locals {
  tld              = "fourlights.dev"
  cluster_dns      = "venus.${local.tld}"
  domain           = "zitadel.${local.cluster_dns}"
  jwt_profile_file = "../terraform/zitadel-admin-sa.json"
}


module "zitadel-tenant" {
  source = "../../infra/modules/zitadel/tenant"

  domain           = local.domain
  name             = "fourlights"
  jwt_profile_file = local.jwt_profile_file
}

module "zitadel-idp-google" {
  source  = "../../infra/modules/zitadel/identity-provider/google"
  wait_on = module.zitadel-tenant.installed

  domain           = local.domain
  jwt_profile_file = local.jwt_profile_file
  org_id           = module.zitadel-tenant.org_id
  client_id        = "783390190667-quvko2l2kr9ksgeo3pn6pn6t8c1mai9n.apps.googleusercontent.com"
  client_secret    = "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"

  options = {
    scopes = ["openid", "profile", "email"]
    is_auto_creation    = true
    is_auto_update      = true
    is_creation_allowed = true
    is_linking_allowed  = false

    auto_linking = "AUTO_LINKING_OPTION_USERNAME"
  }
}

// TODO: Create default user thomas@fourlights.nl

# module "zitadel-user" {
#   source  = "../../infra/modules/zitadel/user"
#   wait_on = module.zitadel-idp-google.installed
#
#   domain           = local.domain
#   org_id           = module.zitadel-tenant.org_id
#   jwt_profile_file = local.jwt_profile_file
#
#   email       = "thomas@fourlights.nl"
#   idp_id      = module.zitadel-idp-google.idp_id
#   idp_user_id = "105558048282918392820"
#   user_id     = "308083708882059797"
# }
module "zitadel-owner" {
  source = "../../infra/modules/zitadel/owner"
  #wait_on = module.zitadel-user.installed
  wait_on = module.zitadel-idp-google.installed

  domain  = local.domain
  org_id  = module.zitadel-tenant.org_id
  jwt_profile_file = local.jwt_profile_file
  #user_id          = module.zitadel-user.user_id
  user_id = "308083708882059797"
}

module "zitadel-org-owner" {
  source = "../../infra/modules/zitadel/tenant/role-owner"
  #wait_on = module.zitadel-user.installed
  wait_on = module.zitadel-idp-google.installed

  domain  = local.domain
  org_id  = module.zitadel-tenant.org_id
  jwt_profile_file = local.jwt_profile_file
  #user_id          = module.zitadel-user.user_id
  user_id = "308083708882059797"
}

module "zitadel-project" {
  source = "../../infra/modules/zitadel/tenant/role-owner"
  #wait_on = module.zitadel-user.installed
  wait_on = module.zitadel-idp-google.installed

  domain  = local.domain
  org_id  = module.zitadel-tenant.org_id
  jwt_profile_file = local.jwt_profile_file
  #user_id          = module.zitadel-user.user_id
  user_id = "308083708882059797"
}

#resource "zitadel_project" "default" {
#  name                     = "365zon"
#  org_id                   = module.zitadel-tenant.org_id
#  project_role_assertion   = true
#  project_role_check       = true
#  has_project_check        = true
#  private_labeling_setting = "PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY"
#}
#
#resource "zitadel_user_grant" "default" {
#  project_id = data.zitadel_project.default.id
#  org_id     = data.zitadel_org.default.id
#  role_keys = ["super-user"]
#  user_id    = data.zitadel_human_user.default.id
#}

// module "zitadel-machine-user" {
//   source          = "../../infra/modules/zitadel/tenant"
//   wait_on         = module.zitadel.installed
//   k8s_config_yaml = local.k8s_config_yaml
//
//   domain    = module.zitadel.server
//   secret    = "zitadel-admin-sa"
//   namespace = "zitadel"
//   name      = "fourlights"
// }