locals {
  name = "365Zon"
}

resource "kubernetes_namespace" "tenant" {
  depends_on = [var.wait_on]

  metadata {
    name = lower(local.name)
  }

  lifecycle {
    ignore_changes = [metadata]
  }
}

module "bootstrap-zitadel" {
  source = "./zitadel"

  namespace = kubernetes_namespace.tenant.metadata[0].name
  org_id    = var.org_id
  user_id   = var.user_id
  name      = local.name
}

// create uploads bucket in minio
module "minio" {
  source = "../../modules/minio/tenant"

  access_key = var.minio_access_key
  secret_key = var.minio_secret_key
  server     = var.minio_server

  name = "365zon"
}

// create minio secret
resource "kubernetes_secret" "storage" {
  metadata {
    name      = "storage"
    namespace = kubernetes_namespace.tenant.metadata[0].name
  }

  data = {
    Storage__AccountName  = module.minio.access_key
    Storage__AccountKey   = module.minio.secret_key
    Storage__BlobUri      = var.minio_api_uri
    Storage__S3BucketName = module.minio.bucket
  }
}

resource "kubernetes_secret" "connection_strings" {
  metadata {
    name      = "connection-strings"
    namespace = kubernetes_namespace.tenant.metadata[0].name
  }

  data = {
    ConnectionStrings__DocumentDb = var.mongodb_connection_string
    ConnectionStrings__ServiceBus = var.rabbitmq_connection_string
  }
}

// okay, so now we have the identity stuff in order, and we have secrets to use for that
// next, we need to set-up:
// - the wildcard tls (*.365zon.venus.fourlights.dev)
// - argocd for all relevant apps
//
output "minio_access_key" {
  value     = module.minio.access_key
  sensitive = true
}

output "minio_secret_key" {
  value     = module.minio.secret_key
  sensitive = true
}

output "minio_bucket" {
  value = module.minio.bucket
}