resource "kubectl_manifest" "Secret_openproject-postgresql" {
  yaml_body  = <<-EOF
    apiVersion: v1
    kind: Secret
    metadata:
      name: openproject-postgresql
      namespace: ${var.namespace}
      labels: ${jsonencode(local.common-labels)}
      ownerReferences: ${jsonencode(var.install_owner)}
    type: Opaque
    data:
      postgres-password: VDQxbmpqeEVnYg==
      password: cEhqbUkyQjVYVw==
EOF
}

resource "kubectl_manifest" "Secret_openproject-core" {
  yaml_body  = <<-EOF
    apiVersion: v1
    kind: Secret
    metadata:
      name: openproject-core
      labels: ${jsonencode(local.common-labels)}
      namespace: ${var.namespace}
      ownerReferences: ${jsonencode(var.install_owner)}
    stringData:
      DATABASE_HOST: openproject-postgresql.vynil-ci.svc.cluster.local
      DATABASE_PORT: '5432'
      DATABASE_URL: postgresql://openproject@openproject-postgresql:5432/openproject
      OPENPROJECT_SEED_ADMIN_USER_PASSWORD: admin
      OPENPROJECT_SEED_ADMIN_USER_PASSWORD_RESET: 'true'
      OPENPROJECT_SEED_ADMIN_USER_NAME: OpenProject Admin
      OPENPROJECT_SEED_ADMIN_USER_MAIL: admin@example.net
      OPENPROJECT_HTTPS: 'true'
      OPENPROJECT_SEED_LOCALE: en
      OPENPROJECT_HOST__NAME: openproject.example.com
      OPENPROJECT_HSTS: 'true'
      OPENPROJECT_RAILS__CACHE__STORE: memcache
      OPENPROJECT_RAILS__RELATIVE__URL__ROOT: ''
      POSTGRES_STATEMENT_TIMEOUT: 120s
EOF
}

resource "kubectl_manifest" "Secret_openproject-oidc" {
  yaml_body  = <<-EOF
    apiVersion: v1
    kind: Secret
    metadata:
      name: openproject-oidc
      labels: ${jsonencode(local.common-labels)}
      namespace: ${var.namespace}
      ownerReferences: ${jsonencode(var.install_owner)}
    stringData:
      OPENPROJECT_OPENID__CONNECT_KEYCLOAK_DISPLAY__NAME: Keycloak
      OPENPROJECT_OPENID__CONNECT_KEYCLOAK_HOST: oidc.host
      OPENPROJECT_OPENID__CONNECT_KEYCLOAK_IDENTIFIER: oidc.identifier
      OPENPROJECT_OPENID__CONNECT_KEYCLOAK_SECRET: oidc.secret
      OPENPROJECT_OPENID__CONNECT_KEYCLOAK_AUTHORIZATION__ENDPOINT: oidc.authorizationEndpoint
      OPENPROJECT_OPENID__CONNECT_KEYCLOAK_TOKEN__ENDPOINT: oidc.tokenEndpoint
      OPENPROJECT_OPENID__CONNECT_KEYCLOAK_USERINFO__ENDPOINT: oidc.userinfoEndpoint
      OPENPROJECT_OPENID__CONNECT_KEYCLOAK_END__SESSION__ENDPOINT: oidc.endSessionEndpoint
      OPENPROJECT_OPENID__CONNECT_KEYCLOAK_SCOPE: '[openid email profile]'
EOF
}

resource "kubectl_manifest" "Secret_openproject-memcached" {
  yaml_body  = <<-EOF
    apiVersion: v1
    kind: Secret
    metadata:
      name: openproject-memcached
      labels: ${jsonencode(local.common-labels)}
      namespace: ${var.namespace}
      ownerReferences: ${jsonencode(var.install_owner)}
    stringData:
      OPENPROJECT_CACHE__MEMCACHE__SERVER: openproject-memcached:11211
EOF
}