variable "messagebird_access_key" {
  description = "MessageBird API access key."
  sensitive   = true
}

# It would have been nicer to buy the phone number with Terraform and the
# Twilio provider. unfortunately the sign up for the provider is closed right
# now. So instead the friendly name, that's something.
variable "twilio_from_number" {
  default     = "AmILive"
  description = "Twilio from phone number."
}

resource "aws_lambda_function" "sms_notify" {
  # checkov:skip=CKV_AWS_50
  # checkov:skip=CKV_AWS_116
  # checkov:skip=CKV_AWS_117
  # checkov:skip=CKV_AWS_173
  runtime                        = var.runtime
  function_name                  = "${local.function_name_prefix}-sms-notify"
  role                           = local.lambda_role_arn
  source_code_hash               = filebase64sha256("payload.zip")
  s3_bucket                      = local.payloads_bucket_name
  s3_key                         = local.payload_object_name
  s3_object_version              = local.payload_object_version
  package_type                   = "Zip"
  handler                        = "sms_notify.handler"
  description                    = "Send SMS message notification using Twilio."
  memory_size                    = var.memory_size
  reserved_concurrent_executions = -1
  tags                           = local.common_tags
  timeout                        = var.timeout

  environment {
    variables = {
      ENV                = local.env
      MODULE             = local.module
      TOPIC_ARN          = local.topic_arn
      VERSION            = local.payload_object_version
      MSGBIRD_ACCESS_KEY = var.messagebird_access_key
      TO_NUMBER          = local.my_phone_number
    }
  }

  # Create the log group with retention before the function is created.
  # Otherwise it's created without retention and need to be imported.
  depends_on = [
    aws_cloudwatch_log_group.sms_notify,
  ]
}

locals {
  sms_notify_function_arn     = aws_lambda_function.sms_notify.arn
  sms_notify_function_name    = aws_lambda_function.sms_notify.function_name
  sms_notify_function_version = aws_lambda_function.sms_notify.version
}

output "sms_notify_function_arn" {
  description = "ARN of the SMS notification Lambda function."
  value       = local.sms_notify_function_arn
}

output "sms_notify_function_name" {
  description = "Name of the SMS notification Lambda function."
  value       = local.sms_notify_function_name
}

output "sms_notify_function_version" {
  description = "Version of the SMS notification Lambda function."
  value       = local.sms_notify_function_version
}

resource "aws_lambda_alias" "sms_notify" {
  name             = "${local.function_name_prefix}_${local.sms_notify_function_name}"
  function_name    = local.sms_notify_function_arn
  function_version = local.sms_notify_function_version
}

locals {
  sms_notify_function_alias_arn  = aws_lambda_alias.sms_notify.arn
  sms_notify_function_alias_name = aws_lambda_alias.sms_notify.name
}

output "sms_notify_function_alias_arn" {
  description = "ARN of the SMS notification Lambda function alias."
  value       = local.sms_notify_function_alias_arn
}

output "sms_notify_function_alias_name" {
  description = "Name of the SMS notification Lambda function alias."
  value       = local.sms_notify_function_alias_name
}

resource "aws_lambda_permission" "sms_notify" {
  statement_id  = "AllowExecutionFromSNS"
  action        = "lambda:InvokeFunction"
  principal     = "sns.amazonaws.com"
  source_arn    = local.topic_arn
  function_name = local.sms_notify_function_name
}

resource "aws_sns_topic_subscription" "sms_notify" {
  endpoint  = local.sms_notify_function_arn
  protocol  = "lambda"
  topic_arn = local.topic_arn
  depends_on = [
    aws_lambda_permission.sms_notify,
  ]
}
resource "aws_cloudwatch_log_group" "sms_notify" {
  # checkov:skip=CKV_AWS_158
  name              = "/aws/lambda/${local.function_name_prefix}-sms-notify"
  retention_in_days = var.log_retention
  tags              = local.common_tags
}

locals {
  sms_notify_log_group_arn  = aws_cloudwatch_log_group.sms_notify.arn
  sms_notify_log_group_name = aws_cloudwatch_log_group.sms_notify.name
}

output "sms_notify_log_group_arn" {
  description = "ARN of the CloudWatch log groups for the SMS notify Lambda function invocations."
  value       = local.sms_notify_log_group_arn
}

output "sms_notify_log_group_name" {
  description = "Name of the CloudWatch log groups for the SMS notify Lambda function invocations."
  value       = local.sms_notify_log_group_name
}

data "aws_iam_policy_document" "sms_notify" {
  statement {
    effect = "Allow"

    actions = [
      "logs:CreateLogStream",
      "logs:PutLogEvents",
    ]

    resources = [local.sms_notify_log_group_arn, ]
  }
}

locals {
  sms_notify_log_policy_doc = data.aws_iam_policy_document.sms_notify.json
}

resource "aws_iam_policy" "sms_notify_log" {
  name   = "${local.module}-${local.env}-sms-notify-log"
  policy = local.sms_notify_log_policy_doc
  tags   = local.common_tags
}

locals {
  sms_notify_log_policy_arn  = aws_iam_policy.log.arn
  sms_notify_log_policy_name = aws_iam_policy.log.name
}

output "sms_notify_log_policy_arn" {
  value       = local.sms_notify_log_policy_arn
  description = "CloudWatch log IAM policy for SMS notifications ARN."
}

output "sms_notify_log_policy_name" {
  value       = local.sms_notify_log_policy_name
  description = "CloudWatch log IAM policy for SMS notifications name."
}