---
apiVersion: v1
kind: Secret
metadata:
  name: auth-secrets
  namespace: {{ .Release.Namespace }}

type: Opaque
stringData:
  PASSWORD_SECRET: "{{ .Values.api_password_secret }}"

{{- if .Values.minio_local }}
{{- with (first .Values.storages) }}
  MINIO_ROOT_USER: "{{ .access_key }}"
  MINIO_ROOT_PASSWORD: "{{ .secret_key }}"

  MC_HOST: "{{ $.Values.minio_scheme }}://{{ .access_key }}:{{ .secret_key }}@{{ $.Values.minio_host }}"
{{- end }}
{{- end }}

  EMAIL_SMTP_PORT: "{{ .Values.email.smtp_port }}"
  EMAIL_SMTP_HOST: "{{ .Values.email.smtp_host }}"
  EMAIL_SENDER: "{{ .Values.email.sender_email }}"
  EMAIL_PASSWORD: "{{ .Values.email.password }}"

  SUPERUSER_EMAIL: "{{ .Values.superuser.email }}"
  SUPERUSER_PASSWORD: "{{ .Values.superuser.password }}"

{{- range $storage := .Values.storages }}
---
apiVersion: v1
kind: Secret
metadata:
  name: storage-{{ $storage.name }}
  namespace: {{ $.Values.crawler_namespace }}

type: Opaque
stringData:
  STORE_ACCESS_KEY: "{{ $storage.access_key }}"
  STORE_SECRET_KEY: "{{ $storage.secret_key }}"

  {{- if $storage.bucket_name }}
  STORE_ENDPOINT_URL: "{{ $storage.endpoint_url }}{{ $storage.bucket_name }}"
  {{- else }}
  STORE_ENDPOINT_URL: "{{ $storage.endpoint_url }}"
  {{- end }}

  {{- if $storage.access_endpoint_url }}
  STORE_ACCESS_ENDPOINT_URL: "{{ $storage.access_endpoint_url }}"
  {{- else if and $.Values.ingress.host $.Values.minio_local }}
  STORE_ACCESS_ENDPOINT_URL: {{ $.Values.ingress.scheme | default "https" }}://{{ $.Values.ingress.host }}/data/{{ $storage.bucket_name }}/
  {{- else }}
  STORE_ACCESS_ENDPOINT_URL: "{{ $storage.endpoint_url }}"
  {{- end }}

  {{- if $.Values.signer.auth_token }}
  WACZ_SIGN_TOKEN: "{{ $.Values.signer.auth_token }}"
  WACZ_SIGN_URL: "http://auth-signer.default:5053/sign"
  {{- end }}

{{- end }}