variable "gitea_app_id" {
  type = string
}
variable "POSTGRES_CREDENTIALS_EDITOR_USERNAME" {
  type      = string
  sensitive = true
}
variable "POSTGRES_CREDENTIALS_EDITOR_PASSWORD" {
  type      = string
  sensitive = true
}
variable "applications" {
  type = set(object({
    name                       = string
    ops_policies               = optional(list(string), [])
    service_account_names      = optional(list(string), [])
    service_account_namespaces = optional(list(string), [])
    # Multi-env extension: list of envs this app deploys to. Defaults to ["prod"] for
    # every existing app — backwards compatible by the elision rule. Non-prod envs
    # produce additional runtime policies named "<name>-<env>".
    envs = optional(list(string), ["prod"])
    # Extra kvv2 data paths the app's prod runtime policy may read (read,list) —
    # e.g. a shared backup-creds path owned by another app. Default none.
    kv_read_paths = optional(list(string), [])
  }))
}