---
apiVersion: v1
data:
  generate-secrets.sh: |2
    generate_secret() {
        openssl rand -hex 16 | tr 'a-f' 'A-F' | head -c 32
    }

    AIRM_SUPERUSER_USERNAME=$(generate_secret)
    AIRM_SUPERUSER_PASSWORD=$(generate_secret)
    AIRM_USER_PASSWORD=$(generate_secret)
    AIRM_RABBITMQ_USERNAME=$(generate_secret)
    AIRM_RABBITMQ_PASSWORD=$(generate_secret)
    AIRM_UI_AUTH_SECRET=$(generate_secret)

    cat > /tmp/final-secret-store.yaml << EOF
    apiVersion: external-secrets.io/v1beta1
    kind: ClusterSecretStore
    metadata:
      name: airm-secret-store
    spec:
      provider:
        fake:
          data:
          - key: airm-cnpg-superuser-username
            value: ${AIRM_SUPERUSER_USERNAME}
          - key: airm-cnpg-superuser-password
            value: ${AIRM_SUPERUSER_PASSWORD}
          - key: airm-cnpg-user-username
            value: airm_user
          - key: airm-cnpg-user-password
            value: ${AIRM_USER_PASSWORD}
          - key: airm-rabbitmq-user-username
            value: ${AIRM_RABBITMQ_USERNAME}
          - key: airm-rabbitmq-user-password
            value: ${AIRM_RABBITMQ_PASSWORD}
          - key: airm-ui-auth-nextauth-secret
            value: ${AIRM_UI_AUTH_SECRET}
    EOF

    kubectl get clustersecretstores.external-secrets.io airm-secret-store > /dev/null 2>&1
    if [ $? -eq 0 ]; then
        echo "ClusterSecretStore 'airm-secret-store' already exists, skipping creation."
        exit 0
    fi

    kubectl apply -f /tmp/final-secret-store.yaml
    echo "ClusterSecretStore created successfully!"
    echo "Generated secrets with alphanumeric values only"
    exit 0
kind: ConfigMap
metadata:
  annotations:
    helm.sh/hook: pre-install
    helm.sh/hook-weight: "-1"
  name: airm-secret-generator-script
  namespace: airm