# Provider Configuration
provider "aws" {
  region = "ap-northeast-2" 
}

# Locals for Constants (replace values as needed)
locals {
  prefix = "bumpsoo-menu"
  image_bucket_name = "${local.prefix}-img-bucket"
  lambda_role_name = "${local.prefix}-lambda-role"
  lambda_function_name = "${local.prefix}-lambda"
  lambda_filename      = "artifacts.zip" # Zip file containing Lambda code
  lambda_handler       = "main.lambda_handler" # Replace with your handler
  weekday_rule_name = "${local.prefix}-weekday-image-upload"

  schedule_role_name = "${local.prefix}-schedule-role"
}

# S3 Bucket (Publicly Accessible)
resource "aws_s3_bucket" "image_bucket" {
  bucket = local.image_bucket_name
}

# S3 Bucket Public Access Block (disabled for objects)
resource "aws_s3_bucket_public_access_block" "image_bucket_public_access_block" {
  bucket                  = aws_s3_bucket.image_bucket.id
  block_public_acls       =  false # Block public ACLs
  block_public_policy     =  false # Block public bucket policies
  ignore_public_acls      =  false # Ignore public ACLs on existing objects
  restrict_public_buckets =  false # Restrict public bucket policies on existing buckets
}

resource "aws_s3_bucket_policy" "image_bucket_policy" {
  depends_on = [
    aws_s3_bucket.image_bucket,
    aws_s3_bucket_public_access_block.image_bucket_public_access_block
  ]
  bucket = aws_s3_bucket.image_bucket.id
  policy = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bumpsoo-menu-img-bucket/*"
        }
    ]
}
EOF
}



# IAM Role for Lambda (EventBridge Permissions)
resource "aws_iam_role" "lambda_role" {
  name = local.lambda_role_name

  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Principal = {
          Service = "lambda.amazonaws.com"
        }
        Effect = "Allow"
      }
    ]
  })

  # Policy to allow EventBridge rule creation/management
  inline_policy {
    name = "lambda_eventbridge_policy"
    policy = jsonencode({
      Version = "2012-10-17"
      Statement = [
        {
          Effect = "Allow"
          Action = [
            "scheduler:CreateSchedule",
            "scheduler:UpdateSchedule",
          ]
          Resource = "*" 
        },
        {
          Effect = "Allow"
          Action = [
            "iam:PassRole",
          ]
          Resource = "*" 
        },
        {
          Effect    = "Allow"
          Action    = "s3:PutObject"
          Resource  = "*"
        },
        {
          Effect = "Allow"
          Action = [
            "logs:CreateLogStream",
            "logs:CreateLogGroup",
            "logs:PutLogEvents"
          ]
          Resource = "*"
        }
      ]
    })
  }
}

# IAM Role for Lambda (EventBridge Permissions)
resource "aws_iam_role" "schedule_role" {
  name = local.schedule_role_name

  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Principal = {
          Service = "scheduler.amazonaws.com"
        }
        Effect = "Allow"
      }
    ]
  })

  # Policy to allow EventBridge rule creation/management
  inline_policy {
    name = "schedule_invoke_any_lambda"
    policy = jsonencode({
      Version = "2012-10-17"
      Statement = [
        {
          Effect = "Allow"
          Action = [
            "lambda:InvokeFunction"
          ]
          Resource = "*"
        }
      ]
    })
  }
}

resource "aws_cloudwatch_log_group" "image_lambda_log_group" {
  name              = "/aws/lambda/${local.lambda_function_name}"
  retention_in_days = 14  # Adjust retention period as needed
}
# Lambda Function
resource "aws_lambda_function" "image_lambda" {
  function_name = local.lambda_function_name
  filename      = local.lambda_filename
  role          = aws_iam_role.lambda_role.arn
  handler       = local.lambda_handler
  runtime       = "python3.11"
  timeout       = 60

  environment {
    variables = {
      SCHEDULE_ROLE_ARN = aws_iam_role.schedule_role.arn
      S3_BUCKET_NAME = local.image_bucket_name
    }
  }
  depends_on = [aws_cloudwatch_log_group.image_lambda_log_group]
}


resource "aws_scheduler_schedule" "weekday_schedule" {
  name        = local.weekday_rule_name  # Keep the same name
  description = "Trigger Lambda at 10 AM on weekdays (KST)"
  schedule_expression     = "cron(30 10 ? * MON-FRI *)"
  schedule_expression_timezone = "Asia/Seoul"
  flexible_time_window {
    mode = "OFF"
  }

  target {
    arn = aws_lambda_function.image_lambda.arn
    role_arn = aws_iam_role.schedule_role.arn

    input = <<EOF
    {"slack_url": "https://hooks.slack.com/services/"}
    EOF
  }
}