terraform {
  required_providers {
    infisical = {
      source  = "infisical/infisical"
      version = "0.15.21"
    }
    rancher2 = {
      source  = "rancher/rancher2"
      version = "7.3.2"
    }
  }
}

# Infisical Provider & Secrets
provider "infisical" {
  host = var.infisical_api_url
  auth = {
    universal = {
      client_id     = var.infisical_client_id
      client_secret = var.infisical_client_secret
    }
  }
}

ephemeral "infisical_secret" "rancher2_access_key" {
  name         = "RANCHER2_ACCESS_KEY"
  env_slug     = var.infisical_environment
  workspace_id = var.infisical_project_id
  folder_path  = "/"
}

ephemeral "infisical_secret" "rancher2_secret_key" {
  name         = "RANCHER2_SECRET_KEY"
  env_slug     = var.infisical_environment
  workspace_id = var.infisical_project_id
  folder_path  = "/"
}

# Rancher Provider
provider "rancher2" {
  api_url    = var.rancher2_api_url
  access_key = ephemeral.infisical_secret.rancher2_access_key.value
  secret_key = ephemeral.infisical_secret.rancher2_secret_key.value
  insecure   = var.rancher2_insecure
}