{{- $credentialsName := .Values.connect.credentialsName -}}
{{- $namespace := .Release.Namespace -}}
{{- $tokenName := .Values.operator.token.name -}}
{{- $serviceAccountTokenName := .Values.operator.serviceAccountToken.name -}}

{{- if (and (.Values.connect.create) (not (or (lookup "v1" "Secret" $namespace $credentialsName) (.Values.connect.credentials) ))) }}
---------------------------------------------------------------------------------------------
 WARNING

    Using 1Password Connect in Kubernetes requires that a 1password-credentials.json file
    be stored as a Kubernetes Secret. This credentials file can be saved as a Kubernetes 
    secret by using one of two methods:

    Add the following to your helm install command:
            
         --set-file connect.credentials={path/to/1password-credentials.json}
        
    This will allow for Helm to handle storing 1password-credentials.json as a secret
    for you.

    More information about 1Password Connect and how to generate a 1password-credentials.json 
    file can be found at https://support.1password.com/secrets-automation/.

---------------------------------------------------------------------------------------------
{{- end }}

{{- if (and (.Values.operator.create) (not (or (lookup "v1" "Secret" $namespace $tokenName) (.Values.operator.token.value))) (not (or (lookup "v1" "Secret" $namespace $serviceAccountTokenName) (.Values.operator.serviceAccountToken.value))) ) }}
---------------------------------------------------------------------------------------------
 WARNING

    By specifying "operator.create=true", a 1Password Connect Kuberator Operates will be 
    deployed. This operator expects that a secret containing a 1Password Connect Token or 1Password Service Account Token
    is saved to the configured namespace {{ $namespace }}. 
    
    1Password Connect Token can be saved as a Kubernetes secret using the following command:

        kubectl create secret generic {{ $tokenName }} --from-literal=token=<OP_CONNECT_TOKEN> \
         --namespace={{ $namespace }}


    1Password Service Account token can be saved as a Kubernetes secret using the following command:

        kubectl create secret generic {{ $serviceAccountTokenName }} --from-literal=token=<OP_SERVICE_ACCOUNT_TOKEN> \
         --namespace={{ $namespace }}


    Creation of a secret for the token can also be automated by the Helm Chart by setting
    'operator.token.value' or 'operator.serviceAccountToken.value ' to the value of your token.

    More information about 1Password Connect and how to generate a 1Password Connect API token
    can be found at https://support.1password.com/secrets-automation/.

    More information about 1Password Service Accounts and how to generate a service account token
    can be found at https://developer.1password.com/docs/service-accounts.

---------------------------------------------------------------------------------------------
{{- end }}

{{- if and (not (.Values.connect.create)) ( not (.Values.operator.create)) }}
  {{- fail "The `connect.create` and `operator.create` are both set to `false`. At least one should be set to `true`." -}}
{{- end -}}

** Please be patient while the chart is being deployed **

1Password Connect is being deployed to Kubernetes. More information about 1Password Connect can 
be found at https://support.1password.com/secrets-automation/

{{- if and (.Values.connect.create) (.Values.operator.create) }}

The 1Password Kubernetes Operator is also being deployed. More information about the
1Password Operator can be found at https://github.com/1Password/onepassword-operator

{{- end }}

{{- if and (not (.Values.connect.create)) (.Values.operator.create) }}

The 1Password Connect Kubernetes Operator is being deployed without also deploying a 1Password 
Connect server. A Connect server is required for the operator to connect to. More information 
about the 1Password Connect Operator can be found at 
https://github.com/1Password/onepassword-operator

{{- end }}