fix

modules/application/application.tf

@@ -1,36 +1,36 @@
 locals {
-  app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
-  main-group = format("app-%s", local.app-name)
+  app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
+  main-group = format("app-%s", local.app_name)
 }
 data "authentik_group" "akadmin" {
   name = "authentik Admins"
 }
 resource "authentik_group" "groups" {
   name         = local.main-group
-  attributes   = jsonencode({"${local.app-name}" = true})
+  attributes   = jsonencode({"${local.app_name}" = true})
 }
 
 resource "authentik_group" "subgroup" {
   count = length(var.sub-groups)
-  name         = format("%s-%s", local.app-name, var.sub-groups[count.index])
+  name         = format("%s-%s", local.app_name, var.sub-groups[count.index])
   parent       = authentik_group.groups.id
 }
 
 resource "authentik_application" "prj_app" {
   name              = "${var.instance}"
   slug              = "${var.component}-${var.instance}"
-  group             = var.app-group
+  group             = var.app_group
   protocol_provider = var.protocol_provider
   backchannel_providers = var.backchannel_providers
-  meta_launch_url   = format("https://%s", var.dns-name)
-  meta_icon         = format("https://%s/%s", var.dns-name, var.icon)
+  meta_launch_url   = format("https://%s", var.dns_name)
+  meta_icon         = format("https://%s/%s", var.dns_name, var.icon)
 }
 
 resource "authentik_policy_expression" "policy" {
   name       = local.main-group
   expression = <<-EOF
     attr = request.user.group_attributes()
-    return attr['${local.app-name}'] if '${local.app-name}' in attr else False
+    return attr['${local.app_name}'] if '${local.app_name}' in attr else False
   EOF
 }
 

modules/application/variables.tf

@@ -7,14 +7,14 @@ variable "instance" {
 variable "icon" {
   type        = string
 }
-variable "app-group" {
+variable "app_group" {
   type        = string
 }
 variable "protocol_provider" {
   type        = number
   default     = null
 }
-variable "dns-name" {
+variable "dns_name" {
   type        = string
 }
 variable "sub-groups" {

modules/forward/forward.tf

@@ -1,10 +1,10 @@
 locals {
   forward-outpost-providers = jsondecode(data.http.get_forward_outpost.response_body).results[0].providers
   forward-outpost-pk = jsondecode(data.http.get_forward_outpost.response_body).results[0].pk
-  app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
-  main-group = format("app-%s", local.app-name)
-  external-url = format("https://%s", var.dns-names[0])
-  rules-icons = [ for v in var.dns-names : {
+  app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
+  main-group = format("app-%s", local.app_name)
+  external-url = format("https://%s", var.dns_names[0])
+  rules-icons = [ for v in var.dns_names : {
       "host" = "${v}"
       "http" = {
         "paths" = [{
@@ -28,10 +28,10 @@ resource "kubectl_manifest" "prj_ingress_icon" {
       namespace: "${var.namespace}"
       labels: ${jsonencode(var.labels)}
     spec:
-      ingressClassName: "${var.ingress-class}"
+      ingressClassName: "${var.ingress_class}"
       rules: ${jsonencode(local.rules-icons)}
       tls:
-      - hosts: ${jsonencode(var.dns-names)}
+      - hosts: ${jsonencode(var.dns_names)}
         secretName: "${var.instance}-cert"
   EOF
 }
@@ -41,7 +41,7 @@ data "authentik_flow" "default-authorization-flow" {
 }
 
 resource "authentik_provider_proxy" "prj_forward" {
-  name               = local.app-name
+  name               = local.app_name
   external_host      = local.external-url
   authorization_flow = data.authentik_flow.default-authorization-flow.id
   mode               = "forward_single"
@@ -74,7 +74,7 @@ resource "kubectl_manifest" "prj_middleware" {
     apiVersion: traefik.containo.us/v1alpha1
     kind: Middleware
     metadata:
-        name: "forward-${local.app-name}"
+        name: "forward-${local.app_name}"
         namespace: "${var.namespace}"
         labels: ${jsonencode(var.labels)}
     spec:

