---
{{- define "homey.auth.ingress.annotations" }}
    # nginx.ingress.kubernetes.io/auth-signin: "https://auth.zakobar.com"
    nginx.ingress.kubernetes.io/auth-url: "http://ldap-auth-internal.{{ .Release.Namespace }}.svc.cluster.local:80"
    nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Email
    nginx.ingress.kubernetes.io/location-snippets: |-
      auth_request /auth
    nginx.ingress.kubernetes.io/configuration-snippet: |-
      location /auth {
        # proxy_pass http://ldap-auth-internal;
        proxy_pass_request_body off;
        #THIS NEEDS TO BE SET BY ACTUAL SOMETHING LOGIN SHIT
        # proxy_set_header X-Target http://ldap-auth-internal.{{ .Release.Namespace }}.svc.cluster.local:80;
        proxy_set_header X-Ldap-URL      "ldap://openldap";
        proxy_set_header X-Ldap-BaseDN   "ou=users,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}";
        proxy_set_header X-Ldap-BindDN   "cn=readonly,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}";
        proxy_set_header X-Ldap-BindPass {{ (get (get (lookup "v1" "Secret" .Release.Namespace "openldap-ro") "data") "password") | b64dec | quote}};
        proxy_set_header X-CookieName "homey.auth.cookie";
        proxy_set_header Cookie $cookie_homey.auth.cookie;
        proxy_set_header X-Remote-User $remote_user;
        proxy_set_header X-Forwarded-Method $request_method;
        proxy_set_header X-Ldap-Template "(uid=%(username)s)";
      }
{{- end }}