fix

apps/dbgate/application.tf

@@ -1,39 +1,46 @@
 locals {
-  app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
-  main-group = format("app-%s", local.app-name)
-}
-data "authentik_group" "akadmin" {
-  name = "authentik Admins"
-}
-resource "authentik_group" "groups" {
-  name         = local.main-group
-  attributes   = jsonencode({"${local.app-name}" = true})
+    dns-name = "${var.sub-domain}.${var.domain-name}"
+    dns-names = [local.dns-name]
 }
 
-resource "authentik_application" "prj_app" {
-  name              = "${var.instance}"
-  slug              = "${var.component}-${var.instance}"
-  group             = var.app-group
-  protocol_provider = authentik_provider_oauth2.oauth2.id
-  meta_launch_url   = format("https://%s.%s", var.sub-domain, var.domain-name)
-  meta_icon         = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "logo192.png")
+module "ingress" {
+  source = "../../modules/ingress"
+  "component"         = var.component
+  "instance"          = var.instance
+  "namespace"         = var.namespace
+  "issuer"            = var.issuer
+  "ingress-class"     = var.ingress-class
+  "labels"            = local.common-labels
+  "dns-names"         = local.dns-names
 }
 
-resource "authentik_policy_expression" "policy" {
-  name       = local.main-group
-  expression = <<-EOF
-    attr = request.user.group_attributes()
-    return attr['${local.app-name}'] if '${local.app-name}' in attr else False
-  EOF
+module "application" {
+  source = "../../modules/application"
+  "component"         = var.component
+  "instance"          = var.instance
+  "app-group"         = var.app-group
+  "sub-domain"        = var.sub-domain
+  "domain-name"       = var.domain-name
+  "icon"              = "logo192.png"
+  "protocol_provider" = var.use-oauth?module.oauth2.provider-id:module.forward.provider-id
 }
 
-resource "authentik_policy_binding" "prj_access_users" {
-  target = authentik_application.prj_app.uuid
-  policy = authentik_policy_expression.policy.id
-  order  = 0
+module "oauth2" {
+  count  = var.use-oauth?1:0
+  source = "../../modules/oauth2"
+  "component"         = var.component
+  "instance"          = var.instance
 }
-resource "authentik_policy_binding" "prj_access_vynil" {
-  target = authentik_application.prj_app.uuid
-  group  = data.authentik_group.akadmin.id
-  order  = 1
+
+module "forward" {
+  count  = var.use-oauth?0:1
+  source = "../../modules/forward"
+  "component"         = var.component
+  "instance"          = var.instance
+  "domain"            = var.domain
+  "namespace"         = var.namespace
+  "ingress-class"     = var.ingress-class
+  "labels"            = local.common-labels
+  "dns-names"         = local.dns-names
+  "authentik-token"   = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
 }