AWSTemplateFormatVersion: "2010-09-09"

# MIT License
#
# Copyright (c) 2021 Qumulo, Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal 
# in the Software without restriction, including without limitation the rights 
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
# copies of the Software, and to permit persons to whom the Software is 
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all 
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 
# SOFTWARE.

Description: This template stores Secrets for subsequent use in nested stacks (qs-1s6n2i69p)
Metadata:
  cfn-lint:
    config:
      ignore_checks:
        - W1020
        - W9001
        - W9002
        - W9003
        - W9004
        - W9006
        
Parameters:
  SideCarUsername:
    Type: String
  SideCarPassword:
    Type: String
    NoEcho: "True"
  ClusterAdminPwd:
    Type: String
    NoEcho: "True"

Resources:
  SideCarSecrets:
    Type: "AWS::SecretsManager::Secret"
    Properties:
      Name: !Join 
        - ""
        - - "qumulo/"
          - !Ref "AWS::StackName"
          - "-SideCarSecrets"
      Description: "Sidecar Lambda function user name and password for Qumulo cluster access"
      SecretString: !Sub '{ "username" : "${SideCarUsername}", "password" : "${SideCarPassword}" }'
  
  ClusterSecrets:
    Type: "AWS::SecretsManager::Secret"
    Properties:
      Name: !Join 
        - ""
        - - "qumulo/"        
          - !Ref "AWS::StackName"
          - "-ClusterSecrets"
      Description: "Qumulo user name and password for cluster administrative access"
      SecretString: !Sub '{ "username" : "admin", "password" : "${ClusterAdminPwd}" }'

  SoftwareSecrets:
    Type: "AWS::SecretsManager::Secret"
    Properties:
      Name: !Join 
        - ""
        - - "qumulo/"        
          - !Ref "AWS::StackName"
          - "-SoftwareSecrets"
      Description: "Qumulo password for software download access"
      SecretString: !Sub '{ "username" : "null", "password" : "717565747a616c636f61746c0a" }'

Outputs:
  SideCarSecretsArn:
    Value: !Ref SideCarSecrets
  ClusterSecretsArn:
    Value: !Ref ClusterSecrets
  SoftwareSecretsArn:
    Value: !Ref SoftwareSecrets
  StackName: 
    Value: !Ref AWS::StackName