---

iam_id: "{{ service_name }}-iam"

iam_cache_timeout: 600s

iam_keycloak_auth_server_url: "https://{{ shared_service_keycloak_hostname }}/auth"
iam_keycloak_admin_user: "{{ keycloak_admin_username }}"
iam_keycloak_admin_password: "{{ keycloak_admin_password }}"

iam_labels: [
  '"traefik.enable=true"',
  '"traefik.http.routers.{{ iam_id }}.service={{ iam_id }}"',
  '"traefik.http.routers.{{ iam_id }}.rule=Host(`{{ stage_server_url_host }}`)"',
  '"traefik.http.routers.{{ iam_id }}.entrypoints=websecure"',
  '"traefik.http.routers.{{ iam_id }}.tls=true"',
  '"traefik.http.routers.{{ iam_id }}.tls.certresolver=letsencrypt"',
  '"traefik.http.services.{{ iam_id }}.loadbalancer.server.port={{ service_port }}"',

  '"traefik.http.routers.{{ iam_id }}-admin.service={{ iam_id }}-admin"',
  '"traefik.http.routers.{{ iam_id }}-admin.rule=Host(`{{ stage_server_url_host }}`)"',
  '"traefik.http.routers.{{ iam_id }}-admin.entrypoints=admin-service"',
  '"traefik.http.routers.{{ iam_id }}-admin.tls=true"',
  '"traefik.http.routers.{{ iam_id }}-admin.tls.certresolver=letsencrypt"',
  '"traefik.http.routers.{{ iam_id }}-admin.middlewares={{ iam_id }}-admin-cors"',
  '"traefik.http.middlewares.{{ iam_id }}-admin-cors.headers.accesscontrolallowmethods=GET,OPTIONS"',
  '"traefik.http.middlewares.{{ iam_id }}-admin-cors.headers.accesscontrolalloworigin=*"',
  '"traefik.http.middlewares.{{ iam_id }}-admin-cors.headers.accesscontrolallowheaders=SMA_USER"',
  '"traefik.http.services.{{ iam_id }}-admin.loadbalancer.server.port={{ management_port }}"',

  '"traefik.http.routers.{{ iam_id }}-monitor.service={{ service_name }}-node-exporter"',
  '"traefik.http.routers.{{ iam_id }}-monitor.rule=Host(`{{ stage_server_url_host }}`)"',
  '"traefik.http.routers.{{ iam_id }}-monitor.entrypoints=monitoring-system"',
  '"traefik.http.routers.{{ iam_id }}-monitor.tls=true"',
  '"traefik.http.routers.{{ iam_id }}-monitor.tls.certresolver=letsencrypt"',
]

iam_docker: {
  networks: [
    {
      name: back-tier,
      external: true,
    },
    {
      name: front-tier,
      external: true,
    },
  ],
  services: [
    {
      name: "{{ iam_id }}",
      image_name: "{{ iam_image_name }}",
      image_version: "{{ iam_version }}",
      labels: "{{ iam_labels + ( iam_labels_additional | default([])) }}",
      restart: "{{ iam_service_restart | default('always') }}",
      environment: [
        "SERVER_PORT: \"{{ service_port }}\"",
        "ADMIN_PORT: \"{{ management_port }}\"",
        "SERVER_ERROR_INCLUDE_MESSAGE: \"always\"",
        "SPRING_CACHE_CAFFEINE_SPEC: \"expireAfterAccess={{ iam_cache_timeout }}\"",
        "IAM_KEYCLOAK_AUTH_SERVER_URL: \"{{ iam_keycloak_auth_server_url }}\"",
        "IAM_KEYCLOAK_ADMIN_USER: \"{{ iam_keycloak_admin_user }}\"",
        "IAM_KEYCLOAK_ADMIN_PASSWORD: \"{{ iam_keycloak_admin_password }}\""
      ],
      networks: [
        '"back-tier"',
        '"front-tier"',
      ],
      extra_hosts: "{{ iam_extra_hosts | default([]) }}",
    }
  ],
}