################################################################################
# Module: rds
# Variables — AWS RDS PostgreSQL 14
################################################################################

variable "environment" {
  description = "Deployment environment label (e.g. production, staging)."
  type        = string
}

variable "project" {
  description = "Project identifier used in resource names and tags."
  type        = string
  default     = "sentryagent-agentidp"
}

variable "vpc_id" {
  description = "VPC ID in which to create the RDS subnet group and security group."
  type        = string
}

variable "subnet_ids" {
  description = "List of private subnet IDs for the RDS DB subnet group. Must span at least 2 AZs for Multi-AZ."
  type        = list(string)
}

variable "allowed_security_group_ids" {
  description = "List of security group IDs (e.g. ECS app SG) permitted to connect to RDS on port 5432."
  type        = list(string)
  default     = []
}

variable "db_name" {
  description = "Name of the initial PostgreSQL database to create."
  type        = string
  default     = "sentryagent_idp"
}

variable "db_username" {
  description = "Master username for the RDS instance."
  type        = string
  default     = "sentryagent"
}

variable "db_password" {
  description = "Master password for the RDS instance. Store this in Secrets Manager; do not hardcode."
  type        = string
  sensitive   = true
}

variable "instance_class" {
  description = "RDS instance class."
  type        = string
  default     = "db.t3.medium"
}

variable "allocated_storage" {
  description = "Initial storage allocated in GiB."
  type        = number
  default     = 50
}

variable "max_allocated_storage" {
  description = "Upper bound for RDS storage autoscaling in GiB. Set to 0 to disable autoscaling."
  type        = number
  default     = 500
}

variable "multi_az" {
  description = "Enable Multi-AZ deployment for high availability."
  type        = bool
  default     = true
}

variable "backup_retention_days" {
  description = "Number of days to retain automated backups. Must be >= 1 for Multi-AZ."
  type        = number
  default     = 7
}

variable "backup_window" {
  description = "Preferred daily backup window in UTC (hh24:mi-hh24:mi)."
  type        = string
  default     = "03:00-04:00"
}

variable "maintenance_window" {
  description = "Preferred weekly maintenance window (ddd:hh24:mi-ddd:hh24:mi in UTC)."
  type        = string
  default     = "sun:05:00-sun:06:00"
}

variable "deletion_protection" {
  description = "Enable deletion protection. Set to false only when decommissioning."
  type        = bool
  default     = true
}

variable "skip_final_snapshot" {
  description = "Whether to skip the final DB snapshot on destroy. Should be false in production."
  type        = bool
  default     = false
}

variable "performance_insights_enabled" {
  description = "Enable RDS Performance Insights."
  type        = bool
  default     = true
}

variable "performance_insights_retention_period" {
  description = "Performance Insights data retention in days. Free tier = 7; paid tiers = 731."
  type        = number
  default     = 7
}

variable "monitoring_interval" {
  description = "Enhanced monitoring interval in seconds (0 to disable, valid: 1, 5, 10, 15, 30, 60)."
  type        = number
  default     = 60
}

variable "monitoring_role_arn" {
  description = "IAM role ARN for RDS Enhanced Monitoring. Required when monitoring_interval > 0."
  type        = string
  default     = ""
}

variable "parameter_group_family" {
  description = "DB parameter group family."
  type        = string
  default     = "postgres14"
}