From 705fce977dbf9b47d5519d4cd16df0e8b99e7956 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Huss?= <sebastien.huss@gmail.com>
Date: Tue, 29 Aug 2023 11:34:06 +0200
Subject: [PATCH] fix

---
 share/wildduck/index.yaml     | 98 +++++++++++++++++------------------
 share/wildduck/scim.tf        | 19 +++++++
 share/wildduck/scimgateway.tf |  6 +--
 3 files changed, 71 insertions(+), 52 deletions(-)

diff --git a/share/wildduck/index.yaml b/share/wildduck/index.yaml
index 94ba0e7..d0b5e6f 100644
--- a/share/wildduck/index.yaml
+++ b/share/wildduck/index.yaml
@@ -11,59 +11,11 @@ options:
     examples:
     - letsencrypt-prod
     type: string
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
-  redis:
-    default:
-      exporter:
-        enabled: true
-        image: quay.io/opstree/redis-exporter:v1.44.0
-      image: quay.io/opstree/redis:v7.0.5
-      storage: 2Gi
-    examples:
-    - exporter:
-        enabled: true
-        image: quay.io/opstree/redis-exporter:v1.44.0
-      image: quay.io/opstree/redis:v7.0.5
-      storage: 2Gi
-    properties:
-      exporter:
-        default:
-          enabled: true
-          image: quay.io/opstree/redis-exporter:v1.44.0
-        properties:
-          enabled:
-            default: true
-            type: boolean
-          image:
-            default: quay.io/opstree/redis-exporter:v1.44.0
-            type: string
-        type: object
-      image:
-        default: quay.io/opstree/redis:v7.0.5
-        type: string
-      storage:
-        default: 2Gi
-        type: string
-    type: object
   additional-domains:
     default: []
     items:
       type: string
     type: array
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
-  sub-domain:
-    default: mail
-    examples:
-    - mail
-    type: string
   backups:
     default:
       enable: false
@@ -94,6 +46,11 @@ options:
         default: backup-settings
         type: string
     type: object
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
   ingress-class:
     default: traefik
     examples:
@@ -308,6 +265,49 @@ options:
             type: string
         type: object
     type: object
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+  sub-domain:
+    default: mail
+    examples:
+    - mail
+    type: string
+  redis:
+    default:
+      exporter:
+        enabled: true
+        image: quay.io/opstree/redis-exporter:v1.44.0
+      image: quay.io/opstree/redis:v7.0.5
+      storage: 2Gi
+    examples:
+    - exporter:
+        enabled: true
+        image: quay.io/opstree/redis-exporter:v1.44.0
+      image: quay.io/opstree/redis:v7.0.5
+      storage: 2Gi
+    properties:
+      exporter:
+        default:
+          enabled: true
+          image: quay.io/opstree/redis-exporter:v1.44.0
+        properties:
+          enabled:
+            default: true
+            type: boolean
+          image:
+            default: quay.io/opstree/redis-exporter:v1.44.0
+            type: string
+        type: object
+      image:
+        default: quay.io/opstree/redis:v7.0.5
+        type: string
+      storage:
+        default: 2Gi
+        type: string
+    type: object
 dependencies:
 - dist: null
   category: dbo
@@ -323,6 +323,6 @@ providers:
   authentik: true
   kubectl: true
   postgresql: null
-  restapi: null
+  restapi: true
   http: null
 tfaddtype: null
diff --git a/share/wildduck/scim.tf b/share/wildduck/scim.tf
index 00d2114..67ae24e 100644
--- a/share/wildduck/scim.tf
+++ b/share/wildduck/scim.tf
@@ -13,3 +13,22 @@ resource "authentik_provider_scim" "scim" {
   property_mappings       = [data.authentik_property_mapping_scim.user.id]
   property_mappings_group = [data.authentik_property_mapping_scim.group.id]
 }
+
+provider "restapi" {
+  uri = "http://authentik.${var.domain}-auth.svc/api/v3/"
+  headers = local.request_headers
+  create_method = "PATCH"
+  update_method = "PATCH"
+  destroy_method = "PATCH"
+  write_returns_object = true
+  id_attribute = "name"
+}
+
+resource "restapi_object" "ldap_outpost_binding" {
+  path = "/providers/scim/${authentik_provider_scim.scim.id}/"
+  data = jsonencode({
+    name = authentik_provider_scim.scim.name
+    exclude_users_service_account = true
+    filter_group = authentik_group.groups.id
+  })
+}
diff --git a/share/wildduck/scimgateway.tf b/share/wildduck/scimgateway.tf
index 725e024..4374d18 100644
--- a/share/wildduck/scimgateway.tf
+++ b/share/wildduck/scimgateway.tf
@@ -57,7 +57,7 @@ resource "kubectl_manifest" "scimgateway_deploy" {
             - name: "WILDDUCK_DOMAIN"
               value: "${var.domain-name}"
             - name: "WILDDUCK_API"
-              value: "${var.instance}-wildduck-api.${var.namespace}.svc"
+              value: "http://${var.instance}-wildduck-api.${var.namespace}.svc"
             - name: SEED
               valueFrom:
                 secretKeyRef:
@@ -67,12 +67,12 @@ resource "kubectl_manifest" "scimgateway_deploy" {
               valueFrom:
                 secretKeyRef:
                   name: "${var.instance}"
-                  key: access
+                  key: authentik
             - name: WILDDUCK_TOKEN
               valueFrom:
                 secretKeyRef:
                   name: "${var.instance}"
-                  key: authentik
+                  key: access
             - name: WILDDUCK_INITIAL_PASSWD
               valueFrom:
                 secretKeyRef: