vynil/domain-incoming
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-05-24 14:28:47 +02:00
parent 5002330ca3
commit 18f8bf8193
4 changed files with 25 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
apps/sonar/check.rhai Normal file
View File

@@ -0,0 +1,13 @@
const DOMAIN = config.domain;
fn check_domain() {
assert(have_namespace(`${global::DOMAIN}`), `There is no ${global::DOMAIN} namespace`);
}
fn check_authentik() {
assert(have_namespace(`${global::DOMAIN}-auth`), `There is no ${global::DOMAIN}-auth namespace`);
assert(have_install(`${global::DOMAIN}-auth`, "authentik"), `No authentik installation in ${global::DOMAIN}-auth`);
assert(have_secret(`${global::DOMAIN}-auth`, "authentik"), `No authentik secret in ${global::DOMAIN}-auth`);
}
fn pre_check() {
check_domain();
check_authentik();
}

8
apps/sonar/index.yaml
View File

@@ -329,7 +329,13 @@ options:
examples:
- sonar
type: string
dependencies: []
dependencies:
- dist: null
category: core
component: cert-manager-self-sign
- dist: null
category: dbo
component: pg
providers:
kubernetes: true
authentik: true

6
apps/sonar/sonar_ConfigMap.tf
View File

@@ -35,10 +35,10 @@ resource "kubectl_manifest" "cm_files" {
sonar.telemetry.enable=false
sonar.updatecenter.activate=false
sonar.auth.saml.enabled=true
sonar.auth.saml.applicationId=${module.saml.app_id}
sonar.auth.saml.applicationId=https://${local.dns_name}/saml2/metadata
sonar.auth.saml.providerName=vynil
sonar.auth.saml.providerId=${module.saml.issuer}
sonar.auth.saml.loginUrl=https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/saml/${var.component}-${var.instance}/sso/binding/init/
sonar.auth.saml.providerId=https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}
sonar.auth.saml.loginUrl=https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/saml/${var.component}-${var.instance}/sso/binding/redirect/
sonar.auth.saml.certificate.secured=${join("",[for line in split("\n",module.saml.certificate_data): line if !endswith(line, "CERTIFICATE-----")])}
sonar.auth.saml.user.login=windowsaccountname
sonar.auth.saml.user.name=name

2
apps/sonar/sonar_Service.tf
View File

@@ -56,6 +56,8 @@ module "saml" {
dns_names = local.dns_names
namespace = var.namespace
labels = local.common_labels
audience = "https://${local.dns_name}/saml2/metadata"
saml_issuer = "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}"
group_mapping = <<ENDF
for group in user.ak_groups.all():
if group.name == "authentik Admins":