{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
   or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
   https://securityonion.net/license; you may not use this file except in compliance with the
   Elastic License 2.0. #}

{% from 'vars/globals.map.jinja' import GLOBALS %}
{% import_yaml 'kratos/defaults.yaml' as KRATOSDEFAULTS %}

{% do KRATOSDEFAULTS.kratos.config.selfservice.methods.webauthn.config.rp.update({'origin': KRATOSDEFAULTS.kratos.config.selfservice.methods.webauthn.config.rp.origin | replace("URL_BASE", GLOBALS.url_base)}) %}
{% do KRATOSDEFAULTS.kratos.config.selfservice.methods.webauthn.config.rp.update({'id': KRATOSDEFAULTS.kratos.config.selfservice.methods.webauthn.config.rp.id | replace("URL_BASE", GLOBALS.url_base)}) %}
{% do KRATOSDEFAULTS.kratos.config.selfservice.methods.webauthn.config.rp.update({'display_name': KRATOSDEFAULTS.kratos.config.selfservice.methods.webauthn.config.rp.display_name | replace("URL_BASE", GLOBALS.url_base)}) %}
{% do KRATOSDEFAULTS.kratos.config.selfservice.flows.settings.update({'ui_url': KRATOSDEFAULTS.kratos.config.selfservice.flows.settings.ui_url | replace("URL_BASE", GLOBALS.url_base)}) %}
{% do KRATOSDEFAULTS.kratos.config.selfservice.flows.verification.update({'ui_url': KRATOSDEFAULTS.kratos.config.selfservice.flows.verification.ui_url | replace("URL_BASE", GLOBALS.url_base)}) %}
{% do KRATOSDEFAULTS.kratos.config.selfservice.flows.login.update({'ui_url': KRATOSDEFAULTS.kratos.config.selfservice.flows.login.ui_url | replace("URL_BASE", GLOBALS.url_base)}) %}
{% do KRATOSDEFAULTS.kratos.config.selfservice.flows.error.update({'ui_url': KRATOSDEFAULTS.kratos.config.selfservice.flows.error.ui_url | replace("URL_BASE", GLOBALS.url_base)}) %}
{% do KRATOSDEFAULTS.kratos.config.selfservice.flows.registration.update({'ui_url': KRATOSDEFAULTS.kratos.config.selfservice.flows.registration.ui_url | replace("URL_BASE", GLOBALS.url_base)}) %}
{% do KRATOSDEFAULTS.kratos.config.selfservice.update({'default_browser_return_url': KRATOSDEFAULTS.kratos.config.selfservice.default_browser_return_url | replace("URL_BASE", GLOBALS.url_base)}) %}
{% do KRATOSDEFAULTS.kratos.config.serve.public.update({'base_url': KRATOSDEFAULTS.kratos.config.serve.public.base_url | replace("URL_BASE", GLOBALS.url_base)}) %}
{% do KRATOSDEFAULTS.kratos.config.serve.admin.update({'base_url': KRATOSDEFAULTS.kratos.config.serve.admin.base_url | replace("URL_BASE", GLOBALS.url_base)}) %}
{% do KRATOSDEFAULTS.kratos.config.courier.smtp.update({'connection_uri': KRATOSDEFAULTS.kratos.config.courier.smtp.connection_uri | replace("URL_BASE", GLOBALS.url_base)}) %}

{% set KRATOSMERGED = salt['pillar.get']('kratos', default=KRATOSDEFAULTS.kratos, merge=true) %}

{% if KRATOSMERGED.oidc.enabled and 'odc' in salt['pillar.get']('features') %}
{%   do KRATOSMERGED.config.selfservice.methods.update({'oidc': {'enabled': true, 'config': {'providers': [KRATOSMERGED.oidc.config]}}}) %}
{% endif %}

{% if KRATOSMERGED.oidc.config.auth_url is defined and not KRATOSMERGED.oidc.config.auth_url.strip() | length %}
{%   do KRATOSMERGED.oidc.config.pop('auth_url') %}
{% endif %}

{% if KRATOSMERGED.oidc.config.issuer_url is defined and not KRATOSMERGED.oidc.config.issuer_url.strip() | length %}
{%   do KRATOSMERGED.oidc.config.pop('issuer_url') %}
{% endif %}

{% if KRATOSMERGED.oidc.config.token_url is defined and not KRATOSMERGED.oidc.config.token_url.strip() | length %}
{%   do KRATOSMERGED.oidc.config.pop('token_url') %}
{% endif %}