{{- /*
Create secrets if they don't exist
*/ -}}

{{- /* Sensitive Properties Key Secret */ -}}
{{- $sensitiveKeySecretName := default "encryption-sensitive-key" .Values.global.encryption.sensitivePropertiesKey.secretRef.name -}}
{{- $existingSensitiveKey := (lookup "v1" "Secret" .Release.Namespace $sensitiveKeySecretName) -}}
{{- if not $existingSensitiveKey }}
---
apiVersion: v1
kind: Secret
metadata:
  name: {{ $sensitiveKeySecretName }}
  labels:
    {{- include "nifi.labels" . | nindent 4 }}
  annotations:
    "helm.sh/resource-policy": "keep"
type: Opaque
data:
  {{ .Values.global.encryption.sensitivePropertiesKey.secretRef.key }}: {{ randAlphaNum 32 | b64enc | quote }}
{{- end }}

{{- /* Keystore Password Secret */ -}}
{{- $keystorePasswordSecretName := default "certificate-keystore-password" .Values.global.tls.certificate.keystorePasswordSecretRef.name -}}
{{- $existingKeystorePassword := (lookup "v1" "Secret" .Release.Namespace $keystorePasswordSecretName) -}}
{{- if not $existingKeystorePassword }}
---
apiVersion: v1
kind: Secret
metadata:
  name: {{ $keystorePasswordSecretName }}
  labels:
    {{- include "nifi.labels" . | nindent 4 }}
  annotations:
    "helm.sh/resource-policy": "keep"
type: Opaque
data:
  {{ .Values.global.tls.certificate.keystorePasswordSecretRef.key }}: {{ randAlphaNum 32 | b64enc | quote }}
{{- end }}