module "public_dns_record" {
  source = "../../submodules/dns/public_ALIAS_record"

  name = "github.${var.dns_info["public"]["zone"]}"
  target_dns_name = aws_elb.external.dns_name
  target_zone_id  = aws_elb.external.zone_id
  dns_info = var.dns_info

  providers = {
    aws.mdr-common-services-commercial = aws.mdr-common-services-commercial
  }
}

module "public_dns_record_wildcard" {
  source = "../../submodules/dns/public_ALIAS_record"

  name = "*.github.${var.dns_info["public"]["zone"]}"
  target_dns_name = aws_elb.external.dns_name
  target_zone_id  = aws_elb.external.zone_id
  dns_info = var.dns_info

  providers = {
    aws.mdr-common-services-commercial = aws.mdr-common-services-commercial
  }
}

# If ever this gets converted to an ALB, consider adding the waf module.
resource "aws_elb" "external" {
    name_prefix = "gheext"
    subnets     = var.public_subnets
    security_groups  = [ aws_security_group.ghe_elb_external.id ]

    listener {
        instance_port      = 443
        instance_protocol  = "HTTPS"
        lb_port            = 443
        lb_protocol        = "HTTPS"
        ssl_certificate_id = aws_acm_certificate.cert_public.arn
    }

    listener {
        instance_port      = 80
        instance_protocol  = "HTTP"
        lb_port            = 80
        lb_protocol        = "HTTP"
    }

    listener {
        instance_port     = 23
        instance_protocol = "TCP"
        lb_port           = 22
        lb_protocol       = "TCP"
    }

    health_check {
        healthy_threshold   = 2
        unhealthy_threshold = 2
        timeout             = 3
        target              = "HTTPS:443/status"
        interval            = 30
    }
}

resource "aws_proxy_protocol_policy" "external_proxy_protocol" {
    load_balancer  = aws_elb.external.name
    instance_ports = [ "23", "444" ]
}

# Create a new load balancer attachment
resource "aws_elb_attachment" "external_attachment" {
    count    = var.instance_count
    elb      = aws_elb.external.id
    instance = aws_instance.ghe[count.index].id
}


#--------------------------------------------------------------
# Internal ELB
#--------------------------------------------------------------
resource "aws_route53_record" "github_internal" {
  zone_id = var.dns_info["private"]["zone_id"]
  name    = "github.${var.dns_info["private"]["zone"]}"
  type    = "CNAME"
  records = [aws_elb.internal.dns_name]
  ttl = "60"
  provider = aws.c2
}

resource "aws_route53_record" "github_internal_wildcard" {
  zone_id = var.dns_info["private"]["zone_id"]
  name    = "*.github.${var.dns_info["private"]["zone"]}"
  type    = "CNAME"
  records = [aws_elb.internal.dns_name]
  ttl = "60"
  provider = aws.c2
}

resource "aws_elb" "internal" {
    name_prefix = "gheint"
    internal    = true
    subnets     = var.private_subnets
    security_groups  = [ aws_security_group.ghe_elb_internal.id ]

    listener {
        instance_port      = 443
        instance_protocol  = "HTTPS"
        lb_port            = 443
        lb_protocol        = "HTTPS"
        ssl_certificate_id = aws_acm_certificate.cert.arn
    }

    listener {
        instance_port      = 8444
        instance_protocol  = "TCP"
        lb_port            = 8443
        lb_protocol        = "TCP"
    }

    listener {
        instance_port     = 23
        instance_protocol = "TCP"
        lb_port           = 22
        lb_protocol       = "TCP"
    }

    health_check {
        healthy_threshold   = 2
        unhealthy_threshold = 2
        timeout             = 3
        target              = "HTTPS:443/status"
        interval            = 30
    }
}

resource "aws_proxy_protocol_policy" "internal_proxy_protocol" {
     load_balancer  = aws_elb.internal.name
     instance_ports = [ "23", "444", "8444"]
}

# Create a new load balancer attachment
resource "aws_elb_attachment" "internal_attachment" {
    count    = var.instance_count
    elb      = aws_elb.internal.id
    instance = aws_instance.ghe[count.index].id
}