# locals {
#   app_slug = "${var.instance}${var.component == "" ? "" : "-"}${var.component}"
#   forward_labels = merge(var.labels, {
#     "app.kubernetes.io/component" = "ak-gatekeeper"
#   })
#   external_url = format("https://%s", var.dns_name)
#   forward_outpost_providers = jsondecode(data.http.get_forward_outpost.response_body).results[0].providers
#   forward_outpost_pk        = jsondecode(data.http.get_forward_outpost.response_body).results[0].pk
# }

# data "authentik_flow" "default_authorization_flow" {
#   slug = "default-provider-authorization-implicit-consent"
# }

# resource "authentik_provider_proxy" "forward" {
#   name                  = local.app_slug
#   external_host         = local.external_url
#   authorization_flow    = data.authentik_flow.default_authorization_flow.id
#   mode                  = "forward_single"
#   access_token_validity = var.access_token_validity
# }

# data "http" "get_forward_outpost" {
#   depends_on      = [authentik_provider_proxy.forward]
#   url             = "http://authentik.${var.domain}-auth.svc/api/v3/outposts/instances/?name__iexact=${var.domain}-proxy-outpost"
#   method          = "GET"
#   request_headers = var.request_headers
#   lifecycle {
#     postcondition {
#       condition     = contains([200], self.status_code)
#       error_message = "Status code invalid"
#     }
#   }
# }

# resource "restapi_object" "forward_outpost_binding" {
#   path = "/outposts/instances/${local.forward_outpost_pk}/"
#   data = jsonencode({
#     name      = "forward"
#     providers = contains(local.forward_outpost_providers, authentik_provider_proxy.forward.id) ? local.forward_outpost_providers : concat(local.forward_outpost_providers, [authentik_provider_proxy.forward.id])
#   })
# }



# data "kubernetes_ingress_v1" "authentik" {
#   metadata {
#     name      = "authentik"
#     namespace = "${var.domain}-auth"
#   }
# }