# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
guardianManagementApi:
  home: "/guardian_service_dir"
  isUniventionAppCenter: 0
  guardianManagementCorsAllowedOrigins: "*"
  guardianManagementAdapterSettingsPort: "env"
  guardianManagementAdapterAppPersistencePort: "sql"
  guardianManagementAdapterConditionPersistencePort: "sql"
  guardianManagementAdapterContextPersistencePort: "sql"
  guardianManagementAdapterNamespacePersistencePort: "sql"
  guardianManagementAdapterPermissionPersistencePort: "sql"
  guardianManagementAdapterRolePersistencePort: "sql"
  guardianManagementAdapterCapabilityPersistencePort: "sql"
  guardianManagementAdapterAuthenticationPort: "fast_api_oauth"
  guardianManagementAdapterAuthorizationApiUrl: "http://ums-guardian-authorization-api/guardian/authorization"
  guardianManagementAdapterResourceAuthorizationPort: "always"
  guardianManagementLoggingLevel: "DEBUG"
  guardianManagementLoggingStructured: false
  guardianManagementLoggingFormat: "<green>{time:YYYY-MM-DD HH:mm:ss.SSS ZZ}</green> | <level>{level}</level> | <level>{message}</level> | {extra}"
  guardianManagementBaseUrl: "http://0.0.0.0:8000"
  oauthAdapterM2mSecretFile: "/var/secrets/oauthAdapterM2mSecret"
  oauthAdapterM2mSecret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
  oauthAdapterWellKnownUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080/realms/{{ .Values.platform.realm }}/.well-known/openid-configuration"
  sqlPersistenceAdapterDialect: "postgresql"
  sqlPersistenceAdapterDbName: "postgres"

image:
  registry: {{ .Values.global.imageRegistry | default .Values.images.umsGuardianManagementApi.registry | quote }}
  repository: {{ .Values.images.umsGuardianManagementApi.repository | quote }}
  pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
  tag: {{ .Values.images.umsGuardianManagementApi.tag | quote }}
  pullSecrets:
    {{- range .Values.global.imagePullSecrets }}
    - name: {{ . | quote }}
    {{- end }}

postgresql:
  bundled: false
  connection:
    host: {{ .Values.databases.umsGuardianManagementApi.host | quote }}
    port: {{ .Values.databases.umsGuardianManagementApi.port | quote }}
  auth:
    username: {{ .Values.databases.umsGuardianManagementApi.username | quote }}
    database: {{ .Values.databases.umsGuardianManagementApi.name | quote }}
    password: {{ .Values.databases.umsGuardianManagementApi.password | default .Values.secrets.postgresql.umsGuardianManagementApiUser | quote }}

resources:
  {{ .Values.resources.umsGuardianManagementApi | toYaml | nindent 2 }}

securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - "ALL"
    add:
      - "CHOWN"
      - "DAC_OVERRIDE"
      - "FOWNER"
      - "FSETID"
      - "KILL"
      - "SETGID"
      - "SETUID"
      - "SETPCAP"
      - "NET_BIND_SERVICE"
      - "NET_RAW"
      - "SYS_CHROOT"
  privileged: false
  seccompProfile:
    type: "RuntimeDefault"

...