name: Constellation IAM create
description: Create IAM configuration for a Constellation cluster.

inputs:
  cloudProvider:
    description: "Either 'aws', 'azure' or 'gcp'."
    required: true
  kubernetesVersion:
    description: "Kubernetes version to create the cluster from."
    required: false
  namePrefix:
    description: "Name prefix to use for resources."
    required: true
  #
  # AWS specific inputs
  #
  awsZone:
    description: "AWS zone to deploy Constellation in."
    required: false
  #
  # Azure specific inputs
  #
  azureRegion:
    description: "Azure region to deploy Constellation in."
    required: false
  #
  # GCP specific inputs
  #
  gcpProjectID:
    description: "The GCP project ID to deploy Constellation in."
    required: false
  gcpZone:
    description: "The GCP zone to deploy Constellation in."
    required: false

runs:
  using: "composite"
  steps:
    - name: Generate config
      id: generate-config
      shell: bash
      # TODO(katexochen): Remove the generate-config flag once v2.10 is released.
      run: |
        output=$(constellation iam create --help)
        if [[ $output == *"generate-config"* ]]; then
          echo "flag=--generate-config" | tee -a "$GITHUB_OUTPUT"
          exit 0
        fi

        kubernetesFlag=""
        if [[ ! -z "${{ inputs.kubernetesVersion }}" ]]; then
          kubernetesFlag="--kubernetes=${{ inputs.kubernetesVersion }}"
        fi

        echo "flag=--update-config" | tee -a "$GITHUB_OUTPUT"
        constellation config generate ${{ inputs.cloudProvider }} ${kubernetesFlag}

    - name: Constellation iam create aws
      shell: bash
      if: inputs.cloudProvider == 'aws'
      run: |
        constellation iam create aws \
          --zone=${{ inputs.awsZone }} \
          --prefix=${{ inputs.namePrefix }} \
          ${{ steps.generate-config.outputs.flag }} \
          --tf-log=DEBUG \
          --yes

    - name: Constellation iam create azure
      shell: bash
      if: inputs.cloudProvider == 'azure'
      run: |
        constellation iam create azure \
          --region=${{ inputs.azureRegion }} \
          --resourceGroup="${{ inputs.namePrefix }}-rg" \
          --servicePrincipal="${{ inputs.namePrefix }}-sp" \
          ${{ steps.generate-config.outputs.flag }} \
          --tf-log=DEBUG \
          --yes

    - name: Constellation iam create gcp
      shell: bash
      if: inputs.cloudProvider == 'gcp'
      run: |
        constellation iam create gcp \
          --projectID=${{ inputs.gcpProjectID }} \
          --zone=${{ inputs.gcpZone }} \
          --serviceAccountID="${{ inputs.namePrefix }}-sa" \
          ${{ steps.generate-config.outputs.flag }} \
          --tf-log=DEBUG \
          --yes