{{- $auth := mustMergeOverwrite (mustDeepCopy .Values) .Values.auth -}}
{{- if $auth.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ template "teleport-cluster.auth.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  {{- if or $auth.annotations.serviceAccount $auth.azure.clientID }}
  annotations:
    {{- if $auth.annotations.serviceAccount }}
      {{- toYaml $auth.annotations.serviceAccount | nindent 4 }}
    {{- end }}
    {{- if $auth.azure.clientID }}
    azure.workload.identity/client-id: "{{ $auth.azure.clientID }}"
    {{- end }}
  {{- end -}}
{{- end }}