fix

2023-08-29 11:36:15 +02:00
parent 705fce977d
commit 10a1b406fa
3 changed files with 65 additions and 55 deletions
--- a/share/wildduck/application.tf
+++ b/share/wildduck/application.tf
@@ -28,10 +28,3 @@ resource "authentik_policy_binding" "prj_access_vynil" {
  group  = data.authentik_group.akadmin.id
  order  = 1
 }
-
-data "kubernetes_secret_v1" "authentik" {
-  metadata {
-    name = "authentik"
-    namespace = "${var.domain}-auth"
-  }
-}
--- a/share/wildduck/index.yaml
+++ b/share/wildduck/index.yaml
@@ -6,50 +6,20 @@ metadata:
  name: wildduck
  description: null
 options:
+  sub-domain:
+    default: mail
+    examples:
+    - mail
+    type: string
  issuer:
    default: letsencrypt-prod
    examples:
    - letsencrypt-prod
    type: string
-  additional-domains:
-    default: []
-    items:
-      type: string
-    type: array
-  backups:
-    default:
-      enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      secret-key: s3-secret
-      secret-name: backup-settings
+  domain:
+    default: your-company
    examples:
-    - enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      secret-key: s3-secret
-      secret-name: backup-settings
-    properties:
-      enable:
-        default: false
-        type: boolean
-      endpoint:
-        default: ''
-        type: string
-      key-id-key:
-        default: s3-id
-        type: string
-      secret-key:
-        default: s3-secret
-        type: string
-      secret-name:
-        default: backup-settings
-        type: string
-    type: object
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
+    - your-company
    type: string
  ingress-class:
    default: traefik
@@ -265,16 +235,6 @@ options:
            type: string
        type: object
    type: object
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
-  sub-domain:
-    default: mail
-    examples:
-    - mail
-    type: string
  redis:
    default:
      exporter:
@@ -308,6 +268,46 @@ options:
        default: 2Gi
        type: string
    type: object
+  additional-domains:
+    default: []
+    items:
+      type: string
+    type: array
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    examples:
+    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      secret-key:
+        default: s3-secret
+        type: string
+      secret-name:
+        default: backup-settings
+        type: string
+    type: object
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
 dependencies:
 - dist: null
  category: dbo
--- a/share/wildduck/scim.tf
+++ b/share/wildduck/scim.tf
@@ -1,3 +1,10 @@
+data "kubernetes_secret_v1" "authentik" {
+  metadata {
+    name = "authentik"
+    namespace = "${var.domain}-auth"
+  }
+}
+
 data "authentik_property_mapping_scim" "user" {
  managed = "goauthentik.io/providers/scim/user"
 }
@@ -14,6 +21,16 @@ resource "authentik_provider_scim" "scim" {
  property_mappings_group = [data.authentik_property_mapping_scim.group.id]
 }

+
+// Work-around missing features in the provider
+locals {
+  authentik-token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
+  request_headers = {
+    "Content-Type"  = "application/json"
+    Authorization   = "Bearer ${local.authentik-token}"
+  }
+}
+
 provider "restapi" {
  uri = "http://authentik.${var.domain}-auth.svc/api/v3/"
  headers = local.request_headers