local kube = import "../../../kube/kube.libsonnet";

{
    local app = self,
    local cfg = app.cfg,
    cfg:: {
        image: error "cfg.image must be set",

        # webDomain is the domain name at which matrix instance/cas proxy is served
        webDomain: error "cfg.webDomain must be set",

        oauth2: error "cfg.oauth2 must be set",
    },

    ns:: error "ns needs to be a kube.Namespace object",

    deployment: app.ns.Contain(kube.Deployment("oauth2-cas-proxy")) {
        spec+: {
            replicas: 1,
            template+: {
                spec+: {
                    containers_: {
                        proxy: kube.Container("oauth2-cas-proxy") {
                            image: cfg.image,
                            ports_: {
                                http: { containerPort: 5000 },
                            },
                            env_: {
                                BASE_URL: "https://%s" % [cfg.webDomain],
                                SERVICE_URL: "https://%s" % [cfg.webDomain],
                                OAUTH2_CLIENT: cfg.oauth2.clientID,
                                OAUTH2_SECRET: cfg.oauth2.clientSecret,
                                OAUTH2_SCOPE: cfg.oauth2.scope,
                                OAUTH2_AUTHORIZE: cfg.oauth2.authorizeURL,
                                OAUTH2_TOKEN: cfg.oauth2.tokenURL,
                                OAUTH2_USERINFO: cfg.oauth2.userinfoURL,
                            },
                        },
                    },
                },
            },
        },
    },

    svc: app.ns.Contain(kube.Service("oauth2-cas-proxy")) {
        target_pod:: app.deployment.spec.template,
    },
}