locals {
  mysql_host     = "${var.instance}-${var.component}-db.${var.namespace}.svc"
  mysql_username = data.kubernetes_secret_v1.prj_mysql_secret.data["rootUser"]
  mysql_password = data.kubernetes_secret_v1.prj_mysql_secret.data["rootPassword"]
}

resource "kubectl_manifest" "prj_mysql_secret" {
  yaml_body = <<-EOF
    apiVersion: "secretgenerator.mittwald.de/v1alpha1"
    kind: "StringSecret"
    metadata:
      name: "${var.instance}-${var.component}-db"
      namespace: "${var.namespace}"
      labels: ${jsonencode(var.labels)}
    spec:
      forceRegenerate: false
      data:
        rootUser: "root-${var.instance}"
        rootHost: "%"
        username: "${var.instance}"
        userHost: "%"
      fields:
      - fieldName: "rootPassword"
        length: "32"
      - fieldName: "password"
        length: "32"
  EOF
}

resource "kubectl_manifest" "prj_mysql" {
  depends_on = [kubectl_manifest.prj_mysql_secret]
  yaml_body  = <<-EOF
    apiVersion: mysql.oracle.com/v2
    kind: InnoDBCluster
    metadata:
      name: "${var.instance}-${var.component}-db"
      namespace: "${var.namespace}"
      labels: ${jsonencode(var.labels)}
    spec:
      secretName: ${kubectl_manifest.prj_mysql_secret.name}
      tlsUseSelfSigned: true
      # tlsSecretName: "${var.instance}-db-cert"
      instances: 1
      router:
        instances: 1
      edition: community
      imagePullPolicy: IfNotPresent
      datadirVolumeClaimTemplate:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: "${var.storage}"
  EOF
}

resource "time_sleep" "wait_mysql_ready" {
  depends_on      = [kubectl_manifest.prj_mysql_secret, kubectl_manifest.prj_mysql]
  create_duration = "45s"
}

data "kubernetes_secret_v1" "prj_mysql_secret" {
  depends_on = [kubectl_manifest.prj_mysql_secret, kubectl_manifest.prj_mysql, time_sleep.wait_mysql_ready]
  metadata {
    name      = "${var.instance}-${var.component}-db"
    namespace = var.namespace
  }
}

resource "mysql_database" "app" {
  depends_on = [kubectl_manifest.prj_mysql_secret, kubectl_manifest.prj_mysql, time_sleep.wait_mysql_ready]
  name       = var.database
}

resource "mysql_user" "app_user" {
  depends_on         = [kubectl_manifest.prj_mysql_secret, kubectl_manifest.prj_mysql, time_sleep.wait_mysql_ready]
  host               = data.kubernetes_secret_v1.prj_mysql_secret.data["userHost"]
  user               = data.kubernetes_secret_v1.prj_mysql_secret.data["username"]
  plaintext_password = data.kubernetes_secret_v1.prj_mysql_secret.data["password"]
}

resource "mysql_grant" "app_user_grant" {
  depends_on = [
    kubectl_manifest.prj_mysql_secret,
    kubectl_manifest.prj_mysql,
    time_sleep.wait_mysql_ready,
    mysql_database.app,
    mysql_user.app_user
  ]
  user       = mysql_user.app_user.user
  host       = mysql_user.app_user.host
  database   = mysql_database.app.name
  privileges = ["ALL PRIVILEGES"]
}