export interface ISecretBundle {
  id: string;
  data: {
    name: string;
    description: string;

    /**
     * determines if the secret is a service or an external secret
     * if external secret additional checks are put in place to protect the secret
     * 
     * * service:  
     *   the bundle belongs to a service and can only be used by that service
     * * npmci:  
     *   the bundle is a secret bundle that is used by an npmci pipeline
     *   production secrets will be omitted in any case
     * * gitzone:  
     *   the bundle is a secret bundle that is used by a gitzone.
     *   Only local environment variables are allowed
     * * external:  
     *   the bundle is a secret bundle that is used by an external service
     */
    type: 'service' | 'npmci' | 'gitzone' | 'external';


    /**
     * set this if the secretBundle belongs to a service
     */
    serviceId?: string;

    /**
     * You can add specific secret groups using this
     */
    includedSecretGroupIds: string[];

    /**
     * access to this secretBundle also grants access to resources with matching tags
     */
    includedTags: {
      key: string;
      value?: string;
    }[];

    /**
     * access to this secretBundle also grants access to the images
     */
    imageClaims: {
      imageId: string;
      permissions: ('read' | 'write')[];
    }[];

    /**
     * authrozations select a specific environment of a config bundle
     */
    authorizations: Array<ISecretBundleAuthorization>;
  };
}

export interface ISecretBundleAuthorization {
  secretAccessKey: string;
  environment: string;
}
