variable "keycloak_url" {
  description = "Keycloak URL (set via TF_VAR_keycloak_url)"
  type        = string
  default     = "https://auth.hexor.cy"
}

variable "keycloak_client_id" {
  description = "Keycloak Terraform client ID (set via TF_VAR_keycloak_client_id)"
  type        = string
  default     = "terraform"
}

variable "keycloak_client_secret" {
  description = "Keycloak Terraform client secret (set via TF_VAR_keycloak_client_secret)"
  type        = string
  sensitive   = true
}

variable "google_client_id" {
  description = "Google OAuth client ID (set via TF_VAR_google_client_id)"
  type        = string
}

variable "google_client_secret" {
  description = "Google OAuth client secret (set via TF_VAR_google_client_secret)"
  type        = string
  sensitive   = true
}

variable "groups" {
  description = "Standalone Keycloak groups"
  type        = list(string)
  default     = []
}

variable "proxy_applications" {
  description = "Proxy applications protected by rsauth2-proxy"
  type = map(object({
    domain         = string
    allowed_groups = optional(list(string), [])
  }))
  default = {}
}

variable "oauth2_applications" {
  description = "OAuth2/OIDC applications that handle authentication themselves"
  type = map(object({
    redirect_uris             = list(string)
    post_logout_redirect_uris = optional(list(string), [])
    web_origins               = optional(list(string), [])
    extra_default_scopes      = optional(list(string), [])
    extra_optional_scopes     = optional(list(string), [])
    allowed_groups            = optional(list(string), [])
  }))
  default = {}
}