locals {
  dns_name  = "${var.sub_domain}.${var.domain_name}"
  dns_names = [local.dns_name]
  app_name  = (var.component == var.instance || var.component=="") ? var.instance : format("%s-%s", var.component, var.instance)
  icon      = "icon.svg"
}

module "service" {
  source = "git::https://git.solidite.fr/vynil/kydah-modules.git//service"
  component         = var.component
  instance          = var.instance
  namespace         = var.namespace
  labels            = local.common_labels
  selector          = local.sonar_labels
  targets           = ["http"]
  providers = {
    kubectl = kubectl
  }
}

module "ingress" {
  source = "git::https://git.solidite.fr/vynil/kydah-modules.git//ingress"
  component         = ""
  instance          = var.instance
  namespace         = var.namespace
  issuer            = var.issuer
  ingress_class     = var.ingress_class
  labels            = local.common_labels
  dns_names         = local.dns_names
  services          = [module.service.default_definition]
  providers = {
    kubectl = kubectl
  }
}

module "application" {
  source = "git::https://git.solidite.fr/vynil/kydah-modules.git//application"
  component         = var.component
  instance          = var.instance
  app_group         = var.app_group
  dns_name          = local.dns_name
  icon              = local.icon
  sub_groups        = ["admin"]
  protocol_provider = module.saml.provider-id
  providers = {
    authentik = authentik
  }
}

module "saml" {
  source = "git::https://git.solidite.fr/vynil/kydah-modules.git//saml"
  component         = var.component
  instance          = var.instance
  acs_path          = "oauth2/callback/saml"
  issuer            = "self-sign"
  dns_names         = local.dns_names
  namespace         = var.namespace
  labels            = local.common_labels
  audience          = "https://${local.dns_name}/saml2/metadata"
  saml_issuer       = "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/"
  group_mapping     = <<ENDF
for group in user.ak_groups.all():
    if group.name == "authentik Admins":
        yield "sonar-administrators"
    elif group.name == "app-${local.app_name}":
        yield "sonar-users"
    elif group.name == "app-${local.app_name}-admin":
        yield "sonar-administrators"
    else:
        yield group.name
ENDF
  providers = {
    kubectl = kubectl
    authentik = authentik
  }
}