variable "component" {
  type = string
}

variable "instance" {
  type = string
}

variable "domain" {
  type = string
}

variable "namespace" {
  type = string
}

variable "labels" {
  type = map(string)
}

variable "dns_name" {
  type = string
}

variable "access_token_validity" {
  type    = string
  default = "hours=10" // ;minutes=10
}

variable "response_headers" {
  type = list(string)
  description = "List of sended headers from authentik to web application"
  default = [
    "X-authentik-username",
    "X-authentik-email",
    "X-authentik-groups",
    "X-authentik-name",
    "X-authentik-uid",
    "X-authentik-jwt",
    "X-authentik-meta-jwks",
    "X-authentik-meta-outpost",
    "X-authentik-meta-provider",
    "X-authentik-meta-app",
    "X-authentik-meta-version",
  ]
  validation {
    condition = alltrue(
      [for header in var.response_headers : contains([
        "X-authentik-username",
        "X-authentik-email",
        "X-authentik-groups",
        "X-authentik-name",
        "X-authentik-uid",
        "X-authentik-jwt",
        "X-authentik-meta-jwks",
        "X-authentik-meta-outpost",
        "X-authentik-meta-provider",
        "X-authentik-meta-app",
        "X-authentik-meta-version",
      ], header)]
    )
    error_message = "Only som headers are allowed by authentik"
  }
}