# =============================================================================
# VAULT MODULE CONFIGURATION SYSTEM
# =============================================================================
#
# This file automatically discovers and organizes YAML configuration files
# for Vault modules, creating structured configuration maps for Terraform.
#
# HOW IT WORKS:
# 1. Scans all subdirectories for *.yaml files
# 2. Groups files by module type based on directory structure
# 3. Creates unique resource keys to prevent naming conflicts
# 4. Adds computed fields like name, backend, etc. from file paths
#
# DIRECTORY STRUCTURE:
# config/
# ├── auth_approle_role/
# │   └── approle/
# │       ├── certmanager.yaml    # Creates key: "approle/certmanager"
# │       └── myapp.yaml          # Creates key: "approle/myapp"
# ├── auth_kubernetes_role/
# │   └── k8s/au/syd1/
# │       ├── default.yaml        # Creates key: "k8s/au/syd1/default"
# │       └── myapp.yaml          # Creates key: "k8s/au/syd1/myapp"
# └── kv_secret_backend/
#     ├── kv.yaml                 # Creates key: "kv"
#     └── secrets.yaml            # Creates key: "secrets"
#
# EXAMPLE YAML FILE (config/auth_approle_role/approle/myapp.yaml):
# ```yaml
# token_ttl: 3600
# token_max_ttl: 7200
# bind_secret_id: true
# token_bound_cidrs:
#   - "10.0.0.0/8"
# ```
#
# This becomes:
# ```hcl
# auth_approle_role = {
#   "approle/myapp" = {
#     approle_name = "myapp"        # Auto-computed from filename
#     mount_path = "approle"        # Auto-computed from directory
#     token_ttl = 3600              # From YAML content
#     token_max_ttl = 7200          # From YAML content
#     bind_secret_id = true         # From YAML content
#     token_bound_cidrs = ["10.0.0.0/8"]
#   }
# }
# ```
#
# KEY NAMING PATTERNS:
# - Simple backends: filename only (e.g., "kv", "transit")
# - Role-based resources: full path without extension (e.g., "approle/myapp")
# - This ensures uniqueness when multiple backends have similar role names
#
# GENERATED OUTPUTS:
# - config.auth_approle_backend, config.auth_approle_role, etc.
# - Each module gets its own map with properly structured configuration
#
# =============================================================================

locals {
  # Find all YAML files in subdirectories
  config_files = fileset(".", "**/*.yaml")

  # Create a flat map of all files with their content
  all_configs = {
    for file_path in local.config_files :
    file_path => yamldecode(file(file_path))
  }

