variable "environment" {
  description = "Deployment environment"
  type        = string
}

variable "vpc_id" {
  description = "VPC ID"
  type        = string
}

variable "subnet_ids" {
  description = "Private subnet IDs"
  type        = list(string)
}

variable "security_group_id" {
  description = "ElastiCache security group ID"
  type        = string
}

variable "node_type" {
  description = "Cache node type"
  type        = string
}

variable "num_nodes" {
  description = "Number of cache nodes"
  type        = number
}

variable "project_name" {
  description = "Project name"
  type        = string
}

resource "aws_elasticache_subnet_group" "main" {
  name       = "${var.project_name}-${var.environment}-redis-subnet"
  subnet_ids = var.subnet_ids

  tags = {
    Name = "${var.project_name}-${var.environment}-redis-subnet"
  }
}

resource "random_password" "redis_auth" {
  length  = 32
  special = false

  keepers = {
    environment = var.environment
  }
}

resource "aws_elasticache_replication_group" "main" {
  replication_group_id = "${var.project_name}-${var.environment}-redis"
  description          = "${var.project_name} Redis cluster (${var.environment})"

  node_type      = var.node_type
  num_cache_clusters = var.num_nodes
  engine         = "redis"
  engine_version = "7.0"

  auth_token = random_password.redis_auth.result

  transit_encryption_enabled = true
  at_rest_encryption_enabled = true

  port = 6379

  subnet_group_name   = aws_elasticache_subnet_group.main.name
  security_group_ids  = [var.security_group_id]

  automatic_failover_enabled = var.environment == "production"

  snapshot_retention_limit = var.environment == "production" ? 7 : 1
  snapshot_window          = "03:00-04:00"

  tags = {
    Name = "${var.project_name}-${var.environment}-redis"
  }
}

output "cache_endpoint" {
  description = "ElastiCache primary endpoint"
  value       = aws_elasticache_replication_group.main.primary_endpoint_address
}

output "reader_endpoint" {
  description = "ElastiCache reader endpoint"
  value       = aws_elasticache_replication_group.main.reader_endpoint_address
}

output "auth_token" {
  description = "Redis auth token"
  value       = random_password.redis_auth.result
  sensitive   = true
}

output "replication_group_arn" {
  description = "ElastiCache replication group ARN"
  value       = aws_elasticache_replication_group.main.arn
}