variable "keycloak_url" {
  description = "Keycloak URL (set via TF_VAR_keycloak_url)"
  type        = string
  default     = "https://auth.hexor.cy"
}

variable "keycloak_client_id" {
  description = "Keycloak Terraform client ID (set via TF_VAR_keycloak_client_id)"
  type        = string
  default     = "terraform"
}

variable "keycloak_client_secret" {
  description = "Keycloak Terraform client secret (set via TF_VAR_keycloak_client_secret)"
  type        = string
  sensitive   = true
}

variable "kubeconfig_path" {
  description = "Path to kubeconfig (set via TF_VAR_kubeconfig_path or KUBE_CONFIG_PATH)"
  type        = string
  default     = "~/.kube/config"
}

variable "google_client_id" {
  description = "Google OAuth client ID (set via TF_VAR_google_client_id)"
  type        = string
}

variable "google_client_secret" {
  description = "Google OAuth client secret (set via TF_VAR_google_client_secret)"
  type        = string
  sensitive   = true
}

variable "groups" {
  description = "Standalone Keycloak groups"
  type        = list(string)
  default     = []
}

variable "proxy_applications" {
  description = "Proxy applications protected by rsauth2-proxy"
  type = map(object({
    domain         = string
    allowed_groups = optional(list(string), [])
  }))
  default = {}
}