resource "kubectl_manifest" "wildduck_secret" {
  ignore_fields = ["metadata.annotations"]
  yaml_body  = <<-EOF
    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
    kind: "StringSecret"
    metadata:
      name: "${var.instance}"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.common_labels)}
    spec:
      forceRegenerate: false
      fields:
      - fieldName: "srs"
        length: "32"
      - fieldName: "zonemta"
        length: "32"
      - fieldName: "webmail"
        length: "32"
      - fieldName: "totp"
        length: "32"
      - fieldName: "dkim"
        length: "32"
      - fieldName: "access"
        length: "32"
      - fieldName: "authentik" # Bearer for authentik to wildduck-scim
        length: "32"
      - fieldName: "default" # Default user password
        length: "8"
      - fieldName: "scim-seed"
        length: "16"
  EOF
}
data "kubernetes_secret_v1" "wildduck" {
  depends_on = [ kubectl_manifest.wildduck_secret ]
  metadata {
    name = var.instance
    namespace = var.namespace
  }
}
locals {
  secrets = {
    srs     = data.kubernetes_secret_v1.wildduck.data["srs"]
    zonemta = data.kubernetes_secret_v1.wildduck.data["zonemta"]
    webmail = data.kubernetes_secret_v1.wildduck.data["webmail"]
    totp    = data.kubernetes_secret_v1.wildduck.data["totp"]
    dkim    = data.kubernetes_secret_v1.wildduck.data["dkim"]
    access  = data.kubernetes_secret_v1.wildduck.data["access"]
    authentik = data.kubernetes_secret_v1.wildduck.data["authentik"]
  }
}