resource "random_password" "mysql_root_pass" {
  length           = 32
  special          = false
}
resource "random_password" "mysql_comp_pass" {
  length           = 32
  special          = false
}
locals {
  mysql_host = "${var.instance}-${var.component}-rw.${var.namespace}.svc"
  mysql_username = "root"
  mysql_password = random_password.mysql_root_pass.result
}
resource "kubectl_manifest" "mysql_root_pass" {
  yaml_body  = <<-EOF
    apiVersion: v1
    kind: Secret
    metadata:
      name: "${var.instance}-${var.component}-mysql-root"
      labels: ${jsonencode(local.common_labels)}
      namespace: ${var.namespace}
    stringData:
      password: "${random_password.mysql_root_pass.result}"
EOF
}

resource "kubectl_manifest" "ndb" {
  yaml_body  = <<-EOF
    apiVersion: mysql.oracle.com/v1
    kind: NdbCluster
    metadata:
      name: "${var.instance}-${var.component}"
      labels: ${jsonencode(local.db_labels)}
      namespace: ${var.namespace}
    spec:
      redundancyLevel: 1
      dataNode:
        nodeCount: 1
        pvcSpec:
          accessModes:
            - ReadWriteOnce
          resources:
            requests:
            storage: 10Gi
      mysqlNode:
        nodeCount: 1
        rootPasswordSecretName: ${kubectl_manifest.mysql_root_pass.name}
        myCnf: |
          [mysqld]
          default_storage_engine=NDBCLUSTER
EOF
}
resource "time_sleep" "wait_ndb_ready" {
  depends_on         = [kubectl_manifest.ndb]
  create_duration    = "180s"
}
resource "mysql_database" "component" {
  depends_on         = [ time_sleep.wait_ndb_ready, kubectl_manifest.ndb ]
  name               = var.component
}
resource "mysql_user" "component" {
  depends_on         = [ time_sleep.wait_ndb_ready, kubectl_manifest.ndb ]
  user               = var.component
  host               = "%.${module.service.default_definition.name}.${var.namespace}.%"
  plaintext_password = random_password.mysql_comp_pass.result
}
resource "mysql_grant" "component" {
  user       = mysql_user.component.user
  host       = mysql_user.component.host
  database   = mysql_database.component.name
  privileges = ["ALL"]
}

resource "kubectl_manifest" "pre_backup_pod_db" {
  count = var.backups.enable?1:0
  ignore_fields = ["metadata.annotations"]
  yaml_body  = <<-EOF
    apiVersion: k8up.io/v1
    kind: PreBackupPod
    metadata:
      name: "${var.instance}-${var.component}-db"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.secrets_labels)}
    spec:
      backupCommand: mysqldump --all-databases	--password=$$MYSQL_PWD --host=${var.instance}-${var.component}-mysqld.${var.namespace}.svc --no-create-db --add-drop-table
      pod:
        spec:
          containers:
          - command:
            - cat
            env:
            - name: MYSQL_PWD
              valueFrom:
                secretKeyRef:
                  key:  password
                  name: "${kubectl_manifest.mysql_root_pass.name}"
            image: "${var.images.mysql.registry}/${var.images.mysql.repository}:${var.images.mysql.tag}"
            imagePullPolicy: "${var.images.mysql.pull_policy}"
            name: secret
            tty: true
          serviceAccount: backup-secret
          serviceAccountName: backup-secret
  EOF
}