locals {
  pg_vars = merge([for pg in var.pg: {
    join("_",["LABEL_pg", pg.namespace, pg.name, pg.dbname]) = join(" | ",[pg.namespace, pg.name, pg.dbname])
    join("_",["ENGINE_pg", pg.namespace, pg.name, pg.dbname]) = "postgres@dbgate-plugin-postgres"
    join("_",["SERVER_pg", pg.namespace, pg.name, pg.dbname]) = join(".",["${pg.name}-rw", pg.namespace, "svc"])
    join("_",["PORT_pg", pg.namespace, pg.name, pg.dbname]) = "5432"
    join("_",["DATABASE_pg", pg.namespace, pg.name, pg.dbname]) = pg.dbname
    join("_",["USER_pg", pg.namespace, pg.name, pg.dbname]) = pg.username
  }]...)
  pg_secrets = merge([for index, pg in var.pg: {
    join("_",["PASSWORD_pg", pg.namespace, pg.name, pg.dbname]) = lookup(coalesce(data.kubernetes_secret_v1.pgs[index].data,{}),lookup(pg.secret,"key", "password"), "not-found")
  }]...)
  pg_conns = [for pg in var.pg: join("_",["pg", pg.namespace, pg.name, pg.dbname])]

  maria_vars = merge([for m in var.maria: {
    join("_",["LABEL_maria", m.namespace, m.name]) = join(" | ",[m.namespace, m.name])
    join("_",["ENGINE_maria", m.namespace, m.name]) = "mysql@dbgate-plugin-mysql"
    join("_",["SERVER_maria", m.namespace, m.name]) = join(".",["${m.name}-svc", m.namespace, "svc"])
    join("_",["PORT_maria", m.namespace, m.name]) = "3306"
    join("_",["DATABASE_maria", m.namespace, m.name]) = m.dbname
    join("_",["USER_maria", m.namespace, m.name]) = m.username
  }]...)
  maria_secrets = merge([for index, m in var.maria: {
    join("_",["PASSWORD_maria", m.namespace, m.name]) = "unimplemented"
  }]...)
  maria_conns = [for m in var.maria: join("_",["maria", m.namespace, m.name])]

  redis_vars = merge([for m in var.redis: {
    join("_",["LABEL_redis", m.namespace, m.name]) = join(" | ",[m.namespace, m.name])
    join("_",["ENGINE_redis", m.namespace, m.name]) = "redis@dbgate-plugin-redis"
    join("_",["SERVER_redis", m.namespace, m.name]) = join(".",[m.name, m.namespace, "svc"])
    join("_",["PORT_redis", m.namespace, m.name]) = "6379"
  }]...)
  redis-privs = [for m in var.redis: merge({secret = lookup(m,"secret",{})},m) if contains(keys(m),"secret")]
  redis_secrets = merge([for index, m in local.redis-privs: {
    join("_",["PASSWORD_redis", m.namespace, m.name]) = data.kubernetes_secret_v1.redis[index].data[lookup(m.secret,"key", "password")]
  }]...)
  redis_conns = [for m in var.redis: join("_",["redis", m.namespace, m.name])]

  mongo_vars = merge([for m in var.mongo: {
    join("_",["LABEL_mongo", m.namespace, m.name]) = join(" | ",[m.namespace, m.name])
    join("_",["ENGINE_mongo", m.namespace, m.name]) = "mongo@dbgate-plugin-mongo"
    join("_",["DATABASE_mongo", m.namespace, m.name]) = m.dbname
  }]...)
  mongo_secrets = merge([for index, m in var.mongo: {
    join("_",["URL_mongo", m.namespace, m.name]) = "mongodb://${m.username}:${urlencode(data.kubernetes_secret_v1.mongos[index].data[m.secret.key])}@${join(".",["${m.name}-svc", m.namespace, "svc"])}:27017/${m.dbname}"
  }]...)
  mongo_conns = [for m in var.mongo: join("_",["mongo", m.namespace, m.name])]
  oauth_config = {
    "OAUTH_AUTH"   = "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/authorize/"
    "OAUTH_TOKEN"  = "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/token/"
    "OAUTH_LOGOUT" = "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/${var.component}-${var.instance}/end-session/"
    "OAUTH_LOGIN_FIELD" = "nickname"
    "OAUTH_SCOPE"  = "email"
    "NODE_EXTRA_CA_CERTS" = "/etc/local-ca/ca.crt"
  }
  connections = join(",", concat(local.pg_conns, local.maria_conns, local.mongo_conns, local.redis_conns))
  connection_vars = merge(local.pg_vars, local.maria_vars, local.mongo_vars, local.redis_vars)
  connection_secrets = merge(local.pg_secrets, local.mongo_secrets, local.redis_secrets)
}

resource "kubectl_manifest" "dbgate-config" {
  yaml_body  = <<-EOF
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: "${var.component}-${var.instance}"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common_labels)}
    data: ${jsonencode(merge(local.oauth_config, local.connection_vars))}
  EOF
}

resource "kubernetes_secret_v1" "dbgate-config-secret" {
  metadata {
    name = "${var.component}-${var.instance}"
    namespace = var.namespace
  }
  data = local.connection_secrets
}


data "kubernetes_secret_v1" "pgs" {
  count             = length(var.pg)
  metadata {
    name      = "${var.pg[count.index].secret.name}"
    namespace = "${var.pg[count.index].namespace}"
  }
}

data "kubernetes_secret_v1" "mongos" {
  count             = length(var.mongo)
  metadata {
    name      = "${var.mongo[count.index].secret.name}"
    namespace = "${var.mongo[count.index].namespace}"
  }
}
data "kubernetes_secret_v1" "redis" {
  count             = length(local.redis-privs)
  metadata {
    name      = "${lookup(local.redis-privs[count.index].secret, "name", local.redis-privs[count.index].name)}"
    namespace = "${local.redis-privs[count.index].namespace}"
  }
}