locals {
  k8s_config = yamldecode(var.k8s_config_yaml)
  k8s_host = local.k8s_config.clusters[0].cluster.server
  k8s_auth = try(
    {
      token       = local.k8s_config.users[0].user.token
      using_token = true
    },
    {
      client_certificate = base64decode(local.k8s_config.users[0].user["client-certificate-data"])
      client_key = base64decode(local.k8s_config.users[0].user["client-key-data"])
      using_token = false
    }
  )
}

terraform {
  required_providers {
    rancher2 = {
      source  = "rancher/rancher2"
      version = "3.0.0"
    }
    hcloud = {
      source  = "hetznercloud/hcloud"
      version = "~> 1.45"
    }
  }
}

provider "kubernetes" {
  host               = local.k8s_host
  insecure           = true
  token              = local.k8s_auth.using_token ? local.k8s_auth.token : null
  client_certificate = local.k8s_auth.using_token ? null : local.k8s_auth.client_certificate
  client_key         = local.k8s_auth.using_token ? null : local.k8s_auth.client_key
}

provider "helm" {
  kubernetes = {
    host               = local.k8s_host
    insecure           = true
    token              = local.k8s_auth.using_token ? local.k8s_auth.token : null
    client_certificate = local.k8s_auth.using_token ? null : local.k8s_auth.client_certificate
    client_key         = local.k8s_auth.using_token ? null : local.k8s_auth.client_key
  }
}

provider "vault" {
  address = var.vault_server
  token   = var.vault_token
}

provider "rancher2" {
  alias     = "admin"
  api_url   = var.rancher_server_uri
  insecure  = true
  token_key = var.rancher_admin_token
  timeout   = "300s"
}

provider "hcloud" {
  token = var.hcloud_token
}