#!/bin/bash -l

cat <<EOF >config/kibana.yml
server.port: 8080
server.host: 0.0.0.0
server.name: "kibana-${ES_ADDON_HOST}"

server.publicBaseUrl: "https://kibana-${ES_ADDON_HOST}"

elasticsearch.hosts: ["https://${ES_ADDON_HOST}"]
elasticsearch.username: "${ES_ADDON_KIBANA_USER}"
elasticsearch.password: "${ES_ADDON_KIBANA_PASSWORD}"

xpack.security.authc.providers:
  basic.basic1:
    order: 0
    icon: "logoElasticsearch"
    description: "Login in with Kibana User"
  saml.saml1:
    order: 1
    realm: saml1
    description: "Login in with Clever Cloud"

xpack.security.authc.selector.enabled : true

xpack.security.public:
        protocol: https
        hostname: "kibana-${ES_ADDON_HOST}"
        port: 443

xpack.reporting.enabled: true
xpack.security.secureCookies: true
telemetry.enabled: false
telemetry.optIn: false
EOF

if [[ -n "${CC_KIBANA_SECURITY_ENCRYPTION_KEY}" ]]; then
    echo "xpack.security.encryptionKey: \"${CC_KIBANA_SECURITY_ENCRYPTION_KEY}\"" >> config/kibana.yml
fi

if [[ -n "${CC_KIBANA_REPORTING_ENCRYPTION_KEY}" ]]; then
    echo "xpack.reporting.encryptionKey: \"${CC_KIBANA_REPORTING_ENCRYPTION_KEY}\"" >> config/kibana.yml
fi

if [[ -n "${CC_KIBANA_OBJECTS_ENCRYPTION_KEY}" ]]; then
    echo "xpack.encryptedSavedObjects.encryptionKey: \"${CC_KIBANA_OBJECTS_ENCRYPTION_KEY}\"" >> config/kibana.yml
fi

# Kibana doesn't create it automatically
# -p to ignore errors if it already exists
mkdir -p data