resource "null_resource" "health_check" {
  depends_on = [var.wait_on]

  provisioner "local-exec" {
    command = <<-EOT
      until curl -s -f "https://${var.server}/minio/health/live" || [[ $attempts -ge 10 ]]; do
        sleep 10
        attempts=$((attempts+1))
      done
      if [[ $attempts -ge 10 ]]; then
        echo "Minio health check failed after maximum attempts"
        exit 1
      fi
    EOT
  }
}

resource "minio_s3_bucket" "overlay" {
  depends_on = [null_resource.health_check]
  bucket = var.name
  acl    = "private"
}

resource "minio_s3_bucket_policy" "overlay" {
  depends_on = [minio_s3_bucket.overlay]
  bucket = minio_s3_bucket.overlay.bucket
  policy = jsonencode({
    "Version" : "2012-10-17",
    "Statement" : [
      {
        "Effect" : "Allow",
        "Principal" : {
          "AWS" : [
            "*"
          ]
        },
        "Action" : [
          "s3:GetBucketLocation"
        ],
        "Resource" : [
          minio_s3_bucket.overlay.arn
        ]
      },
      {
        "Effect" : "Allow",
        "Principal" : {
          "AWS" : [
            "*"
          ]
        },
        "Action" : [
          "s3:ListBucket"
        ],
        "Resource" : [
          minio_s3_bucket.overlay.arn
        ],
        "Condition" : {
          "StringEquals" : {
            "s3:prefix" : [
              "*"
            ]
          }
        }
      },
      {
        "Effect" : "Allow",
        "Principal" : {
          "AWS" : [
            "*"
          ]
        },
        "Action" : [
          "s3:GetObject"
        ],
        "Resource" : [
          "${minio_s3_bucket.overlay.arn}/**"
        ]
      }
    ]
  })
}

resource "minio_iam_user" "overlay" {
  depends_on = [null_resource.health_check]
  name = var.name
}

resource "minio_iam_policy" "overlay" {
  depends_on = [minio_s3_bucket.overlay]
  name = minio_s3_bucket.overlay.bucket
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect = "Allow"
        Action = ["s3:ListBucket"]
        Resource = [minio_s3_bucket.overlay.arn]
      },
      {
        Effect = "Allow"
        Action = [
          "s3:GetObject",
          "s3:PutObject",
          "s3:DeleteObject"
        ]
        Resource = ["${minio_s3_bucket.overlay.arn}/*"]
      }
    ]
  })
}


resource "minio_iam_user_policy_attachment" "overlay" {
  depends_on = [minio_iam_user.overlay, minio_iam_policy.overlay]

  user_name   = minio_iam_user.overlay.id
  policy_name = minio_iam_policy.overlay.id
}

resource "minio_iam_service_account" "overlay" {
  depends_on = [minio_iam_user.overlay, minio_s3_bucket.overlay]
  target_user = minio_iam_user.overlay.name
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect = "Allow"
        Action = ["s3:ListBucket"]
        Resource = [minio_s3_bucket.overlay.arn]
      },
      {
        Effect = "Allow"
        Action = [
          "s3:GetObject",
          "s3:PutObject",
          "s3:DeleteObject"
        ]
        Resource = ["${minio_s3_bucket.overlay.arn}/*"]
      }
    ]
  })
}

output "bucket" {
  value = var.name
}

output "access_key" {
  value     = minio_iam_service_account.overlay.access_key
  sensitive = true
}

output "secret_key" {
  value     = minio_iam_service_account.overlay.secret_key
  sensitive = true
}