terraform {
  required_providers {
    minio = {
      source  = "aminueza/minio"
      version = "~> 2.5.0"
    }
  }
}

provider "minio" {
  minio_server   = var.minio_server
  minio_region   = var.region
  minio_user     = var.access_key
  minio_password = var.secret_key
  minio_ssl      = true
}

data "minio_s3_object" "k8s_yaml" {
  bucket_name = var.bucket
  object_name = "kube_config.yaml"
}

locals {
  k8s_config = yamldecode(data.minio_s3_object.k8s_yaml.content)
  k8s_host = local.k8s_config.clusters[0].cluster.server
  k8s_auth = try(
    {
      token       = local.k8s_config.users[0].user.token
      using_token = true
    },
    {
      client_certificate = base64decode(local.k8s_config.users[0].user["client-certificate-data"])
      client_key = base64decode(local.k8s_config.users[0].user["client-key-data"])
      using_token = false
    }
  )
}

provider "kubernetes" {
  host               = local.k8s_host
  insecure           = true
  token              = local.k8s_auth.using_token ? local.k8s_auth.token : null
  client_certificate = local.k8s_auth.using_token ? null : local.k8s_auth.client_certificate
  client_key         = local.k8s_auth.using_token ? null : local.k8s_auth.client_key
}

provider "helm" {
  kubernetes {
    host               = local.k8s_host
    insecure           = true
    token              = local.k8s_auth.using_token ? local.k8s_auth.token : null
    client_certificate = local.k8s_auth.using_token ? null : local.k8s_auth.client_certificate
    client_key         = local.k8s_auth.using_token ? null : local.k8s_auth.client_key
  }
}

provider "vault" {
  address = var.vault_addr
  token   = var.vault_token
}