{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}

apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ printf "%s-env-vars" (include "common.names.fullname" .) }}
  namespace: {{ include "common.names.namespace" . | quote }}
  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
    app.kubernetes.io/component: keycloak
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  {{- end }}
data:
  KC_BOOTSTRAP_ADMIN_USERNAME: {{ .Values.auth.adminUser | quote }}
  KEYCLOAK_HTTP_PORT: {{ .Values.containerPorts.http | quote }}
  {{- if and .Values.proxy (empty .Values.proxyHeaders) }}
  KEYCLOAK_PROXY_HEADERS: {{ ternary "" "xforwarded" (eq .Values.proxy "passthrough") | quote }}
  {{- else }}
  KEYCLOAK_PROXY_HEADERS: {{ .Values.proxyHeaders | quote }}
  {{- end }}
  {{- if and .Values.adminIngress.enabled .Values.adminIngress.hostname }}
  KEYCLOAK_HOSTNAME_ADMIN: |-
    {{ ternary "https://" "http://" ( or .Values.adminIngress.tls (eq .Values.proxy "edge") (not (empty .Values.proxyHeaders)) ) -}}    {{- include "common.tplvalues.render" (dict "value" .Values.adminIngress.hostname "context" $) -}}
    {{- if eq .Values.adminIngress.controller "default" }}
      {{- include "common.tplvalues.render" (dict "value" .Values.adminIngress.path "context" $) }}
    {{- else if eq .Values.adminIngress.controller "gce" }}
      {{- $path := .Values.adminIngress.path -}}
      {{- if hasSuffix "*" $path -}}
        {{- $path = trimSuffix "*" $path -}}
      {{- end -}}
      {{- include "common.tplvalues.render" (dict "value" $path "context" $) }}
    {{- end }}
  {{- end }}
  {{- if and .Values.ingress.enabled .Values.ingress.hostname }}
  KEYCLOAK_HOSTNAME: |-
    {{ ternary "https://" "http://" ( or .Values.ingress.tls (eq .Values.proxy "edge") (not (empty .Values.proxyHeaders)) ) -}}    {{- include "common.tplvalues.render" (dict "value" .Values.ingress.hostname "context" $) -}}
    {{- if eq .Values.ingress.controller "default" }}
      {{- include "common.tplvalues.render" (dict "value" .Values.ingress.path "context" $) }}
    {{- else if eq .Values.ingress.controller "gce" }}
      {{- $path := .Values.ingress.path -}}
      {{- if hasSuffix "*" $path -}}
        {{- $path = trimSuffix "*" $path -}}
      {{- end -}}
      {{- include "common.tplvalues.render" (dict "value" $path "context" $) }}
    {{- end }}
  {{- end }}
  {{- if .Values.ingress.enabled }}
  KEYCLOAK_HOSTNAME_STRICT: {{ ternary "true" "false" .Values.ingress.hostnameStrict | quote }}
  {{- end }}
  KEYCLOAK_ENABLE_STATISTICS: {{ ternary "true" "false" .Values.metrics.enabled | quote }}
  {{- if not .Values.externalDatabase.existingSecretHostKey }}
  KEYCLOAK_DATABASE_HOST: {{ include "keycloak.databaseHost" . | quote }}
  {{- end }}
  {{- if not .Values.externalDatabase.existingSecretPortKey }}
  KEYCLOAK_DATABASE_PORT: {{ include "keycloak.databasePort" . }}
  {{- end }}
  {{- if not .Values.externalDatabase.existingSecretDatabaseKey }}
  KEYCLOAK_DATABASE_NAME: {{ include "keycloak.databaseName" . | quote }}
  {{- end }}
  KEYCLOAK_DATABASE_SCHEMA: {{ include "keycloak.databaseSchema" . }}
  {{- if not .Values.externalDatabase.existingSecretUserKey }}
  KEYCLOAK_DATABASE_USER: {{ include "keycloak.databaseUser" . | quote }}
  {{- end }}
  KEYCLOAK_PRODUCTION: {{ ternary "true" "false" .Values.production | quote }}
  KEYCLOAK_ENABLE_HTTPS: {{ ternary "true" "false" .Values.tls.enabled | quote }}
  {{- if .Values.customCaExistingSecret }}
  KC_TRUSTSTORE_PATHS: "/opt/bitnami/keycloak/custom-ca"
  {{- end }}
  {{- if .Values.tls.enabled }}
  KEYCLOAK_HTTPS_PORT: {{ .Values.containerPorts.https | quote }}
  KEYCLOAK_HTTPS_USE_PEM: {{ ternary "true" "false" (or .Values.tls.usePem .Values.tls.autoGenerated) | quote }}
  {{- if or .Values.tls.usePem .Values.tls.autoGenerated }}
  KEYCLOAK_HTTPS_CERTIFICATE_FILE: "/opt/bitnami/keycloak/certs/tls.crt"
  KEYCLOAK_HTTPS_CERTIFICATE_KEY_FILE: "/opt/bitnami/keycloak/certs/tls.key"
  {{- else }}
  KEYCLOAK_HTTPS_KEY_STORE_FILE: {{ printf "/opt/bitnami/keycloak/certs/%s" .Values.tls.keystoreFilename | quote }}
  KEYCLOAK_HTTPS_TRUST_STORE_FILE: {{ printf "/opt/bitnami/keycloak/certs/%s" .Values.tls.truststoreFilename | quote }}
  {{- end }}
  {{- end }}
  {{- if .Values.spi.existingSecret }}
  {{- if .Values.spi.hostnameVerificationPolicy }}
  KEYCLOAK_SPI_TRUSTSTORE_FILE_HOSTNAME_VERIFICATION_POLICY: {{ .Values.spi.hostnameVerificationPolicy | quote }}
  {{- end }}
  KEYCLOAK_SPI_TRUSTSTORE_FILE: {{ printf "/opt/bitnami/keycloak/spi-certs/%s" .Values.spi.truststoreFilename }}
  {{- end }}
  {{- if .Values.cache.enabled }}
  KC_CACHE_TYPE: "ispn"
  {{- if .Values.cache.stack }}
  KC_CACHE_STACK: {{ .Values.cache.stack | quote }}
  {{- end }}
  {{- if .Values.cache.configFile }}
  KC_CACHE_CONFIG_FILE: {{ .Values.cache.configFile | quote }}
  {{- end }}
  {{- if .Values.cache.useHeadlessServiceWithAppVersion }}
  JAVA_OPTS_APPEND: {{ printf "-Djgroups.dns.query=%s-headless-ispn-%s.%s.svc.%s" (include "common.names.fullname" .) (replace "." "-" .Chart.AppVersion) (include "common.names.namespace" .) .Values.clusterDomain | quote }}
  {{- else }}
  JAVA_OPTS_APPEND: {{ printf "-Djgroups.dns.query=%s-headless.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain | quote }}
  {{- end }}
  {{- else }}
  KC_CACHE_TYPE: "local"
  {{- end }}
  {{- if .Values.logging }}
  KEYCLOAK_LOG_OUTPUT: {{ .Values.logging.output | quote }}
  KEYCLOAK_LOG_LEVEL: {{ .Values.logging.level | quote }}
  {{- end }}