#! Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0

#@data/values-schema
---
#@schema/title "Image repo"
#@schema/desc "The repository for the local-user-authenticator container image."
#@schema/validation min_len=1
image_repo: ghcr.io/vmware-tanzu/pinniped/pinniped-server

#@schema/title "Image digest"
#@schema/desc "The image digest for the local-user-authenticator container image. If both image_digest or an image_tag are given, only image_digest will be used."
#@schema/examples ("Providing a digest", "sha256:f3c4fdfd3ef865d4b97a1fd295d94acc3f0c654c46b6f27ffad5cf80216903c8")
#@schema/nullable
#@schema/validation min_len=1, when=lambda _, ctx: ctx.parent["image_tag"] == None
image_digest: ""

#@schema/title "Image tag"
#@schema/desc "The image tag for the local-user-authenticator container image. If both image_digest or an image_tag are given, only image_digest will be used."
#@schema/examples ("Providing a tag", "v0.25.0")
#@schema/validation min_len=1, when=lambda _, ctx: ctx.parent["image_digest"] == None
image_tag: latest

#@schema/title "Image pull dockerconfigjson"
#@ image_pull_dockerconfigjson_desc = "A base64 encoded secret to be used when pulling the `image_repo` container image. \
#@ Can be used when the image_repo is a private registry. Typically, the value would be the output of: \
#@ kubectl create secret docker-registry x --docker-server=https://example.io --docker-username='USERNAME' --docker-password='PASSWORD' --dry-run=client -o json | jq -r '.data[\".dockerconfigjson\"]'"
#@schema/desc image_pull_dockerconfigjson_desc
#@ example_desc = 'base64 encoding of: {"auths":{"https://registry.example.com":{"username":"USERNAME","password":"PASSWORD","auth":"BASE64_ENCODED_USERNAME_COLON_PASSWORD"}}}'
#@ example_value = "eyJhdXRocyI6eyJodHRwczovL2V4YW1wbGUuaW8iOnsidXNlcm5hbWUiOiJVU0VSTkFNRSIsInBhc3N3b3JkIjoiUEFTU1dPUkQiLCJhdXRoIjoiVlZORlVrNUJUVVU2VUVGVFUxZFBVa1E9In19fQ=="
#@schema/examples (example_desc, example_value)
#@schema/nullable
#@schema/validation min_len=1
image_pull_dockerconfigjson: ""

#@schema/title "Run as user"
#@schema/desc "The user ID that will own the process."
#! See the Dockerfile for the reasoning behind this default value.
run_as_user: 65532

#@schema/title "Run as group"
#@schema/desc "The group ID that will own the process."
#! See the Dockerfile for the reasoning behind this default value.
run_as_group: 65532