{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}

apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ printf "%s-env-vars" (include "common.names.fullname" .) }}
  namespace: {{ include "common.names.namespace" . | quote }}
  labels: {{- include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" .) | nindent 4 }}
    app.kubernetes.io/component: keycloak
    app.kubernetes.io/part-of: keycloak
  {{- if .Values.commonAnnotations }}
  annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" .) | nindent 4 }}
  {{- end }}
data:
  BITNAMI_DEBUG: {{ ternary "true" "false" .Values.image.debug | quote }}
  KEYCLOAK_PRODUCTION: {{ ternary "true" "false" .Values.production | quote }}
  KC_LOG_LEVEL: {{ .Values.logging.level | quote }}
  KC_LOG_CONSOLE_OUTPUT: {{ .Values.logging.output | quote }}
  KC_BOOTSTRAP_ADMIN_USERNAME: {{ .Values.auth.adminUser | quote }}
  {{- if .Values.usePasswordFiles }}
  KC_BOOTSTRAP_ADMIN_PASSWORD_FILE: {{ printf "/opt/bitnami/keycloak/secrets/%s" (include "keycloak.secretKey" .) }}
  {{- end }}
  KC_HTTP_PORT: {{ .Values.containerPorts.http | quote }}
  KC_HTTP_MANAGEMENT_PORT: {{ .Values.containerPorts.management | quote }}
  KC_HTTP_ENABLED: {{ ternary "true" "false" (or .Values.httpEnabled (not .Values.tls.enabled)) | quote }}
  {{- if .Values.proxyHeaders }}
  KC_PROXY_HEADERS: {{ .Values.proxyHeaders | quote }}
  {{- end }}
  {{- if .Values.ingress.enabled }}
  KC_HOSTNAME_STRICT: {{ ternary "true" "false" .Values.hostnameStrict | quote }}
{{- if .Values.ingress.hostname }}
  {{- $path := tpl .Values.ingress.path . }}
  {{- if and (eq .Values.ingress.controller "gce") (hasSuffix "*" $path) }}
    {{- $path = trimSuffix "*" $path }}
  {{- end }}
  KC_HOSTNAME: {{ printf "%s://%s%s" (ternary "https" "http" (or .Values.ingress.tls (not (empty .Values.proxyHeaders)))) (tpl .Values.ingress.hostname .) $path | quote }}
  {{- end }}
{{- end }}
  KC_METRICS_ENABLED: {{ ternary "true" "false" .Values.metrics.enabled | quote }}
  KC_DB_URL: {{ printf "jdbc:postgresql://%s:%d/%s?currentSchema=%s%s" (include "keycloak.database.host" .) (include "keycloak.database.port" . | int) (include "keycloak.database.name" .) (include "keycloak.database.schema" .) (include "keycloak.database.extraParams" .) | quote }}
  KC_DB_SCHEMA: {{ include "keycloak.database.schema" . | quote }}
{{- if .Values.usePasswordFiles }}
  KC_DB_PASSWORD_FILE: {{ printf "/opt/bitnami/keycloak/secrets/db-%s" (include "keycloak.database.secretPasswordKey" .) }}
  {{- if .Values.externalDatabase.existingSecretUserKey }}
  KC_DB_USERNAME_FILE: {{ printf "/opt/bitnami/keycloak/secrets/db-%s" (include "keycloak.database.secretUserKey" .) }}
  {{- end }}
{{- end }}
  {{- if not (and .Values.externalDatabase.existingSecret .Values.externalDatabase.existingSecretUserKey) }}
  KC_DB_USERNAME: {{ include "keycloak.database.user" . | quote }}
  {{- end }}
{{- if .Values.tls.enabled }}
  KEYCLOAK_ENABLE_HTTPS: "true"
  KC_HTTPS_PORT: {{ .Values.containerPorts.https | quote }}
  {{- if or .Values.tls.usePemCerts .Values.tls.autoGenerated.enabled }}
  KEYCLOAK_HTTPS_USE_PEM: "true"
  KC_HTTPS_CERTIFICATE_FILE: {{ printf "/opt/bitnami/keycloak/certs/%s" (ternary "tls.crt" .Values.tls.certFilename .Values.tls.autoGenerated.enabled) | quote }}
  KC_HTTPS_CERTIFICATE_KEY_FILE: {{ printf "/opt/bitnami/keycloak/certs/%s" (ternary "tls.key" .Values.tls.certKeyFilename .Values.tls.autoGenerated.enabled) | quote }}
  {{- else }}
  KC_HTTPS_KEY_STORE_FILE: {{ printf "/opt/bitnami/keycloak/certs/%s" .Values.tls.keystoreFilename | quote }}
  KC_HTTPS_TRUST_STORE_FILE: {{ printf "/opt/bitnami/keycloak/certs/%s" .Values.tls.truststoreFilename | quote }}
  {{- end }}
{{- end }}
  {{- if .Values.trustedCertsExistingSecret }}
  KC_TRUSTSTORE_PATHS: "/opt/bitnami/keycloak/truststore"
  {{- end }}
  KC_CACHE: {{ ternary "ispn" "local" .Values.cache.enabled | quote }}
{{- if .Values.cache.enabled }}
  {{- if .Values.cache.stack }}
  KC_CACHE_STACK: {{ .Values.cache.stack | quote }}
  {{- end }}
  {{- if .Values.cache.configFile }}
  KC_CACHE_CONFIG_FILE: {{ .Values.cache.configFile | quote }}
  {{- end }}
  JAVA_OPTS_APPEND: {{ printf "-Djgroups.dns.query=%s.%s.svc.%s" (ternary (include "keycloak.headless.ispn.serviceName" .) (include "keycloak.headless.serviceName" .) .Values.cache.useHeadlessServiceWithAppVersion) (include "common.names.namespace" .) .Values.clusterDomain | quote }}
{{- end }}
  KC_HTTP_RELATIVE_PATH: {{ .Values.httpRelativePath | quote }}
  {{- if .Values.adminRealm }}
  KC_SPI_ADMIN_REALM: {{ .Values.adminRealm | quote }}
  {{- end }}
  {{- if .Values.extraStartupArgs }}
  KEYCLOAK_EXTRA_ARGS: {{ .Values.extraStartupArgs | quote }}
  {{- end }}