{{ if .Values.notary.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ template "harbor.fullname" . }}-notary
  labels:
{{ include "harbor.labels" . | indent 4 }}
    component: notary
data:
  {{ $ca := genCA "harbor-notary-ca" 3650 }}
  {{ $cert := genSignedCert (printf "%s-notary-signer" (include "harbor.fullname" .)) nil nil 3650 $ca }}
  notary-signer-ca.crt: |
{{ .Values.notary.signer.caCrt  | default $ca.Cert   | indent 4 }}
  notary-signer.crt: |
{{ .Values.notary.signer.tlsCrt | default $cert.Cert | indent 4 }}
  notary-signer.key: |
{{ .Values.notary.signer.tlsKey | default $cert.Key  | indent 4 }}
  server-config.postgres.json: |
    {
      "server": {
        "http_addr": ":4443"
      },
      "trust_service": {
        "type": "remote",
        "hostname": "{{ template "harbor.fullname" . }}-notary-signer",
        "port": "7899",
        "tls_ca_file": "./notary-signer-ca.crt",
        "key_algorithm": "ecdsa"
      },
      "logging": {
        "level": "debug"
      },
      "storage": {
        "backend": "postgres",
        "db_url": "{{ template "harbor.database.notaryServer" . }}"
      },
      "auth": {
          "type": "token",
          "options": {
              "realm": "{{ template "harbor.externalURL" . }}/service/token",
              "service": "harbor-notary",
              "issuer": "harbor-token-issuer",
              "rootcertbundle": "/root.crt"
          }
      }
    }
  signer-config.postgres.json: |
    {
      "server": {
        "grpc_addr": ":7899",
        "tls_cert_file": "./notary-signer.crt",
        "tls_key_file": "./notary-signer.key"
      },
      "logging": {
        "level": "debug"
      },
      "storage": {
        "backend": "postgres",
        "db_url": "{{ template "harbor.database.notarySigner" . }}",
        "default_alias": "defaultalias"
      }
    }
{{ end }}