{{- $auth := mustMergeOverwrite (mustDeepCopy .Values) .Values.auth -}}
{{- $configTemplate := printf "teleport-cluster.auth.config.%s" $auth.chartMode -}}
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ .Release.Name }}-auth
  namespace: {{ .Release.Namespace }}
  labels: {{- include "teleport-cluster.auth.labels" . | nindent 4 }}
{{- if $auth.annotations.config }}
  annotations: {{- toYaml $auth.annotations.config | nindent 4 }}
{{- end }}
data:
{{- if $auth.createProxyToken }}
  apply-on-startup.yaml: |2
    kind: token
    version: v2
    metadata:
      name: {{ .Release.Name }}-proxy
      expires: "2050-01-01T00:00:00Z"
    spec:
      roles: [Proxy]
      join_method: kubernetes
      kubernetes:
        allow:
          - service_account: "{{ .Release.Namespace }}:{{ include "teleport-cluster.proxy.serviceAccountName" . }}"
{{- end }}
  teleport.yaml: |2
    {{- mustMergeOverwrite (include $configTemplate . | fromYaml) $auth.teleportConfig | toYaml | nindent 4 -}}