v2alpha2

type DecisionLog struct {
	RequestContext RequestContext `json:"request_context"`
}

type DecisionsExporterConfig struct {
	Interval string       `json:"interval"`
	Kafka    *KafkaConfig `json:"kafka,omitempty"`
}

type GitCredential struct {
	// User is a http basic auth username used for git.
	User string `json:"user"`

	// Password is a http basic auth password used for git.
	Password string `json:"password"`

	// RepoPrefix specifies a repo URL prefix. eg. if RepoPrefix is set to
	// `https://github.com/bankdata`, then this credentials would apply for any
	// repository under the bankdata github org.
	RepoPrefix string `json:"repoPrefix"`
}

type HTTP struct {
	// http headers that will be added to the decision logs
	Headers []string `json:"headers"`
}

type KafkaConfig struct {
	Brokers      []string   `json:"brokers"`
	Topic        string     `json:"topic"`
	RequiredAcks string     `json:"requiredAcks"`
	TLS          *TLSConfig `json:"tls,omitempty"`
}

type LeaderElectionConfig struct {
	LeaseDuration metav1.Duration `json:"leaseDuration"`
	RenewDeadline metav1.Duration `json:"renewDeadline"`
	RetryPeriod   metav1.Duration `json:"retryPeriod"`
}

type NotificationWebhooksConfig struct {
	// Address is the URL to be called when the controller should do a webhook
	// notification. Currently the only supported notification is that a
	// datasource configuration has changed.
	SystemDatasourceChanged  string `json:"systemDatasourceChanged,omitempty"`
	LibraryDatasourceChanged string `json:"libraryDatasourceChanged,omitempty"`
}

type OPAConfig struct {
	DecisionLogs DecisionLog `json:"decision_logs"`
}

type ProjectConfig struct {
	metav1.TypeMeta `json:",inline"`

	// ControllerClass sets a controller class for this controller. This allows
	// the provided CRDs to target a specific controller. This is useful when
	// running multiple controllers in the same cluster.
	ControllerClass string `json:"controllerClass"`

	// DeletionProtectionDefault sets the default to use with regards to deletion
	// protection if it is not set on the resource.
	DeletionProtectionDefault bool `json:"deletionProtectionDefault"`

	// ReadOnly sets the value of ReadOnly for systems
	ReadOnly bool `json:"readOnly"`

	// EnableDeltaBundlesDefault sets the default of whether systems have delta-bundles or not
	EnableDeltaBundlesDefault *bool `json:"enableDeltaBundlesDefault,omitempty"`

	// DisableCRDWebhooks disables the CRD webhooks on the controller. If running
	// multiple controllers in the same cluster, only one will need to have it's
	// webhooks enabled.
	DisableCRDWebhooks bool `json:"disableCRDWebhooks"`

	// EnableMigrations enables the system migration annotation. This should be
	// kept disabled unless migrations need to be done.
	EnableMigrations bool `json:"enableMigrations"`

	// GitCredentials holds a list of git credential configurations. The
	// RepoPrefix of the GitCredential will be matched angainst repository URL in
	// order to determine which credential to use. The GitCredential with the
	// longest matching RepoPrefix will be selected.
	GitCredentials []*GitCredential `json:"gitCredentials"`

	// LogLevel sets the logging level of the controller. A higher number gives
	// more verbosity. A number higher than 0 should only be used for debugging
	// purposes.
	LogLevel int `json:"logLevel"`

	LeaderElection *LeaderElectionConfig `json:"leaderElection"`

	NotificationWebhooks *NotificationWebhooksConfig `json:"notificationWebhooks,omitempty"`

	Sentry *SentryConfig `json:"sentry"`

	SSO *SSOConfig `json:"sso"`

	Styra StyraConfig `json:"styra"`

	OPA OPAConfig `json:"opa,omitempty"`

	// SystemPrefix is a prefix for all the systems that the controller creates
	// in Styra DAS. This is useful in order to be able to identify what
	// controller created a system in a shared Styra DAS instance.
	SystemPrefix string `json:"systemPrefix"`

	// SystemSuffix is a suffix for all the systems that the controller creates
	// in Styra DAS. This is useful in order to be able to identify what
	// controller created a system in a shared Styra DAS instance.
	SystemSuffix string `json:"systemSuffix"`

	// SystemUserRoles is a list of Styra DAS system level roles which the subjects of
	// a system will be granted.
	SystemUserRoles []string `json:"systemUserRoles"`

	DecisionsExporter *DecisionsExporterConfig `json:"decisionsExporter,omitempty"`
}

type RequestContext struct {
	HTTP HTTP `json:"http"`
}

type SSOConfig struct {
	// IdentityProvider is the ID of a configured Styra DAS identity provider.
	IdentityProvider string `json:"identityProvider"`

	// JWTGroupsClaim is the json path to a claim in issued JWTs which contain a
	// list of groups that the user belongs to.
	JWTGroupsClaim string `json:"jwtGroupsClaim"`
}

type SentryConfig struct {
	// Debug enables Sentry client debugging.
	Debug bool `json:"debug"`

	// DSN is the Sentry project DSN.
	DSN string `json:"dsn"`

	// Environment sets the environment of the events sent to Sentry.
	Environment string `json:"environment"`

	// HTTPSProxy sets an HTTP proxy server for sentry to use.
	HTTPSProxy string `json:"httpsProxy"`
}

type StyraConfig struct {
	// Address is the URL for the Styra DAS API server.
	Address string `json:"address"`

	// Token is a Styra DAS API token. These can be created in the Styra DAS GUI
	// or through the API. The token should have the `WorkspaceAdministrator` role.
	Token string `json:"token"`

	// Alternative to the "token" whice define the Styra DAS API token directly in the config file,
	// this "tokenSecretPath" will use a token from a secret (only if "token" is not set)
	TokenSecretPath string `json:"tokenSecretPath"`
}

type TLSConfig struct {
	ClientCertificateName string `json:"clientCertificateName"`
	ClientCertificate     string `json:"clientCertificate"`
	ClientKey             string `json:"clientKey"`
	RootCA                string `json:"rootCA"`
}