resource "helm_release" "dynatrace-service" {
  name       = "dynatrace-service"
  chart      = "./dynatrace-service"
  namespace  = var.KEPTN_NAMESPACE
  timeout    = 500

  # set {
  #   name  = "tolerations[0].key"
  #   value = "dedicated"
  # }

  # set {
  #   name  = "tolerations[0].value"
  #   value = "group2"
  # }

  # set {
  #   name  = "tolerations[0].operator"
  #   value = "Equal"
  # }

  # set {
  #   name  = "tolerations[0].effect"
  #   value = "NoSchedule"
  # }

  #  set {
  #   name  = "nodeSelector.role"
  #   value = "group2"
  # }

  set {
    name  = "dynatraceService.config.keptnApiUrl"
    value = "https://keptn.nttdata-xlabs.com/api"
  }

  set {
     name  = "dynatraceService.config.keptnBridgeUrl"
     value = "https://keptn.nttdata-xlabs.com/bridge"
  } 

  set {
    name  = "dynatraceService.config.logLevel"
    value = "debug"
  }


  depends_on = [
    helm_release.keptn
  ]
}

resource "kubernetes_cluster_role" "dynatrace_service_read_secrets_CR" {
  metadata {
    name = "dynatrace-service-read-secrets"
  }

  rule {
    api_groups = [""]
    resources  = ["secrets"]
    verbs      = ["get", "list", "watch"]
  }

}

resource "kubernetes_cluster_role_binding" "dynatrace_service_read_secrets_CRB" {
  metadata {
    name = "dynatrace_service_read_secrets"
  }
  role_ref {
    api_group = "rbac.authorization.k8s.io"
    kind      = "ClusterRole"
    name      = "dynatrace-service-read-secrets"
  }
  subject {
    kind      = "ServiceAccount"
    name      = "dynatrace-service"
    namespace = var.KEPTN_NAMESPACE
  }

  depends_on = [ helm_release.dynatrace-service, kubernetes_cluster_role.dynatrace_service_read_secrets_CR]
}


# resource "null_resource" "kubectl" {
#   provisioner "local-exec" {
#     command = "kubectl -n keptn get secret bridge-credentials -o jsonpath={.data.BASIC_AUTH_USERNAME}"
# #     interpreter = ["/bin/bash", "-c"]environment = {
# #       KUBECONFIG = base64encode(var.kubeconfig)
#    }
# }

# resource "kubernetes_secret" "bridge" {
#   metadata {
#     name = "bridge-credentials"
#     namespace = "keptn"
#   }
# }

# output "bridge" {
#   value = kubernetes_secret.bridge.data.BASIC_AUTH_USERNAME
# }

resource "kubernetes_secret" "dynatrace-service" {
  metadata {
    name = "dynatrace-service"
    namespace=var.KEPTN_NAMESPACE
    labels = {
        "app.kubernetes.io/scope"="dynatrace-service"
    }
    #scope="dynatrace-service"
  }

  data = {
    DT_API_TOKEN = var.DT_API_TOKEN
    DT_TENANT = var.DT_TENANT
  }

  depends_on = [
    helm_release.keptn
  ]
}