# =============================================================================
# VAULT RESOURCES CONFIGURATION SYSTEM
# =============================================================================
#
# This file automatically discovers and processes all YAML resource files from
# the resources/ directory, creating a unified resource configuration for Vault.
#
# HOW IT WORKS:
# 1. Scans all subdirectories under resources/ for *.yaml files
# 2. Parses each YAML file to extract resource rules and configuration
# 3. Creates structured mappings for backend types -> paths -> resource names
#
# YAML STRUCTURE:
# Each resource YAML file should contain Kubernetes RBAC rules or similar
# resource definitions that will be used by Vault secret backends.
#
# EXAMPLE YAML FILE (resources/secret_backend/kubernetes/au/syd1/roles/admin.yaml):
# ```yaml
# rules:
#   - apiGroups: [""]
#     resources: ["*"]
#     verbs: ["*"]
# ```
#
# DIRECTORY STRUCTURE:
# resources/
# └── secret_backend/
#     └── {backend_type}/
#         └── {country}/
#             └── {region}/
#                 └── roles/
#                     └── {role_name}.yaml
#
# GENERATED OUTPUTS:
# - resources: [resources][secret_backend\auth_backend][path-between][yaml-file-name]
#
# =============================================================================

locals {
  # Find all YAML files in current directory and subdirectories
  resource_files = fileset(".", "**/*.yaml")

  # Create the desired nested structure: resources -> backend_type -> middle_path -> filename
  resources = {
    resources = {
      for backend_type in distinct([
        for file_path in local.resource_files : split("/", file_path)[0]
        ]) : backend_type => {
        for middle_path in distinct([
          for file_path in local.resource_files :
          length(split("/", file_path)) > 2 ? join("/", slice(split("/", file_path), 1, length(split("/", file_path)) - 1)) : ""
          if split("/", file_path)[0] == backend_type
          ]) : middle_path => {
          for file_path in local.resource_files :
          trimsuffix(basename(file_path), ".yaml") => yamldecode(file(file_path))
          if split("/", file_path)[0] == backend_type &&
          (length(split("/", file_path)) > 2 ? join("/", slice(split("/", file_path), 1, length(split("/", file_path)) - 1)) : "") == middle_path
        }
      }
    }
  }
}