{{- $clientID := include "authentik-application.staticValue" (dict "root" $ "name" "clientID" "default" (randAlphaNum 32) "overwrite" .Values.blueprint.provider.oidc.clientID) }}
{{- $clientSecret := include "authentik-application.staticValue" (dict "root" $ "name" "clientSecret" "default" (randAlphaNum 32) "overwrite" .Values.blueprint.provider.oidc.clientSecret) }}
{{- $bindPolicyID := include "authentik-application.staticValue" (dict "root" $ "name" "bindPolicyID" "default" (uuidv4) "overwrite" .Values.blueprint.application.bindPolicyID) }}
---
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "authentik-application.fullname" . }}
  labels:
    {{- include "authentik-application.labels" . | nindent 4 }}
    {{- with .Values.secret.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
stringData:
  bindPolicyID: {{ $bindPolicyID | quote }}

  {{- if .Values.blueprint.provider.enabled }}
  issuerURL: {{ print .Values.blueprint.authentik.domain "/application/o/" .Values.blueprint.application.slug "/" }}

  {{- with .Values.blueprint.provider.oidc }}
  clientID: {{ $clientID | quote }}
  clientSecret: {{ $clientSecret | quote }}

  redirectURL: {{ .redirectURL }}

  {{- with .tokenDuration }}
  tokenDuration: {{ . | quote }}
  {{- end }} 

  {{- with .scopes }}
  customScopes: {{ . | join "," | quote }}
  {{- end }} 

  {{- with .claimUsername }}
  claimUsername: {{ . | quote }}
  {{- end }} 

  {{- with .claimGroups }}
  claimGroups: {{ . | quote }}
  {{- end }}
  {{- end }}{{/* end with oidc */}}
  {{- end }}{{/* end if provider */}}
---
apiVersion: v1
kind: Secret
metadata:
  name: {{ include "authentik-application.fullname" . }}-blueprint
  labels:
    {{- include "authentik-application.labels" . | nindent 4 }}
    {{- with .Values.blueprint.labels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
stringData:
  blueprint.yaml: |-
    version: 1
    metadata:
      name: {{ include "authentik-application.fullname" . }}
    entries:
      {{- $tplValues := (dict "root" $ "Template" .Template "bindPolicyID" $bindPolicyID "clientID" $clientID "clientSecret" $clientSecret) }}
      {{- if .Values.blueprint.provider.enabled }}
      {{- tpl (.Files.Get (printf "files/provider/%s.yaml.gotmpl" .Values.blueprint.provider.type)) $tplValues | nindent 6 }}
      {{- end }}

      {{- tpl (.Files.Get "files/application.yaml.gotmpl") $tplValues | nindent 6 }}
      {{- tpl (.Files.Get "files/groups.yaml.gotmpl") $tplValues | nindent 6 }}