service:
  name: accounts
  awsKmsKeyArn: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/all/kmsArn~true}

provider:
  name: aws
  endpointType: regional
  runtime: python3.6
  stage: alpha
  region: eu-central-1
  apiName: offen-${self:provider.stage}
  logs:
    restApi: true

package:
  individually: true

plugins:
  - serverless-domain-manager
  - serverless-python-requirements
  - serverless-wsgi

custom:
  stage: ${opt:stage, self:provider.stage}
  origin:
    production: vault.offen.dev
    staging: vault-staging.offen.dev
    alpha: vault-alpha.offen.dev
  domain:
    production: accounts.offen.dev
    staging: accounts-staging.offen.dev
    alpha: accounts-alpha.offen.dev
  cookieDomain:
    production: .offen.dev
    staging: .offen.dev
    alpha: .offen.dev
  customDomain:
    basePath: ''
    certificateName: '*.offen.dev'
    domainName: ${self:custom.domain.${self:custom.stage}}
    stage: ${self:custom.stage}
    endpointType: regional
    createRoute53Record: false
  wsgi:
    app: accounts.app
    packRequirements: false
  pythonRequirements:
    slim: true
    dockerizePip: non-linux
    fileName: requirements.txt

functions:
  app:
    handler: wsgi_handler.handler
    events:
      - http:
          path: '/'
          method: any
      - http:
          path: '{proxy+}'
          method: any
    environment:
      USER: offen
      CORS_ORIGIN: https://${self:custom.origin.${self:custom.stage}}
      COOKIE_DOMAIN: ${self:custom.cookieDomain.${self:custom.stage}}
      JWT_PRIVATE_KEY: '${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/jwtPrivateKey~true}'
      JWT_PUBLIC_KEY: '${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/jwtPublicKey~true}'
      HASHED_PASSWORD: ${ssm:/aws/reference/secretsmanager/${self:custom.stage}/accounts/hashedPassword~true}