fix

apps/dbgate/application.tf

@@ -83,6 +83,9 @@ module "forward" {
   dns-names         = local.dns-names
   service           = local.service
   icon              = local.icon
+  request_headers   = local.request_headers
+  application-id    = module.application.application-id
+  policy-id         = module.application.policy-id
   providers = {
     restapi = restapi
     http = http

apps/dbgate/index.yaml

@@ -6,11 +6,6 @@ metadata:
   name: dbgate
   description: null
 options:
-  use-oauth:
-    default: false
-    examples:
-    - false
-    type: boolean
   storage:
     default:
       accessMode: ReadWriteOnce
@@ -38,7 +33,22 @@ options:
         - Block
         type: string
     type: object
-  mongo:
+  app-group:
+    default: dev
+    examples:
+    - dev
+    type: string
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+  pg:
     default: []
     examples:
     - []
@@ -67,6 +77,16 @@ options:
           type: string
       type: object
     type: array
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  sub-domain:
+    default: dbgate
+    examples:
+    - dbgate
+    type: string
   maria:
     default: []
     examples:
@@ -135,37 +155,7 @@ options:
             type: string
         type: object
     type: object
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  app-group:
-    default: dev
-    examples:
-    - dev
-    type: string
-  sub-domain:
-    default: dbgate
-    examples:
-    - dbgate
-    type: string
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
-  pg:
+  mongo:
     default: []
     examples:
     - []
@@ -194,6 +184,16 @@ options:
           type: string
       type: object
     type: array
+  use-oauth:
+    default: false
+    examples:
+    - false
+    type: boolean
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
 dependencies:
 - dist: null
   category: share

modules/application/outputs.tf

@@ -1,3 +1,7 @@
-output "provider-id" {
-  value       = authentik_provider_proxy.prj_forward.id
-}
+output "application-id" {
+  value       = authentik_application.prj_app.uuid
+}
+
+output "policy-id" {
+  value       = authentik_policy_expression.policy.id
+}

modules/forward/forward.tf

@@ -47,25 +47,12 @@ resource "authentik_provider_proxy" "prj_forward" {
   mode               = "forward_single"
   access_token_validity = var.access-token-validity
 }
-data "authentik_group" "vynil-admin" {
-  name = "vynil-forward-admins"
-}
-resource "authentik_policy_binding" "prj_access_users" {
-  target = authentik_application.prj_application.uuid
-  policy = authentik_policy_expression.policy.id
-  order  = 0
-}
-resource "authentik_policy_binding" "prj_access_vynil" {
-  target = authentik_application.prj_application.uuid
-  group  = data.authentik_group.vynil-admin.id
-  order  = 1
-}
 
 data "http" "get_forward_outpost" {
   depends_on = [authentik_provider_proxy.prj_forward]
   url    = "http://authentik.${var.domain}-auth.svc/api/v3/outposts/instances/?name__iexact=forward"
   method = "GET"
-  request_headers = local.request_headers
+  request_headers = var.request_headers
   lifecycle {
     postcondition {
       condition     = contains([200], self.status_code)

modules/forward/variables.tf

@@ -28,3 +28,5 @@ variable "access-token-validity" {
 }
 variable "service" {
 }
+variable "request_headers" {
+}