locals {
  mysql_labels = merge(var.labels, {
    "app.kubernetes.io/component" = "mysql"
  })
  app_slug       = "${var.instance}${var.component == "" ? "" : "-"}${var.component}"
  mysql_host     = "${local.app_slug}-mysql.${var.namespace}.svc"
  mysql_username = data.kubernetes_secret_v1.mysql_secret.data["rootUser"]
  mysql_password = data.kubernetes_secret_v1.mysql_secret.data["rootPassword"]
}

resource "kubectl_manifest" "mysql_secret" {
  yaml_body = <<-EOF
    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
    kind: "StringSecret"
    metadata:
      name: "${local.app_slug}-mysql"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.mysql_labels)}
    spec:
      forceRegenerate: false
      data:
        rootUser: "root-${var.instance}"
        rootHost: "%"
        username: "${var.instance}"
        userHost: "%"
      fields:
      - fieldName: "rootPassword"
        length: "32"
      - fieldName: "password"
        length: "32"
  EOF
}

data "kubernetes_secret_v1" "mysql_secret" {
  depends_on = [kubectl_manifest.mysql_secret]
  metadata {
    name      = "${local.app_slug}-mysql"
    namespace = var.namespace
    labels = local.mysql_labels
  }
}

resource "kubectl_manifest" "mysql" {
  yaml_body  = <<-EOF
    apiVersion: mysql.oracle.com/v2
    kind: InnoDBCluster
    metadata:
      name: "${local.app_slug}-mysql"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.mysql_labels)}
    spec:
      secretName: ${data.kubernetes_secret_v1.mysql_secret.metadata[0].name}
      tlsUseSelfSigned: true
      instances: 1
      router:
        instances: 1
      edition: community
      imagePullPolicy: IfNotPresent
      datadirVolumeClaimTemplate:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: "${var.storage}"
  EOF
}

resource "time_sleep" "wait_mysql_ready" {
  depends_on = [kubectl_manifest.mysql]
  create_duration = "45s"
}

resource "mysql_database" "app" {
  depends_on = [
    kubectl_manifest.mysql,
    time_sleep.wait_mysql_ready
  ]
  name = var.database
}

resource "mysql_user" "app_user" {
  depends_on = [
    time_sleep.wait_mysql_ready,
    mysql_database.app,
  ]
  host               = data.kubernetes_secret_v1.mysql_secret.data["userHost"]
  user               = data.kubernetes_secret_v1.mysql_secret.data["username"]
  plaintext_password = data.kubernetes_secret_v1.mysql_secret.data["password"]
}

resource "mysql_grant" "app_user_grant" {
  user       = mysql_user.app_user.user
  host       = mysql_user.app_user.host
  database   = mysql_database.app.name
  privileges = ["ALL PRIVILEGES"]
}