locals {
  app_slug   = (var.component == var.instance || var.component=="") ? var.instance : format("%s-%s", var.component, var.instance)
  mongo-password = data.kubernetes_secret_v1.prj_mongo_secret.data["password"]
  username = var.username==""?var.component==""?var.instance:var.component:var.username
  db_name = var.db_name==""?var.component==""?var.instance:var.component:var.db_name
  mongo-labels = merge(local.labels, {
    "app.kubernetes.io/component" = "mongo"
  })
}
resource "kubectl_manifest" "prj_mongo_secret" {
  ignore_fields = ["metadata.annotations"]
  yaml_body  = <<-EOF
    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
    kind: "StringSecret"
    metadata:
      name: "${local.app_slug}-mongo"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.mongo-labels)}
    spec:
      forceRegenerate: false
      fields:
      - fieldName: "password"
        length: "16"
  EOF
}
data "kubernetes_secret_v1" "prj_mongo_secret" {
  depends_on = [ kubectl_manifest.prj_mongo_secret ]
  metadata {
    name = "${local.app_slug}-mongo"
    namespace = var.namespace
  }
}
resource "kubectl_manifest" "prj_mongo" {
  yaml_body  = <<-EOF
    apiVersion: mongodbcommunity.mongodb.com/v1
    kind: MongoDBCommunity
    metadata:
      name: "${local.app_slug}-mongo"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.mongo-labels)}
    spec:
      members: 1
      type: ReplicaSet
      version: "7.0.2"
      statefulSet:
        spec:
          template:
            metadata:
              annotations:
                "k8up.io/backupcommand": "sh -c 'mongodump --username=$MONGODB_USER --password=$MONGODB_PASSWORD mongodb://localhost/$MONGODB_NAME --archive'"
                "k8up.io/file-extension": ".archive"
            spec:
              containers:
              - name: mongod
                imagePullPolicy: "${var.pullPolicy}"
                resources: ${jsonencode(var.resources)}
                env:
                - name: MONGODB_NAME
                  value: ${local.db_name}
                - name: MONGODB_USER
                  value: ${local.username}
                - name: MONGODB_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: "${local.app_slug}-mongo"
                      key: password
      security:
        authentication:
          modes: ["SCRAM"]
      additionalMongodConfig:
        storage.wiredTiger.engineConfig.cacheSizeGB: 1
      users:
      - name: ${local.username}
        db: ${local.db_name}
        passwordSecretRef:
          name: "${local.app_slug}-mongo"
        roles:
        - db: ${local.db_name}
          name: readWrite
        scramCredentialsSecretName: "${local.app_slug}-mongo-scram"
  EOF
}
resource "kubectl_manifest" "prj_mongo_sa" {
  yaml_body  = <<-EOF
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: "mongodb-database"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.mongo-labels)}
  EOF
}
resource "kubectl_manifest" "prj_mongo_role" {
  yaml_body  = <<-EOF
    apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
      name: "mongodb-database"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.mongo-labels)}
    rules:
    - apiGroups: [""]
      resources: ["secrets"]
      verbs: ["get"]
    - apiGroups: [""]
      resources: ["pods"]
      verbs: ["patch", "delete", "get"]
  EOF
}
resource "kubectl_manifest" "prj_mongo_rb" {
  yaml_body  = <<-EOF
    apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      name: "mongodb-database"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.mongo-labels)}
    subjects:
    - kind: ServiceAccount
      name: mongodb-database
    roleRef:
      kind: Role
      name: mongodb-database
      apiGroup: rbac.authorization.k8s.io
  EOF
}