locals {
  k8s_config = yamldecode(file(var.k8s_config_path))
  k8s_host  = local.k8s_config.clusters[0].cluster.server
  k8s_auth = try(
    {
      token = local.k8s_config.users[0].user.token
      using_token = true
    },
    {
      client_certificate = base64decode(local.k8s_config.users[0].user["client-certificate-data"])
      client_key         = base64decode(local.k8s_config.users[0].user["client-key-data"])
      using_token = false
    }
  )
}

provider "kubernetes" {
  host     = local.k8s_host
  insecure = true
  token = local.k8s_auth.using_token ? local.k8s_auth.token : null
  client_certificate = local.k8s_auth.using_token ? null : local.k8s_auth.client_certificate
  client_key = local.k8s_auth.using_token ? null : local.k8s_auth.client_key
}

provider "helm" {
  kubernetes = {
    host     = local.k8s_host
    insecure = true
    token = local.k8s_auth.using_token ? local.k8s_auth.token : null
    client_certificate = local.k8s_auth.using_token ? null : local.k8s_auth.client_certificate
    client_key = local.k8s_auth.using_token ? null : local.k8s_auth.client_key
  }
}

terraform {
  required_providers {
    rancher2 = {
      source  = "rancher/rancher2"
      version = "3.0.0"
    }
  }
  required_version = ">= 1.0.0"
}

# Rancher2 bootstrapping provider
provider "rancher2" {
  alias = "bootstrap"

  api_url   = "https://${local.rancher_server_dns}"
  insecure = true
  # ca_certs  = data.kubernetes_secret.rancher_cert.data["ca.crt"]
  bootstrap = true
}

# Rancher2 administration provider
provider "rancher2" {
  alias = "admin"

  api_url   = "https://${local.rancher_server_dns}"
  insecure = true
  # ca_certs  = data.kubernetes_secret.rancher_cert.data["ca.crt"]
  token_key = rancher2_bootstrap.admin.token
  timeout   = "300s"
}