diff --git a/apps/wordpress/index.yaml b/apps/wordpress/index.yaml index 2173723..1acf017 100644 --- a/apps/wordpress/index.yaml +++ b/apps/wordpress/index.yaml @@ -120,6 +120,7 @@ options: config: default: admin_name: wordpress_admin + extra_admins: '' is_debug: false locale: fr_FR locales: fr_FR en_US @@ -128,6 +129,7 @@ options: themes: '' examples: - admin_name: wordpress_admin + extra_admins: '' is_debug: false locale: fr_FR locales: fr_FR en_US @@ -138,6 +140,9 @@ options: admin_name: default: wordpress_admin type: string + extra_admins: + default: '' + type: string is_debug: default: false type: boolean @@ -462,6 +467,16 @@ options: examples: - 1 type: integer + sso: + default: + name: vynil + examples: + - name: vynil + properties: + name: + default: vynil + type: string + type: object storage: default: ndb: diff --git a/apps/wordpress/presentation.tf b/apps/wordpress/presentation.tf index faaca24..f5c5106 100644 --- a/apps/wordpress/presentation.tf +++ b/apps/wordpress/presentation.tf @@ -11,7 +11,7 @@ locals { dns_name = "${var.sub_domain}.${var.domain_name}" dns_names = [local.dns_name] app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) - icon = "logo192.png" + icon = "wp-admin/load-styles.php?c=0&dir=ltr&load%5Bchunk_0%5D=dashicons,admin-bar,common,forms,admin-menu,dashboard,list-tables,edit,revisions,media,themes,about,nav-menus,wp-pointer,widgets&load%5Bchunk_1%5D=,site-icon,l10n,buttons,wp-auth-check" request_headers = { "Content-Type" = "application/json" Authorization = "Bearer ${data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]}" diff --git a/apps/wordpress/wordpress_ConfigMap.tf b/apps/wordpress/wordpress_ConfigMap.tf index ee55d39..1476d39 100644 --- a/apps/wordpress/wordpress_ConfigMap.tf +++ b/apps/wordpress/wordpress_ConfigMap.tf @@ -19,6 +19,7 @@ resource "kubectl_manifest" "wordpress_cfg" { WORDPRESS_THEMES: "${var.config.themes}" WORDPRESS_THEME: "${var.config.theme}" WORDPRESS_LOCALES: "${var.config.locales}" + WORDPRESS_ADMINS: "${var.config.extra_admins}" WORDPRESS_LOCALE: "${var.config.locale}" WORDPRESS_CONFIG_EXTRA: | #### general settings @@ -77,6 +78,16 @@ resource "kubectl_manifest" "wordpress_files" { wp language plugin install --all $WORDPRESS_LOCALE wp language core activate $WORDPRESS_LOCALE fi + if wp option get mo_oauth_apps_list >/dev/null 2>&1;then + wp option update --format=json mo_oauth_apps_list "$WORDPRESS_SSO_CONFIG" + else + wp option add --format=json mo_oauth_apps_list "$WORDPRESS_SSO_CONFIG" + fi + for ADMIN in $(echo "$WORDPRESS_ADMINS"|sed 's/;/ /g;s/,/ /g');do + if wp user get $ADMIN >/dev/null 2>&1;then + wp user add-role $ADMIN administrator + fi + done wp core update-db wp-cli: |- #!/bin/sh diff --git a/apps/wordpress/wordpress_Secret.tf b/apps/wordpress/wordpress_Secret.tf index 9cdaa4a..9ce537e 100644 --- a/apps/wordpress/wordpress_Secret.tf +++ b/apps/wordpress/wordpress_Secret.tf @@ -43,6 +43,27 @@ resource "random_password" "ADM_PASS" { special = false } +locals { + sso_config = { + "${var.sso.name}" = { + "ssoprotocol" ="oauth" + "apptype" = "oauth" + "send_headers" = "1" + "send_body" = "0" + "send_state" = 1 + "show_on_login_page" = 1 + "appId" = "vynil" + "scope" = "email openid profile" + "username_attr" = "preferred_username" + "clientid" = module.oauth2.client_id + "clientsecret" = module.oauth2.client_secret + "redirecturi" = "https://${local.dns_name}" + "authorizeurl" = module.oauth2.sso_authorize_url + "accesstokenurl" = module.oauth2.sso_token_url + "resourceownerdetailsurl" = module.oauth2.sso_userinfo_url + } + } +} resource "kubectl_manifest" "secret" { yaml_body = <<-EOF apiVersion: v1 @@ -63,6 +84,7 @@ resource "kubectl_manifest" "secret" { WORDPRESS_DB_PASSWORD: "${random_password.mysql_comp_pass.result}" WORDPRESS_ADMIN_NAME: "${var.config.admin_name}" WORDPRESS_ADMIN_PASSWORD: "${random_password.ADM_PASS.result}" + WORDPRESS_SSO_CONFIG: "${jsonencode(local.sso_config)}" EOF }