// https://docs.crossplane.io/v1.15/software/install/#installed-deployments
local appDef = import './app-definitions.libsonnet';

// Installation of Vault Provider is left manually, since it relies on secret creation:
// https://github.com/upbound/provider-vault
//
// Also required created a role to bind to the ServiceAccount:
//
// apiVersion: rbac.authorization.k8s.io/v1
// kind: ClusterRoleBinding
// metadata:
//   name: vault-provider-role-binding
//   namespace: crossplane-system
// roleRef:
//   apiGroup: rbac.authorization.k8s.io
//   kind: ClusterRole
//   name: vault-provider-role
// subjects:
//   - kind: ServiceAccount
//     name: provider-vault-b61923ede364
//     namespace: crossplane-system
// ---
// apiVersion: rbac.authorization.k8s.io/v1
// kind: ClusterRole
// metadata:
//   name: vault-provider-role
//   namespace: crossplane-system
// rules:
//   - apiGroups:
//       - identity.vault.upbound.io
//     resources:
//       - mfaoktas
//       - groupmembergroupidsidses
//       - groupmemberentityidsidses
//     verbs:
//       - get
//       - list
//       - watch
//   - apiGroups:
//       - mfa.vault.upbound.io
//     resources:
//       - oktas
//     verbs:
//       - get
//       - list
//       - watch
appDef.helmApplication(
  name="crossplane",
  sourceRepoUrl="https://charts.crossplane.io/stable",
  sourceChart="crossplane",
  sourceTargetRevision="1.15.0",
  namespace="crossplane-system"
)