{{/*
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-License-Identifier: Apache-2.0
*/}}
---
global:
  domain: {{ .Values.global.domain | quote }}
  hosts:
    {{ .Values.global.hosts | toYaml | nindent 4 }}
  registry: {{ .Values.global.imageRegistry | quote }}
  imagePullSecrets:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}

image:
  registry: {{ .Values.global.imageRegistry | default .Values.images.umsKeycloakBootstrap.registry | quote }}
  repository: {{ .Values.images.umsKeycloakBootstrap.repository | quote }}
  tag: {{ .Values.images.umsKeycloakBootstrap.tag | quote }}
  imagePullPolicy: {{ .Values.global.imagePullPolicy }}

cleanup:
  deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
  keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}

config:
  keycloak:
    adminUser: "kcadmin"
    adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
    realm: {{ .Values.platform.realm | quote }}
    intraCluster:
      enabled: true
      internalBaseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
    loginLinks:
      - link_number: 1
        language: "de"
        description: "Passwort vergessen?"
        href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten"
      - link_number: 1
        language: "en"
        description: "Forgot password?"
        href: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/#/selfservice/passwordforgotten"
  ums:
    ldap:
      internalHostname: {{ .Values.ldap.host | quote }}
      baseDN: {{ .Values.ldap.baseDn | quote }}
      readUserDN: "uid=ldapsearch_keycloak,cn=users,dc=swp-ldap,dc=internal"
      readUserPassword: {{ .Values.secrets.univentionManagementStack.ldapSearch.keycloak | quote }}
      mappers:
        - ldapAndUserModelAttributeName: "opendeskProjectmanagementAdmin"
        - ldapAndUserModelAttributeName: "oxContextIDNum"
    saml:
      serviceProviderHostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
  twoFactorAuthentication:
    enabled: true
    group: "2fa-users"

containerSecurityContext:
  enabled: true
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - "ALL"
  readOnlyRootFilesystem: false
  privileged: false
  runAsGroup: 1000
  runAsNonRoot: true
  runAsUser: 1000
  seccompProfile:
    type: "RuntimeDefault"
  seLinuxOptions: {{ .Values.seLinuxOptions.umsKeycloakBootstrap }}

podAnnotations:
  intents.otterize.com/service-name: "ums-keycloak-bootstrap"

podSecurityContext:
  enabled: true
  fsGroup: 1000
  fsGroupChangePolicy: "Always"

resources:
  {{ .Values.resources.umsKeycloakBootstrap | toYaml | nindent 2 }}

...