locals {
  request_headers = {
    "Content-Type" = "application/json"
    Authorization  = "Bearer ${local.authentik_token}"
  }
  outposts = jsondecode(data.http.get_proxy_outpost.response_body).results
  outpost_providers = local.outposts[0].providers
  outpost_pk = local.outposts[0].pk
}


data "http" "get_proxy_outpost" {
  depends_on      = [data.kubernetes_secret_v1.authentik]
  url             = "${local.authentik_url}/api/v3/outposts/instances/?name__iexact=${var.domain}-proxy-outpost"
  method          = "GET"
  request_headers = local.request_headers
  lifecycle {
    postcondition {
      condition     = contains([200], self.status_code)
      error_message = "Status code invalid, error: ${try(jsondecode(self.response_body).detail, "no-error")}"
    }
  }
}


resource "restapi_object" "proxy_outpost_binding" {
  path = "/outposts/instances/${local.outpost_pk}/"
  data = jsonencode({
    name      = "${var.domain}-proxy-outpost"
    providers = contains(local.outpost_providers, authentik_provider_proxy.app_proxy_provider.id) ? local.outpost_providers : concat(local.outpost_providers, [authentik_provider_proxy.app_proxy_provider.id])
  })
}