# SACC v4 - Duplicación de Infraestructura de Producción
# ======================================================
# Este script Terraform duplica el entorno PROD de SACC v4
# en una nueva cuenta AWS de pruebas.
#
# USO:
# 1. Copiar terraform.tfvars.example a terraform.tfvars
# 2. Completar variables con valores de la nueva cuenta
# 3. terraform init
# 4. terraform plan
# 5. terraform apply
#
# NO EJECUTAR EN PRODUCCIÓN - Solo para entornos de prueba

terraform {
  required_version = ">= 1.5.0"
  
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
  
  # Backend S3 para estado (crear bucket primero)
  backend "s3" {
    bucket         = "sacc4-terraform-state-test"
    key            = "sacc4-test/terraform.tfstate"
    region         = "mx-central-1"
    encrypt        = true
    dynamodb_table = "sacc4-terraform-locks-test"
  }
}

# Provider AWS - Región México
provider "aws" {
  region = var.aws_region
  
  default_tags {
    tags = {
      Project     = "SACC-v4"
      Environment = var.environment
      ManagedBy   = "Terraform"
      CreatedDate = timestamp()
    }
  }
}

# ======================================================
# MÓDULOS DE INFRAESTRUCTURA
# ======================================================

module "vpc" {
  source = "./modules/vpc"
  
  vpc_cidr           = var.vpc_cidr
  environment        = var.environment
  availability_zones = var.availability_zones
}

module "security_groups" {
  source = "./modules/security-groups"
  
  vpc_id      = module.vpc.vpc_id
  environment = var.environment
  my_ip       = var.my_ip
}

module "iam" {
  source = "./modules/iam"
  
  environment = var.environment
  account_id  = data.aws_caller_identity.current.account_id
}

module "ec2" {
  source = "./modules/ec2"
  
  ami_id                    = var.ami_id
  instance_type             = var.instance_type
  subnet_id                 = module.vpc.public_subnet_ids[0]
  security_group_ids        = [module.security_groups.ec2_sg_id]
  key_name                  = var.key_name
  environment               = var.environment
  associate_public_ip       = true
  user_data                 = file("${path.module}/scripts/ec2-user-data.sh")
  iam_instance_profile      = module.iam.ec2_instance_profile_name
}

module "rds" {
  source = "./modules/rds"
  
  subnet_ids          = module.vpc.private_subnet_ids
  security_group_id   = module.security_groups.rds_sg_id
  db_name             = var.db_name
  db_username         = var.db_username
  db_password         = var.db_password
  instance_class      = var.rds_instance_class
  allocated_storage   = var.rds_allocated_storage
  environment         = var.environment
}

module "s3_cloudfront" {
  source = "./modules/s3-cloudfront"
  
  bucket_name     = var.s3_bucket_name
  environment     = var.environment
  domain_name     = var.domain_name
  certificate_arn = var.certificate_arn
}

module "route53" {
  source = "./modules/route53"
  
  domain_name         = var.domain_name
  ec2_public_ip       = module.ec2.public_ip
  cloudfront_domain   = module.s3_cloudfront.cloudfront_domain_name
  cloudfront_zone_id  = module.s3_cloudfront.cloudfront_hosted_zone_id
}

module "lambda_scheduler" {
  source = "./modules/lambda-scheduler"
  
  environment = var.environment
  ec2_instance_id = module.ec2.instance_id
}

# ======================================================
# DATOS
# ======================================================

data "aws_caller_identity" "current" {}
data "aws_region" "current" {}

# ======================================================
# OUTPUTS
# ======================================================

output "vpc_id" {
  description = "ID de la VPC creada"
  value       = module.vpc.vpc_id
}

output "ec2_public_ip" {
  description = "IP pública de la instancia EC2"
  value       = module.ec2.public_ip
}

output "ec2_private_ip" {
  description = "IP privada de la instancia EC2"
  value       = module.ec2.private_ip
}

output "rds_endpoint" {
  description = "Endpoint de la base de datos RDS"
  value       = module.rds.endpoint
  sensitive   = true
}

output "s3_bucket_name" {
  description = "Nombre del bucket S3 para frontend"
  value       = module.s3_cloudfront.bucket_name
}

output "cloudfront_domain" {
  description = "Dominio de CloudFront"
  value       = module.s3_cloudfront.cloudfront_domain_name
}

output "route53_nameservers" {
  description = "Nameservers de Route53"
  value       = module.route53.nameservers
}

output "ansible_inventory" {
  description = "Inventario Ansible generado dinámicamente"
  value       = <<-EOT
    [sacc4-test]
    ${module.ec2.public_ip} ansible_user=ubuntu ansible_ssh_private_key_file=~/.ssh/${var.key_name}.pem
    
    [sacc4-test:vars]
    ansible_python_interpreter=/usr/bin/python3
    environment=${var.environment}
    db_endpoint=${module.rds.endpoint}
    s3_bucket=${module.s3_cloudfront.bucket_name}
  EOT
  sensitive   = false
}

output "deployment_commands" {
  description = "Comandos para desplegar la aplicación"
  value       = <<-EOT
    # Conectar a la instancia
    ssh -i ~/.ssh/${var.key_name}.pem ubuntu@${module.ec2.public_ip}
    
    # Verificar servicios
    systemctl status nginx
    systemctl status api-sacc4-*
    
    # Verificar health checks
    curl http://localhost:8080/actuator/health
    curl http://localhost:8081/actuator/health
    curl http://localhost:8082/actuator/health
  EOT
}