locals {
  consumer_package_name = "message-consumer.zip"
  consumer_package_path = "${path.module}/dist/${local.consumer_package_name}"
}

resource "aws_lambda_function" "message_consumer" {
  s3_bucket         = aws_s3_bucket_object.consumer_s3_source.bucket
  s3_key            = aws_s3_bucket_object.consumer_s3_source.id
  s3_object_version = aws_s3_bucket_object.consumer_s3_source.version_id
  function_name     = "apm-message-consumer"
  role              = aws_iam_role.consumer.arn
  handler           = "src/simple.handler"
  runtime           = "nodejs16.x"
  source_code_hash  = filesha256(local.consumer_package_path)
  timeout           = 30
  environment {
    variables = {
      NODE_OPTIONS      = "--require src/lambda-wrapper"
      SQS_URL           = aws_sqs_queue.publisher.url
    }
  }
  vpc_config {
    subnet_ids = local.subnet_ids
    security_group_ids = local.security_group_ids
  }
}

resource "aws_iam_role" "consumer" {
  name               = "apm-message-consumer-role"
  assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_policy" "consumer" {
  name   = "apm-message-consumer-policy"
  policy = data.aws_iam_policy_document.consumer_policy.json
}

resource "aws_iam_role_policy_attachment" "consumer_attach" {
  role       = aws_iam_role.consumer.name
  policy_arn = aws_iam_policy.consumer.arn
}

resource "aws_iam_role_policy_attachment" "consumer_AWSLambdaBasicExecutionRole" {
  role       = aws_iam_role.consumer.name
  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}

resource "aws_iam_role_policy_attachment" "consumer_AWSLambdaVPCAccessExecutionRole" {
  role       = aws_iam_role.consumer.name
  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
}

data "aws_iam_policy_document" "consumer_policy" {
  statement {
    effect = "Allow"
    actions = [
      "sqs:ReceiveMessage",
      "sqs:DeleteMessage",
      "sqs:GetQueueAttributes"
    ]
    resources = [aws_sqs_queue.publisher.arn]
  }
}

resource "aws_s3_bucket_object" "consumer_s3_source" {
  bucket = "${var.deploy_config.environment}-lambdas"
  key    = "${var.deploy_config.project}/${local.consumer_package_name}"
  source = local.consumer_package_path
  etag   = md5(local.consumer_package_path)
}

resource "aws_lambda_event_source_mapping" "consumer_mapping" {
  event_source_arn = aws_sqs_queue.publisher.arn
  enabled          = true
  function_name    = aws_lambda_function.message_consumer.arn
}