resource "aws_s3_bucket" "payloads" {
  # checkov:skip=CKV_AWS_18
  # checkov:skip=CKV_AWS_19
  # checkov:skip=CKV_AWS_21
  # checkov:skip=CKV_AWS_144
  # checkov:skip=CKV_AWS_145
  bucket        = local.name
  force_destroy = true
}


locals {
  payloads_bucket_arn  = aws_s3_bucket.payloads.arn
  payloads_bucket_name = aws_s3_bucket.payloads.bucket
}

resource "aws_s3_bucket_versioning" "payloads" {
  bucket = local.payloads_bucket_name
  versioning_configuration {
    status = "Enabled"
  }
}

resource "aws_s3_bucket_acl" "payloads" {
  acl    = "private"
  bucket = local.payloads_bucket_name
}

resource "aws_s3_bucket_public_access_block" "payloads" {
  bucket = aws_s3_bucket.payloads.bucket

  block_public_acls       = true
  block_public_policy     = true
  ignore_public_acls      = true
  restrict_public_buckets = true
}

output "payloads_bucket_arn" {
  description = "ARN of the payloads S3 bucket."
  value       = local.payloads_bucket_arn
}

output "payloads_bucket_name" {
  description = "Name of the payloads S3 bucket."
  value       = local.payloads_bucket_name
}

resource "aws_s3_object" "payload" {
  # checkov:skip=CKV_AWS_186
  bucket = local.payloads_bucket_name
  key    = "payload.zip"
  source = "payload.zip"
  etag   = filemd5("payload.zip")
}

locals {
  payload_object_etag    = aws_s3_object.payload.etag
  payload_object_name    = aws_s3_object.payload.key
  payload_object_version = aws_s3_object.payload.version_id
}

output "payload_object_etag" {
  description = "ETag of the payload S3 object."
  value       = local.payload_object_etag
}

output "payload_object_name" {
  description = "Name of the payload S3 object."
  value       = local.payload_object_name
}

output "payload_object_version" {
  description = "Version of the payload S3 object."
  value       = local.payload_object_version
}