{{- if .Values.config.secret.create }}
apiVersion: v1
kind: Secret
metadata:
  # Mandatory hardcoded name.
  # Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-secret.yaml
  name: argocd-secret
  namespace: {{ .Release.Namespace | quote }}
  labels: {{- include "common.labels.standard" . | nindent 4 }}
    {{- if .Values.commonLabels }}
    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
    {{- end }}
    # Mandatory label
    # Ref: https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#atomic-configuration
    app.kubernetes.io/part-of: argocd
  {{- if or .Values.commonAnnotations .Values.config.secret.annotations }}
  annotations:
  {{- if .Values.commonAnnotations }}
  {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  {{- end }}
  {{- if .Values.config.secret.annotations }}
  {{- include "common.tplvalues.render" ( dict "value" .Values.config.secret.annotations "context" $ ) | nindent 4 }}
  {{- end }}
  {{- end }}
type: Opaque
data:
  {{- if .Values.config.secret.githubSecret }}
  webhook.github.secret: {{ .Values.config.secret.githubSecret | b64enc }}
  {{- end }}
  {{- if .Values.config.secret.gitlabSecret }}
  webhook.gitlab.secret: {{ .Values.config.secret.gitlabSecret | b64enc }}
  {{- end }}
  {{- if .Values.config.secret.bitbucketServerSecret }}
  webhook.bitbucketserver.secret: {{ .Values.config.secret.bitbucketServerSecret | b64enc }}
  {{- end }}
  {{- if .Values.config.secret.bitbucketUUID }}
  webhook.bitbucket.uuid: {{ .Values.config.secret.bitbucketUUID | b64enc }}
  {{- end }}
  {{- if .Values.config.secret.gogsSecret }}
  webhook.gogs.secret: {{ .Values.config.secret.gogsSecret | b64enc }}
  {{- end }}
  {{- if and .Values.config.secret.argocdServerTlsConfig.key .Values.config.secret.argocdServerTlsConfig.crt }}
  tls.key: {{ .Values.config.secret.argocdServerTlsConfig.key | b64enc }}
  tls.crt: {{ .Values.config.secret.argocdServerTlsConfig.crt | b64enc }}
  {{- end }}
  {{- $password := include "common.secrets.passwords.manage" (dict "secret" "argocd-secret" "key" "clearPassword" "providedValues" (list "config.secret.argocdServerAdminPassword") "context" $) }}
  clearPassword: {{ $password }}
  {{- $password = (trimAll "\"" $password) | b64dec }}
  # The password needs to be bcrypt hashed
  admin.password: {{ (split ":" (htpasswd "" $password))._1 | b64enc }}
  admin.passwordMtime: {{ default (dateInZone "2006-01-02T15:04:05Z" (now) "UTC") .Values.config.secret.argocdServerAdminPasswordMtime | b64enc }}
  {{- range $key, $value := .Values.config.secret.extra }}
  {{ $key }}: {{ $value | b64enc }}
  {{- end }}
{{- end }}