# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
additionalAnnotations:
  intents.otterize.com/service-name: "ums-stack-data-ums"

image:
  registry: {{ .Values.global.imageRegistry | default .Values.images.umsDataLoader.registry | quote }}
  repository: {{ .Values.images.umsDataLoader.repository | quote }}
  pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
  tag: {{ .Values.images.umsDataLoader.tag | quote }}
  pullSecrets:
    {{- range .Values.global.imagePullSecrets }}
    - name: {{ . | quote }}
    {{- end }}

resources:
  {{ .Values.resources.umsStackDataUms | toYaml | nindent 2 }}

securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - "ALL"
  privileged: false
  seccompProfile:
    type: "RuntimeDefault"
  readOnlyRootFilesystem: false
  runAsUser: 0
  runAsGroup: 0
  runAsNonRoot: false
  seLinuxOptions: {{ .Values.seLinuxOptions.umsDataLoader }}

stackDataContext:
  idpSamlMetadataUrlInternal: null
  umcSamlSchemes: "https"
  # The openDesk configuration brings its own UMC policies.
  installUmcPolicies: false
  domainname: {{ .Values.global.domain | quote }}
  externalMailDomain: {{ .Values.global.domain | quote }}
  hostname: {{ .Values.global.hosts.univentionManagementStack | quote }}
  ldapHost: {{ .Values.ldap.host | quote }}
  ldapBase: {{ .Values.ldap.baseDn | quote }}
  ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
  idpSamlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }}
  umcSamlSpFqdn: {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
  idpFqdn: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }}
  ldapSamlSpUrls: {{ printf "https://%s.%s%s" .Values.global.hosts.univentionManagementStack .Values.global.domain "/univention/saml/metadata" | quote }}
  initialPasswordAdministrator: {{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword | quote }}

stackDataUms:
  loadDevData: true
  udmApiPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
  udmApiUrl: "http://ums-udm-rest-api/udm/"
  udmApiUser: "cn=admin"

...