locals {
  request_headers = {
    "Content-Type" = "application/json"
    Authorization  = "Bearer ${local.authentik_token}"
  }
  outposts = jsondecode(data.http.get_proxy_outpost.response_body).results
  outpost_providers = local.outposts[0].providers
  outpost_pk = local.outposts[0].pk
}


data "http" "get_proxy_outpost" {
  depends_on      = [data.kubernetes_secret_v1.authentik]
  url             = "http://authentik.${var.domain}-auth.svc/api/v3/outposts/instances/?name__iexact=${var.domain}-proxy-outpost"
  method          = "GET"
  request_headers = var.request_headers
  lifecycle {
    postcondition {
      condition     = contains([200], self.status_code)
      error_message = "Status code invalid"
    }
  }
}


# resource "restapi_object" "proxy_outpost_binding" {
#   path = "/outposts/instances/${local.outpost_pk}/"
#   data = jsonencode({
#     name      = "${var.domain}-proxy-outpost"
#     providers = contains(local.outpost_providers, authentik_provider_proxy.app_proxy_provider.id) ? local.outpost_providers : concat(local.outpost_providers, [authentik_provider_proxy.app_proxy_provider.id])
#   })
# }

# data "http" "get_local_sck" {
#   depends_on      = [data.kubernetes_secret_v1.authentik]
#   url             = "http://authentik-authentik.${var.namespace}.svc/api/v3/outposts/service_connections/kubernetes/?local=true"
#   method          = "GET"
#   request_headers = local.request_headers
#   lifecycle {
#     postcondition {
#       condition     = contains([200], self.status_code)
#       error_message = "Status code invalid"
#     }
#   }
# }

# data "kubernetes_ingress_v1" "authentik" {
#   metadata {
#     name      = "authentik"
#     namespace = var.namespace
#   }
# }

# resource "authentik_outpost" "proxy_outpost" {
#   depends_on         = [data.http.get_local_sck, data.kubernetes_ingress_v1.authentik]
#   name               = "${var.domain}-proxy-outpost"
#   type               = "proxy"
#   service_connection = local.local_sck[0].pk
#   config = jsonencode({
#     "log_level" : "info",
#     "authentik_host" : "http://authentik.${var.namespace}.svc",
#     "docker_map_ports" : true,
#     "kubernetes_replicas" : 1,
#     "kubernetes_namespace" : var.namespace,
#     "authentik_host_browser" : "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}",
#     "object_naming_template" : "ak-%(name)s",
#     "authentik_host_insecure" : false,
#     "kubernetes_service_type" : "ClusterIP",
#     "kubernetes_image_pull_secrets" : [],
#     "kubernetes_disabled_components" : [],
#     "kubernetes_ingress_annotations" : {},
#   })
#   protocol_providers = [authentik_provider_proxy.domain_proxy_provider.id]
# }