locals {
  core_labels = {
    "app.kubernetes.io/name" = var.component
    "app.kubernetes.io/instance" = var.instance
  }
  common_labels = merge({
    "vynil.solidite.fr/owner-name" = var.instance
    "vynil.solidite.fr/owner-namespace" = var.namespace
    "vynil.solidite.fr/owner-category" = var.category
    "vynil.solidite.fr/owner-component" = var.component
    "app.kubernetes.io/managed-by" = "vynil"
  },local.core_labels)
  server_labels = merge({
    "app.kubernetes.io/componant" = "server"
  },local.core_labels)
  server_all_labels = merge({
    "app.kubernetes.io/componant" = "server"
  },local.common_labels)
  worker_labels = merge({
    "app.kubernetes.io/componant" = "worker"
  },local.core_labels)
  worker_all_labels = merge({
    "app.kubernetes.io/componant" = "worker"
  },local.common_labels)
  redis_all_labels = merge({
    "app.kubernetes.io/componant" = "redis"
  },local.common_labels)
  metrics_labels = merge({
    "app.kubernetes.io/component" = "server-metrics"
  },local.core_labels)
  metrics_all_labels = merge({
    "app.kubernetes.io/component" = "server-metrics"
  },local.common_labels)
  server_annotations = (var.customisation.configmap_name!="" && (var.customisation.use_icon_left || var.customisation.use_custom_css))?{
    "configmap.reloader.stakater.com/reload" = var.customisation.configmap_name
  }:{}
}


data "kustomization_overlay" "data" {
  namespace = var.namespace
  common_labels = local.common_labels
  resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
  images {
    name = "ghcr.io/goauthentik/server"
    new_name = "${var.images.app.registry}/${var.images.app.repository}"
    new_tag  = "${var.images.app.tag}"
  }
  config_map_generator {
    name = var.component
    behavior = "create"
    literals = [
      "AUTHENTIK_EMAIL__PORT=${var.email.port}",
      "AUTHENTIK_EMAIL__TIMEOUT=${var.email.timeout}",
      "AUTHENTIK_EMAIL__USE_TLS=${var.email.use_tls}",
      "AUTHENTIK_EMAIL__USE_SSL=${var.email.use_ssl}",
      "AUTHENTIK_ERROR_REPORTING__ENABLED=${var.error_reporting.enabled}",
      "AUTHENTIK_ERROR_REPORTING__ENVIRONMENT=${var.error_reporting.environment}",
      "AUTHENTIK_ERROR_REPORTING__SEND_PII=${var.error_reporting.send_pii}",
      "AUTHENTIK_GEOIP=${var.geoip}",
      "AUTHENTIK_LOG_LEVEL=${var.loglevel}",
      "AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=${var.images.app.registry}/${var.images.app.project}/%(type)s:%(version)s",
      "AUTHENTIK_POSTGRESQL__NAME=${var.component}",
      "AUTHENTIK_POSTGRESQL__PORT=5432",
      "AUTHENTIK_POSTGRESQL__USER=${var.component}",
      "AUTHENTIK_REDIS__HOST=${var.name}-${var.component}-redis",
      "AUTHENTIK_BOOTSTRAP_EMAIL=${var.admin.email}@${var.domain_name}",
      "GUNICORN_CMD_ARGS=--timeout=90",
    ]
  }
  patches {
    target {
      kind = "Deployment"
      name = "authentik-server"
    }
    patch = join("", concat([<<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: authentik-server
  annotations: ${jsonencode(local.server_annotations)}
spec:
  template:
    spec:
      containers:
      - name: authentik
        image: "${var.images.app.registry}/${var.images.app.repository}:${var.images.app.tag}"
        imagePullPolicy: "${var.images.app.pull_policy}"
        env:
        - name: AUTHENTIK_POSTGRESQL__PASSWORD
          valueFrom:
            secretKeyRef:
              name: "${var.instance}-${var.component}-pg-app"
              key: password
        envFrom:
        - secretRef:
            name: ${var.component}
        - configMapRef:
            name: ${var.component}
EOF
    ], var.customisation.configmap_name!="" && var.customisation.use_icon_left && var.customisation.use_custom_css?[<<EOF
        volumeMounts:
        - name: custom-css
          mountPath: /web/dist/custom.css
          subPath: custom.css
        - name: custom-left
          mountPath: /web/dist/assets/icons/icon_left_brand.svg
          subPath: icon_left_brand.svg
      volumes:
      - name: custom-css
        configMap:
          name: "${var.customisation.configmap_name}"
          items:
          - key: custom.css
            path: custom.css
      - name: custom-left
        configMap:
          name: "${var.customisation.configmap_name}"
          items:
          - key: icon_left_brand.svg
            path: icon_left_brand.svg
EOF
    ]
    :var.customisation.configmap_name!="" && var.customisation.use_icon_left && !var.customisation.use_custom_css?[<<EOF
        volumeMounts:
        - name: custom-left
          mountPath: /web/dist/assets/icons/icon_left_brand.svg
          subPath: icon_left_brand.svg
      volumes:
      - name: custom-left
        configMap:
          name: "${var.customisation.configmap_name}"
          items:
          - key: icon_left_brand.svg
            path: icon_left_brand.svg
EOF
    ]
    :var.customisation.configmap_name!="" && !var.customisation.use_icon_left && var.customisation.use_custom_css?[<<EOF
        volumeMounts:
        - name: custom-css
          mountPath: /web/dist/custom.css
          subPath: custom.css
      volumes:
      - name: custom-css
        configMap:
          name: "${var.customisation.configmap_name}"
          items:
          - key: custom.css
            path: custom.css
EOF
    ]
    :[""] ))
  }
}