResolvedAccountServiceRegionConfig;
/**
 * Get the auth config for a specific account
 *
 * @param accountId the account id to get the auth config for
 * @param configs the configs to search
 * @returns the auth config for the account, or undefined if not found
 */
export declare function getAccountAuthConfig(accountId: string, configs: TopLevelConfig[]): AuthConfig | undefined;
export declare function getStorageConfig(configs: TopLevelConfig[]): StorageConfig | undefined;
/**
 * Check if a specific sync is enabled for given region. This checks the specific sync config within the service.
 *
 * This should only be used after the sync has been validated to be enabled for the account and service.
 *
 * @param accountId the account id to check
 * @param service the service to check
 * @param syncName the specific name of the sync to check
 * @param configs the configs to check
 * @param region the region being tested
 * @returns true if the sync is enabled for the region, false otherwise
 */
export declare function syncEnabledForRegion(accountId: string, service: string, syncName: string, configs: TopLevelConfig[], region: string): boolean;
/**
 * Get the default accounts from the provided configs.
 *
 * @param configs the configs to search for the default accounts
 * @returns the default accounts, or an empty array if none found
 */
export declare function getConfiguredAccounts(configs: TopLevelConfig[]): string[];
/**
 * Get the data source configuration from the provided configs.
 *
 * @param configs the configs to search for the data source configuration
 * @returns the data source configuration, or undefined if none found
 */
export declare function getConfiguredDataSource(configs: TopLevelConfig[]): DataSourceConfig | undefined;
export {};
//# sourceMappingURL=config.d.ts.map