{{- if and
  .Values.commons.auth.enabled (eq .Values.commons.auth.type "authentik")
  .Values.grafana.ingress.enabled
}}
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
  name: authentik-application-grafana
spec:
  chart:
    spec:
      sourceRef:
        kind: GitRepository
        name: "wrenix-helm-charts"
        namespace: "flux-system"
      chart: "./authentik-application"
      reconcileStrategy: "Revision"
  releaseName: authentik-application-infra-grafana
  targetNamespace: {{ .Values.commons.auth.namespace }}
  install:
    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
  test:
    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
  upgrade:
    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
  driftDetection:
    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
  interval: 10m
  values:
    {{- $url := default (printf "grafana.%s" .Values.commons.ingress.domain) .Values.grafana.ingress.host }}
    blueprint:
      authentik:
        domain: "https://{{ .Values.commons.auth.authentik.domain }}"
      provider:
        type: "oidc"
        name: "Grafana"
        oidc:
          clientType: "confidential"
          redirectURL: "https://{{ $url }}/login/generic_oauth"
          clientID: {{ .Values.grafana.auth.authentik.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "grafana" "clientID") | quote }}
          clientSecret: {{ .Values.grafana.auth.authentik.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "grafana" "clientSecret") | quote }}
          signingKey: "authentik Self-signed Certificate"
          scopes:
            - name: "authentik default OAuth Mapping: OpenID 'openid'"
            - name: "authentik default OAuth Mapping: OpenID 'email'"
            - name: "authentik default OAuth Mapping: OpenID 'profile'"

      groups:
        - slug: "app: infra"
          bindID: "8c750219-36cd-47f4-8942-134f3dada96e"

        - slug: "app: grafana - admin"
          bindID: "d2bebd53-24b8-48d8-a479-d253971dc453"
          parent: "app: infra"

        - slug: "app: grafana - editor"
          bind: "cff2982b-4b47-4e27-8d47-e6fec3e7cfac"
          parent: "app: infra"

      application:
        group: "Infrastructure"
        policyEngineMode: "any"
        openInNewTab: true
        publisher: "WrenIX's Infra"
        slug: "infra-grafana"
        name: "Grafana"
        launchURL: "https://{{ $url }}"
        icon: "https://{{ $url }}/public/img/grafana_icon.svg"
        description: "Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources."
{{- end }}