modules/forward/variables.tf

@@ -13,13 +13,13 @@ variable "domain" {
 variable "namespace" {
   type        = string
 }
-variable "ingress-class" {
+variable "ingress_class" {
   type        = string
 }
 variable "labels" {
   type        = map(string)
 }
-variable "dns-names" {
+variable "dns_names" {
   type        = list(string)
 }
 variable "access-token-validity" {

modules/ingress/ingress.tf

@@ -1,6 +1,6 @@
 
 locals {
-    rules = [ for v in var.dns-names : {
+    rules = [ for v in var.dns_names : {
       "host" = "${v}"
       "http" = {
         "paths" = [{
@@ -25,7 +25,7 @@ resource "kubectl_manifest" "prj_certificate" {
       labels: ${jsonencode(var.labels)}
     spec:
         secretName: "${var.instance}${var.component==""?"":"-"}${var.component}-cert"
-        dnsNames: ${jsonencode(var.dns-names)}
+        dnsNames: ${jsonencode(var.dns_names)}
         issuerRef:
           name: "${var.issuer}"
           kind: "ClusterIssuer"
@@ -61,10 +61,10 @@ resource "kubectl_manifest" "prj_ingress" {
       annotations:
         "traefik.ingress.kubernetes.io/router.middlewares": "${join(",", [for m in concat(["${var.instance}-https"],var.middlewares) : format("%s-%s@kubernetescrd", var.namespace, m)])}"
     spec:
-      ingressClassName: "${var.ingress-class}"
+      ingressClassName: "${var.ingress_class}"
       rules: ${jsonencode(local.rules)}
       tls:
-      - hosts: ${jsonencode(var.dns-names)}
+      - hosts: ${jsonencode(var.dns_names)}
         secretName: "${var.instance}${var.secret-component!=""?"-${var.secret-component}":var.component==""?"":"-${var.component}"}-cert"
   EOF
 }

modules/ingress/variables.tf

@@ -10,14 +10,14 @@ variable "namespace" {
 variable "issuer" {
   type        = string
 }
-variable "ingress-class" {
+variable "ingress_class" {
   type        = string
 }
 
 variable "labels" {
   type        = map(string)
 }
-variable "dns-names" {
+variable "dns_names" {
   type        = list(string)
 }
 variable "middlewares" {

modules/oauth2/oauth2.tf

@@ -50,7 +50,7 @@ resource "authentik_provider_oauth2" "oauth2" {
   signing_key         = data.authentik_certificate_key_pair.ca.id
   property_mappings   = data.authentik_scope_mapping.oauth2.ids
   redirect_uris       = [
-    "https://${var.dns-name}/${var.redirect-path}"
+    "https://${var.dns_name}/${var.redirect-path}"
   ]
 }
 

modules/oauth2/variables.tf

@@ -10,7 +10,7 @@ variable "namespace" {
 variable "labels" {
   type        = map(string)
 }
-variable "dns-name" {
+variable "dns_name" {
   type        = string
 }
 variable "redirect-path" {

modules/saml/saml.tf

@@ -35,7 +35,7 @@ resource "kubectl_manifest" "saml_certificate" {
       labels: ${jsonencode(var.labels)}
     spec:
         secretName: "${var.instance}-${var.component}-saml"
-        dnsNames: ${jsonencode(var.dns-names)}
+        dnsNames: ${jsonencode(var.dns_names)}
         issuerRef:
           name: "self-sign"
           kind: "ClusterIssuer"
@@ -47,7 +47,7 @@ resource "authentik_provider_saml" "prj" {
   name                = "${var.component}-${var.instance}-saml"
   authentication_flow = data.authentik_flow.default-authentication-flow.id
   authorization_flow  = data.authentik_flow.default-authorization-flow.id
-  acs_url             = "https://${var.dns-names[0]}/${var.acs-path}"
+  acs_url             = "https://${var.dns_names[0]}/${var.acs-path}"
   property_mappings   = data.authentik_property_mapping_saml.saml_maps.ids
   name_id_mapping     = data.authentik_property_mapping_saml.saml_name.id
   signing_kp          = data.authentik_certificate_key_pair.generated.id

modules/saml/variables.tf

@@ -4,7 +4,7 @@ variable "component" {
 variable "instance" {
   type        = string
 }
-variable "dns-names" {
+variable "dns_names" {
   type        = list(string)
 }
 variable "acs-path" {