  # Group by module directory (first part of path)
  config = {
    auth_approle_backend = {
      for file_path, content in local.all_configs :
      trimsuffix(basename(file_path), ".yaml") => content
      if startswith(file_path, "auth_approle_backend/")
    }
    auth_approle_role = {
      for file_path, content in local.all_configs :
      trimsuffix(replace(file_path, "auth_approle_role/", ""), ".yaml") => merge(content, {
        approle_name = trimsuffix(basename(file_path), ".yaml")
        mount_path   = split("/", replace(file_path, "auth_approle_role/", ""))[0]
      })
      if startswith(file_path, "auth_approle_role/")
    }
    auth_ldap_backend = {
      for file_path, content in local.all_configs :
      trimsuffix(basename(file_path), ".yaml") => content
      if startswith(file_path, "auth_ldap_backend/")
    }
    auth_ldap_group = {
      for file_path, content in local.all_configs :
      trimsuffix(replace(file_path, "auth_ldap_group/", ""), ".yaml") => merge(content, {
        groupname = trimsuffix(basename(file_path), ".yaml")
        backend   = split("/", replace(file_path, "auth_ldap_group/", ""))[0]
      })
      if startswith(file_path, "auth_ldap_group/")
    }
    auth_kubernetes_backend = {
      for file_path, content in local.all_configs :
      trimsuffix(replace(file_path, "auth_kubernetes_backend/", ""), ".yaml") => content
      if startswith(file_path, "auth_kubernetes_backend/")
    }
    auth_kubernetes_role = {
      for file_path, content in local.all_configs :
      trimsuffix(replace(file_path, "auth_kubernetes_role/", ""), ".yaml") => merge(content, {
        role_name = trimsuffix(basename(file_path), ".yaml")
        backend   = dirname(replace(file_path, "auth_kubernetes_role/", ""))
      })
      if startswith(file_path, "auth_kubernetes_role/")
    }
    kv_secret_backend = {
      for file_path, content in local.all_configs :
      trimsuffix(basename(file_path), ".yaml") => content
      if startswith(file_path, "kv_secret_backend/")
    }
    transit_secret_backend = {
      for file_path, content in local.all_configs :
      trimsuffix(basename(file_path), ".yaml") => content
      if startswith(file_path, "transit_secret_backend/")
    }
    transit_secret_backend_key = {
      for file_path, content in local.all_configs :
      trimsuffix(replace(file_path, "transit_secret_backend_key/", ""), ".yaml") => merge(content, {
        name    = trimsuffix(basename(file_path), ".yaml")
        backend = dirname(replace(file_path, "transit_secret_backend_key/", ""))
      })
      if startswith(file_path, "transit_secret_backend_key/")
    }
    ssh_secret_backend = {
      for file_path, content in local.all_configs :
      trimsuffix(basename(file_path), ".yaml") => content
      if startswith(file_path, "ssh_secret_backend/")
    }
    ssh_secret_backend_role = {
      for file_path, content in local.all_configs :
      trimsuffix(replace(file_path, "ssh_secret_backend_role/", ""), ".yaml") => merge(content, {
        name    = trimsuffix(basename(file_path), ".yaml")
        backend = dirname(replace(file_path, "ssh_secret_backend_role/", ""))
      })
      if startswith(file_path, "ssh_secret_backend_role/")
    }
    pki_secret_backend = {
      for file_path, content in local.all_configs :
      trimsuffix(replace(file_path, "pki_secret_backend/", ""), ".yaml") => content
      if startswith(file_path, "pki_secret_backend/")
    }
    pki_secret_backend_role = {
      for file_path, content in local.all_configs :
      trimsuffix(replace(file_path, "pki_secret_backend_role/", ""), ".yaml") => merge(content, {
        name    = trimsuffix(basename(file_path), ".yaml")
        backend = dirname(replace(file_path, "pki_secret_backend_role/", ""))
      })
      if startswith(file_path, "pki_secret_backend_role/")
    }
    kubernetes_secret_backend = {
      for file_path, content in local.all_configs :
      trimsuffix(replace(file_path, "kubernetes_secret_backend/", ""), ".yaml") => content
      if startswith(file_path, "kubernetes_secret_backend/")
    }
    kubernetes_secret_backend_role = {
      for file_path, content in local.all_configs :
      trimsuffix(replace(file_path, "kubernetes_secret_backend_role/", ""), ".yaml") => merge(content, {
        name    = trimsuffix(basename(file_path), ".yaml")
        backend = dirname(replace(file_path, "kubernetes_secret_backend_role/", ""))
      })
      if startswith(file_path, "kubernetes_secret_backend_role/")
    }
    consul_secret_backend = {
      for file_path, content in local.all_configs :
      trimsuffix(replace(file_path, "consul_secret_backend/", ""), ".yaml") => content
      if startswith(file_path, "consul_secret_backend/")
    }
    consul_secret_backend_role = {
      for file_path, content in local.all_configs :
      trimsuffix(replace(file_path, "consul_secret_backend_role/", ""), ".yaml") => merge(content, {
        name    = trimsuffix(basename(file_path), ".yaml")
        backend = dirname(replace(file_path, "consul_secret_backend_role/", ""))
      })
      if startswith(file_path, "consul_secret_backend_role/")
    }
    pki_mount_only = {
      for file_path, content in local.all_configs :
      trimsuffix(basename(file_path), ".yaml") => content
      if startswith(file_path, "pki_mount_only/")
    }
  }
}