diff --git a/apps/dbgate/application.tf b/apps/dbgate/application.tf index 2900b7b..6c0ce06 100644 --- a/apps/dbgate/application.tf +++ b/apps/dbgate/application.tf @@ -83,6 +83,9 @@ module "forward" { dns-names = local.dns-names service = local.service icon = local.icon + request_headers = local.request_headers + application-id = module.application.application-id + policy-id = module.application.policy-id providers = { restapi = restapi http = http diff --git a/apps/dbgate/index.yaml b/apps/dbgate/index.yaml index 3d64c27..fd05376 100644 --- a/apps/dbgate/index.yaml +++ b/apps/dbgate/index.yaml @@ -6,11 +6,6 @@ metadata: name: dbgate description: null options: - use-oauth: - default: false - examples: - - false - type: boolean storage: default: accessMode: ReadWriteOnce @@ -38,7 +33,22 @@ options: - Block type: string type: object - mongo: + app-group: + default: dev + examples: + - dev + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + domain: + default: your-company + examples: + - your-company + type: string + pg: default: [] examples: - [] @@ -67,6 +77,16 @@ options: type: string type: object type: array + ingress-class: + default: traefik + examples: + - traefik + type: string + sub-domain: + default: dbgate + examples: + - dbgate + type: string maria: default: [] examples: @@ -135,37 +155,7 @@ options: type: string type: object type: object - ingress-class: - default: traefik - examples: - - traefik - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - app-group: - default: dev - examples: - - dev - type: string - sub-domain: - default: dbgate - examples: - - dbgate - type: string - domain: - default: your-company - examples: - - your-company - type: string - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - pg: + mongo: default: [] examples: - [] @@ -194,6 +184,16 @@ options: type: string type: object type: array + use-oauth: + default: false + examples: + - false + type: boolean + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string dependencies: - dist: null category: share diff --git a/modules/application/outputs.tf b/modules/application/outputs.tf index f70b80c..74aa2c7 100644 --- a/modules/application/outputs.tf +++ b/modules/application/outputs.tf @@ -1,3 +1,7 @@ -output "provider-id" { - value = authentik_provider_proxy.prj_forward.id -} \ No newline at end of file +output "application-id" { + value = authentik_application.prj_app.uuid +} + +output "policy-id" { + value = authentik_policy_expression.policy.id +} diff --git a/modules/forward/forward.tf b/modules/forward/forward.tf index f84ac8e..0e95254 100644 --- a/modules/forward/forward.tf +++ b/modules/forward/forward.tf @@ -47,25 +47,12 @@ resource "authentik_provider_proxy" "prj_forward" { mode = "forward_single" access_token_validity = var.access-token-validity } -data "authentik_group" "vynil-admin" { - name = "vynil-forward-admins" -} -resource "authentik_policy_binding" "prj_access_users" { - target = authentik_application.prj_application.uuid - policy = authentik_policy_expression.policy.id - order = 0 -} -resource "authentik_policy_binding" "prj_access_vynil" { - target = authentik_application.prj_application.uuid - group = data.authentik_group.vynil-admin.id - order = 1 -} data "http" "get_forward_outpost" { depends_on = [authentik_provider_proxy.prj_forward] url = "http://authentik.${var.domain}-auth.svc/api/v3/outposts/instances/?name__iexact=forward" method = "GET" - request_headers = local.request_headers + request_headers = var.request_headers lifecycle { postcondition { condition = contains([200], self.status_code) diff --git a/modules/forward/variables.tf b/modules/forward/variables.tf index 63b057a..d18098d 100644 --- a/modules/forward/variables.tf +++ b/modules/forward/variables.tf @@ -28,3 +28,5 @@ variable "access-token-validity" { } variable "service" { } +variable "request_headers" { +}