resource "time_sleep" "wait_pg_ready" {
  depends_on = [kubectl_manifest.prj_pg]

  create_duration = "90s"
}

data "kubernetes_secret_v1" "postgresql_password" {
  depends_on        = [ time_sleep.wait_pg_ready ]
  metadata {
    name = "${var.instance}-${var.component}-superuser"
    namespace = "${var.namespace}"
  }
}
locals {
  pg_username = data.kubernetes_secret_v1.postgresql_password.data["username"]
  pg_password = data.kubernetes_secret_v1.postgresql_password.data["password"]
  pg_host = "${var.instance}-${var.component}-rw.${var.namespace}.svc"

  sorted-db-name = reverse(distinct(sort([
    for db in var.databases: db.name
  ])))
  sorted-dbs = flatten([
    for name in local.sorted-db-name: [
      for db in var.databases:
        db if db.name == name
    ]
  ])
}


resource "kubectl_manifest" "db_secret" {
  ignore_fields = ["metadata.annotations"]
  count         = length(local.sorted-dbs)
  yaml_body  = <<-EOF
    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
    kind: "StringSecret"
    metadata:
      name: "${var.instance}-${var.component}-${local.sorted-dbs[count.index].name}"
      namespace: "${var.namespace}"
      labels: ${jsonencode(merge(local.common-labels, {"app.kubernetes.io/component" = local.sorted-dbs[count.index].name}))}
    spec:
      forceRegenerate: false
      data:
        POSGRESQL_USERNAME: "${local.sorted-dbs[count.index].name}"
      fields:
      - fieldName: "POSGRESQL_PASSWORD"
        length: "32"
  EOF
}

data "kubernetes_secret_v1" "password_get" {
  depends_on        = [ kubectl_manifest.db_secret ]
  count             = length(local.sorted-dbs)
  metadata {
    name      = "${var.instance}-${var.component}-${local.sorted-dbs[count.index].name}"
    namespace = "${var.namespace}"
  }
}

resource "postgresql_role" "owner" {
  depends_on        = [ time_sleep.wait_pg_ready, kubectl_manifest.prj_pg, data.kubernetes_secret_v1.postgresql_password ]
  count             = length(local.sorted-dbs)
  name              = "${local.sorted-dbs[count.index].name}"
  login             = true
  password          = data.kubernetes_secret_v1.password_get[count.index].data["POSGRESQL_PASSWORD"]
  lifecycle {
    ignore_changes = [
      roles,
    ]
  }
}

resource "postgresql_database" "my_db" {
  depends_on        = [ postgresql_role.owner ]
  count             = length(local.sorted-dbs)
  name              = "${local.sorted-dbs[count.index].name}"
  owner             = "${postgresql_role.owner[count.index].name}"
  connection_limit  = -1
  allow_connections = true
}