# Control Center Service Default Configuration
# Policy management, RBAC, and compliance defaults

let control_center_schema = import "../schemas/control-center.ncl" in
let monitoring_defaults = import "./common/monitoring-defaults.ncl" in
let logging_defaults = import "./common/logging-defaults.ncl" in

{
  control_center | control_center_schema.ControlCenterConfig = {
    # Workspace Configuration
    workspace = {
      name = "default",
      path = "/var/lib/provisioning/control-center",
      enabled = true,
      multi_workspace = false,
    },

    # HTTP Server Settings
    server = {
      host = "127.0.0.1",
      port = 8080,
      workers = 4,
      keep_alive = 75,
      max_connections = 100,
      request_timeout = 30000,
      graceful_shutdown = true,
      shutdown_timeout = 30,
    },

    # Database Configuration
    database = {
      backend = "rocksdb",
      path = "/var/lib/provisioning/control-center/data",
      pool_size = 10,
      timeout = 30,
      retry = true,
      max_retries = "3",
    },

    # Security Configuration
    security = {
      jwt = {
        issuer = "control-center",
        audience = "provisioning",
        expiration = 3600,
        refresh_expiration = 86400,
        secret = "change_me_in_production",
        algorithm = "HS256",
      },
      rbac = {
        enabled = true,
        inheritance = true,
        default_role = "user",
      },
      mfa = {
        required = false,
        methods = ["totp"],
        max_attempts = "5",
        lockout_duration = 15,
      },
      rate_limiting = {
        enabled = false,
        max_requests = "1000",
        window_seconds = 60,
      },
      tls = {
        enabled = false,
      },
      cors = {
        enabled = false,
      },
      session = {
        max_duration = 86400,
        idle_timeout = 3600,
        tracking = false,
      },
    },

    # Policy Engine Configuration
    policy = {
      enabled = true,
      cache = {
        enabled = true,
        ttl = 3600,
        max_policies = 10000,
      },
      versioning = {
        enabled = true,
        max_versions = 20,
      },
    },

    # RBAC Configuration
    rbac = {
      enabled = true,
      hierarchy = true,
      dynamic_roles = false,
      default_role = "user",
      roles = {
        admin = true,
        operator = true,
        viewer = true,
      },
      attribute_based = false,
    },

    # User Management
    users = {
      enabled = true,
      registration = {
        enabled = true,
        requires_approval = false,
        auto_assign_role = "user",
      },
      sessions = {
        max_active = 5,
        idle_timeout = 3600,
        absolute_timeout = 86400,
      },
      audit_enabled = false,
    },

    # Audit Logging
    audit = {
      enabled = false,
      storage = {
        retention_days = 90,
        immutable = false,
      },
      redact_sensitive = true,
    },

    # Compliance Configuration
    compliance = {
      enabled = false,
      validation = {
        enabled = false,
        interval_hours = 24,
      },
      data_retention = {
        policy_years = 7,
        audit_log_days = 2555,
      },
      encryption_required = false,
    },

    # Integrations
    integrations = {
      ldap = {
        enabled = false,
      },
      oauth2 = {
        enabled = false,
      },
      webhooks = {
        enabled = false,
      },
    },

    # Monitoring Configuration
    monitoring = monitoring_defaults.monitoring,

    # Logging Configuration
    logging = logging_defaults.logging,
  },
}