#  Copyright 2021 Collate
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#  http://www.apache.org/licenses/LICENSE-2.0
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.

version: "3.9"
volumes:
  ingestion-volume-dag-airflow:
  ingestion-volume-dags:
  ingestion-volume-tmp:
services:
  mysql:
    build:
      context: ../../.
      dockerfile: docker/local-metadata/Dockerfile_mysql
    container_name: openmetadata_mysql
    restart: always
    depends_on:
      - elasticsearch
    environment:
      MYSQL_ROOT_PASSWORD: password
    expose:
      - 3306
    ports:
      - 3306:3306
    networks:
      local_app_net:
        ipv4_address: 172.16.239.10

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
    container_name: openmetadata_elasticsearch
    environment:
      - discovery.type=single-node
      - ES_JAVA_OPTS=-Xms1024m -Xmx1024m

    networks:
      local_app_net:
        ipv4_address: 172.16.239.11
    expose:
      - 9200
      - 9300
    ports:
      - 9200:9200
      - 9300:9300


  openmetadata-server:
    build:
      context: ../../.
      dockerfile: docker/local-metadata/Dockerfile
    container_name: openmetadata_server
    environment:
      ELASTICSEARCH_HOST: elasticsearch
      # OpenMetadata Server Authentication Configuration
      AUTHORIZER_CLASS_NAME: ${AUTHORIZER_CLASS_NAME:-org.openmetadata.catalog.security.NoopAuthorizer}
      AUTHORIZER_REQUEST_FILTER: ${AUTHORIZER_REQUEST_FILTER:-org.openmetadata.catalog.security.NoopFilter}
      AUTHORIZER_ADMIN_PRINCIPALS: ${AUTHORIZER_ADMIN_PRINCIPALS:-[admin]}
      AUTHORIZER_INGESTION_PRINCIPALS: ${AUTHORIZER_INGESTION_PRINCIPALS:-[ingestion-bot]}
      AUTHORIZER_PRINCIPAL_DOMAIN: ${AUTHORIZER_PRINCIPAL_DOMAIN:-""}
      AUTHENTICATION_PROVIDER: ${AUTHENTICATION_PROVIDER:-no-auth}
      CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME: ${CUSTOM_OIDC_AUTHENTICATION_PROVIDER_NAME:-""}
      AUTHENTICATION_PUBLIC_KEYS: ${AUTHENTICATION_PUBLIC_KEY:-[https://www.googleapis.com/oauth2/v3/certs]}
      AUTHENTICATION_AUTHORITY: ${AUTHENTICATION_AUTHORITY:-https://accounts.google.com}
      AUTHENTICATION_CLIENT_ID: ${AUTHENTICATION_CLIENT_ID:-""}
      AUTHENTICATION_CALLBACK_URL: ${AUTHENTICATION_CALLBACK_URL:-""}
      # OpenMetadata Server Airflow Configuration
      AIRFLOW_HOST: ${AIRFLOW_HOST:-http://ingestion:8080}
      SERVER_HOST_API_URL: ${SERVER_HOST_API_URL:-http://localhost:8585/api}
      # OpenMetadata Airflow Azure SSO Configuration
      AIRFLOW_AUTH_PROVIDER: ${AIRFLOW_AUTH_PROVIDER:-no-auth}
      OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""}
      OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""}
      OM_AUTH_AIRFLOW_AZURE_SCOPES: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]}
      OM_AUTH_AIRFLOW_AZURE_CLIENT_ID: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""}
      # OpenMetadata Airflow Google SSO Configuration
      OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_GOOGLE_SECRET_KEY_PATH:- ""}
      OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE: ${OM_AUTH_AIRFLOW_GOOGLE_AUDIENCE:-"https://www.googleapis.com/oauth2/v4/token"}
      # OpenMetadata Airflow Okta SSO Configuration
      OM_AUTH_AIRFLOW_OKTA_CLIENT_ID: ${OM_AUTH_AIRFLOW_OKTA_CLIENT_ID:-""}
      OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL: ${OM_AUTH_AIRFLOW_OKTA_ORGANIZATION_URL:-""}
      OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY: ${OM_AUTH_AIRFLOW_OKTA_PRIVATE_KEY:-""}
      OM_AUTH_AIRFLOW_OKTA_SA_EMAIL: ${OM_AUTH_AIRFLOW_OKTA_SA_EMAIL:-""}
      OM_AUTH_AIRFLOW_OKTA_SCOPES: ${OM_AUTH_AIRFLOW_OKTA_SCOPES:-[]}
      # OpenMetadata Airflow Auth0 SSO Configuration
      OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_ID:-""}
      OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET: ${OM_AUTH_AIRFLOW_AUTH0_CLIENT_SECRET:-""}
      OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL: ${OM_AUTH_AIRFLOW_AUTH0_DOMAIN_URL:-""}
      # OpenMetadata Airflow Custom OIDC SSO Configuration
      OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_CLIENT_ID:-""}
      OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY_PATH: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_SECRET_KEY_PATH:-""}
      OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL: ${OM_AUTH_AIRFLOW_CUSTOM_OIDC_TOKEN_ENDPOINT_URL:-""}
    expose:
      - 8585
      - 8586
      - 9200
      - 9300
      - 3306
    ports:
      - 8585:8585
      - 8586:8586
    depends_on:
      - elasticsearch
      - mysql
      - ingestion
    networks:
      local_app_net:
        ipv4_address: 172.16.239.13
    extra_hosts:
      - "localhost:172.16.239.10"
      - "elasticsearch:172.16.239.11"

  ingestion:
    build:
      context: ../../.
      dockerfile: ingestion/Dockerfile
      args:
        INGESTION_DEPENDENCY: ${INGESTION_DEPENDENCY:-all}
    container_name: openmetadata_ingestion
    depends_on:
      - mysql
      - elasticsearch
    expose:
      - 8080
    ports:
      - 8080:8080
    networks:
      - local_app_net
    extra_hosts:
      - "localhost:172.16.239.10"
      - "localhost:172.16.239.11"
      - "localhost:172.16.239.13"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ingestion-volume-dag-airflow:/airflow/dag_generated_configs
      - ingestion-volume-dags:/airflow/dags
      - ingestion-volume-tmp:/tmp
networks:
  local_app_net:
    name: ometa_network
    ipam:
      driver: default
      config:
        - subnet: "172.16.239.0/24"