################################################################################
# Module: redis
# Variables — AWS ElastiCache Redis 7
################################################################################

variable "environment" {
  description = "Deployment environment label (e.g. production, staging)."
  type        = string
}

variable "project" {
  description = "Project identifier used in resource names and tags."
  type        = string
  default     = "sentryagent-agentidp"
}

variable "vpc_id" {
  description = "VPC ID in which to create the ElastiCache subnet group and security group."
  type        = string
}

variable "subnet_ids" {
  description = "List of private subnet IDs for the ElastiCache subnet group. Span at least 2 AZs."
  type        = list(string)
}

variable "allowed_security_group_ids" {
  description = "List of security group IDs (e.g. ECS app SG) permitted to connect to Redis on port 6379."
  type        = list(string)
  default     = []
}

variable "node_type" {
  description = "ElastiCache node instance type."
  type        = string
  default     = "cache.t3.medium"
}

variable "engine_version" {
  description = "Redis engine version. Use 7.x for Redis 7."
  type        = string
  default     = "7.1"
}

variable "num_cache_clusters" {
  description = "Total number of cache clusters in the replication group (1 primary + N replicas). Minimum 2 for HA."
  type        = number
  default     = 2
}

variable "automatic_failover_enabled" {
  description = "Enable automatic failover. Required when num_cache_clusters > 1."
  type        = bool
  default     = true
}

variable "multi_az_enabled" {
  description = "Enable Multi-AZ for the replication group."
  type        = bool
  default     = true
}

variable "at_rest_encryption_enabled" {
  description = "Encrypt data at rest."
  type        = bool
  default     = true
}

variable "transit_encryption_enabled" {
  description = "Enable TLS for data in transit."
  type        = bool
  default     = true
}

variable "auth_token" {
  description = "AUTH token (password) for Redis AUTH command. Required when transit_encryption_enabled = true. Minimum 16 characters."
  type        = string
  sensitive   = true
  default     = ""
}

variable "maintenance_window" {
  description = "Preferred weekly maintenance window (ddd:hh24:mi-ddd:hh24:mi in UTC)."
  type        = string
  default     = "sun:06:00-sun:07:00"
}

variable "snapshot_retention_limit" {
  description = "Number of days to retain automatic Redis snapshots. 0 disables snapshots."
  type        = number
  default     = 7
}

variable "snapshot_window" {
  description = "Daily time range for automatic snapshots (hh24:mi-hh24:mi in UTC). Must not overlap maintenance_window."
  type        = string
  default     = "04:00-05:00"
}

variable "apply_immediately" {
  description = "Apply changes immediately. Set to false to wait for the next maintenance window in production."
  type        = bool
  default     = false
}

variable "log_delivery_enabled" {
  description = "Enable delivery of Redis slow logs and engine logs to CloudWatch."
  type        = bool
  default     = true
}

variable "log_group_name" {
  description = "CloudWatch log group name for Redis logs. Created if it does not exist."
  type        = string
  default     = "/elasticache/sentryagent-agentidp/redis"
}