{{- if .Values.oidc }}
{{- if .Values.oidc.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ template "cost-analyzer.fullname" . }}-oidc
  namespace: {{ .Release.Namespace }}
  labels:
    {{ include "cost-analyzer.commonLabels" . | nindent 4 }}
data:
{{- $root := . }}
    oidc.json: |-
      {
        "enabled" : {{ .Values.oidc.enabled }},
        "useIDToken" : {{ .Values.oidc.useIDToken | default "false" }},
        "clientID" : "{{ .Values.oidc.clientID }}",
        "secretName" : "{{ .Values.oidc.secretName }}",
        "authURL" : "{{ .Values.oidc.authURL }}",
        "loginRedirectURL" : "{{ .Values.oidc.loginRedirectURL }}",
        "discoveryURL" : "{{ .Values.oidc.discoveryURL }}",
        "hostedDomain" : "{{ .Values.oidc.hostedDomain }}",
        "rbac" : {
          "enabled" : {{ .Values.oidc.rbac.enabled }},
          "groups" : [
          {{- range $i, $g := .Values.oidc.rbac.groups }}
          {{- if ne $i 0 }},{{- end }}
          {
            "roleName": "{{ $g.name }}",
            "enabled": {{ $g.enabled }},
            "claimName": "{{ $g.claimName }}",
            "claimValues": [
            {{- range $j, $v := $g.claimValues }}
            {{- if ne $j 0 }},{{- end }}
              "{{ $v }}"
            {{- end }}
            ]
          }
          {{- end }}
          ]
        }
      }
{{- end -}}
{{- end -}}