fix
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
locals {
|
||||
app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
||||
main-group = format("app-%s", local.app-name)
|
||||
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
||||
main-group = format("app-%s", local.app_name)
|
||||
sorted-group-names = reverse(distinct(sort([
|
||||
for grp in var.user-groups: grp.name
|
||||
])))
|
||||
@@ -19,7 +19,7 @@ data "authentik_group" "vynil-admin" {
|
||||
resource "authentik_group" "groups" {
|
||||
count = length(local.sorted-groups)
|
||||
name = local.sorted-groups[count.index].name
|
||||
attributes = jsonencode({"${local.app-name}" = true})
|
||||
attributes = jsonencode({"${local.app_name}" = true})
|
||||
}
|
||||
data "authentik_group" "readed_groups" {
|
||||
depends_on = [ authentik_group.groups ]
|
||||
@@ -38,7 +38,7 @@ resource "authentik_policy_expression" "policy" {
|
||||
name = local.main-group
|
||||
expression = <<-EOF
|
||||
attr = request.user.group_attributes()
|
||||
return attr['${local.app-name}'] if '${local.app-name}' in attr else False
|
||||
return attr['${local.app_name}'] if '${local.app_name}' in attr else False
|
||||
EOF
|
||||
}
|
||||
|
||||
@@ -61,10 +61,10 @@ resource "authentik_policy_binding" "dolibarr_ldap_access_vynil" {
|
||||
resource "authentik_application" "dolibarr_application_saml" {
|
||||
name = "${var.instance}"
|
||||
slug = "${var.component}-${var.instance}"
|
||||
group = var.app-group
|
||||
group = var.app_group
|
||||
protocol_provider = authentik_provider_saml.dolibarr.id
|
||||
meta_launch_url = format("https://%s.%s", var.sub-domain, var.domain-name)
|
||||
meta_icon = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "theme/dolibarr_256x256_color.png")
|
||||
meta_launch_url = format("https://%s.%s", var.sub_domain, var.domain_name)
|
||||
meta_icon = format("https://%s.%s/%s", var.sub_domain, var.domain_name, "theme/dolibarr_256x256_color.png")
|
||||
}
|
||||
|
||||
resource "authentik_policy_binding" "dolibarr_saml_access_users" {
|
||||
|
||||
@@ -167,7 +167,7 @@ resource "kubectl_manifest" "config" {
|
||||
DOLI_ADMIN_LOGIN: "admin_${var.instance}"
|
||||
DOLI_MODULES: "modSociete,modBlockedLog,modSamlConnector,modLdap"
|
||||
DOLI_AUTH: "dolibarr"
|
||||
DOLI_URL_ROOT: "https://${var.sub-domain}.${var.domain-name}"
|
||||
DOLI_URL_ROOT: "https://${var.sub_domain}.${var.domain_name}"
|
||||
DOLI_LDAP_PORT: "389"
|
||||
DOLI_LDAP_VERSION: "3"
|
||||
DOLI_LDAP_SERVERTYPE: "openldap"
|
||||
|
||||
@@ -89,7 +89,7 @@ options:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
sub-domain:
|
||||
sub_domain:
|
||||
default: erp
|
||||
examples:
|
||||
- erp
|
||||
@@ -155,7 +155,7 @@ options:
|
||||
default: '14'
|
||||
type: string
|
||||
type: object
|
||||
domain-name:
|
||||
domain_name:
|
||||
default: your_company.com
|
||||
examples:
|
||||
- your_company.com
|
||||
@@ -198,7 +198,7 @@ options:
|
||||
default: 2Gi
|
||||
type: string
|
||||
type: object
|
||||
app-group:
|
||||
app_group:
|
||||
default: ''
|
||||
examples:
|
||||
- ''
|
||||
@@ -341,7 +341,7 @@ options:
|
||||
- block
|
||||
type: string
|
||||
type: object
|
||||
ingress-class:
|
||||
ingress_class:
|
||||
default: traefik
|
||||
examples:
|
||||
- traefik
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
locals {
|
||||
dns-names = ["${var.sub-domain}.${var.domain-name}"]
|
||||
dns_names = ["${var.sub_domain}.${var.domain_name}"]
|
||||
middlewares = ["${var.instance}-https"]
|
||||
service = {
|
||||
"name" = "${var.instance}"
|
||||
@@ -7,7 +7,7 @@ locals {
|
||||
"number" = 80
|
||||
}
|
||||
}
|
||||
rules = [ for v in local.dns-names : {
|
||||
rules = [ for v in local.dns_names : {
|
||||
"host" = "${v}"
|
||||
"http" = {
|
||||
"paths" = [{
|
||||
@@ -31,7 +31,7 @@ resource "kubectl_manifest" "prj_certificate" {
|
||||
labels: ${jsonencode(local.common-labels)}
|
||||
spec:
|
||||
secretName: "${var.instance}-cert"
|
||||
dnsNames: ${jsonencode(local.dns-names)}
|
||||
dnsNames: ${jsonencode(local.dns_names)}
|
||||
issuerRef:
|
||||
name: "${var.issuer}"
|
||||
kind: "ClusterIssuer"
|
||||
@@ -66,10 +66,10 @@ resource "kubectl_manifest" "prj_ingress" {
|
||||
annotations:
|
||||
"traefik.ingress.kubernetes.io/router.middlewares": "${join(",", [for m in local.middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}"
|
||||
spec:
|
||||
ingressClassName: "${var.ingress-class}"
|
||||
ingressClassName: "${var.ingress_class}"
|
||||
rules: ${jsonencode(local.rules)}
|
||||
tls:
|
||||
- hosts: ${jsonencode(local.dns-names)}
|
||||
- hosts: ${jsonencode(local.dns_names)}
|
||||
secretName: "${var.instance}-cert"
|
||||
EOF
|
||||
}
|
||||
|
||||
@@ -5,7 +5,7 @@ data "kubernetes_secret_v1" "authentik" {
|
||||
}
|
||||
}
|
||||
locals {
|
||||
base-dn = format("dc=%s", join(",dc=", split(".", format("%s.%s", var.sub-domain, var.domain-name))))
|
||||
base-dn = format("dc=%s", join(",dc=", split(".", format("%s.%s", var.sub_domain, var.domain_name))))
|
||||
base-group-dn = format("ou=groups,%s", local.base-dn)
|
||||
base-user-dn = format("ou=users,%s", local.base-dn)
|
||||
authentik_url = "http://authentik.${var.domain}-auth.svc"
|
||||
|
||||
@@ -10,10 +10,10 @@ resource "kubectl_manifest" "pvc" {
|
||||
labels: ${jsonencode(local.common-labels)}
|
||||
spec:
|
||||
accessModes:
|
||||
- "${var.storage.accessMode}"
|
||||
- "${var.storage.volume.accessMode}"
|
||||
resources:
|
||||
requests:
|
||||
storage: "${var.storage.size}"
|
||||
volumeMode: "${var.storage.type}"
|
||||
storage: "${var.storage.volume.size}"
|
||||
volumeMode: "${var.storage.volume.type}"
|
||||
EOF
|
||||
}
|
||||
|
||||
@@ -13,7 +13,7 @@ resource "kubectl_manifest" "dolibarr_redis" {
|
||||
labels: ${jsonencode(local.redis-labels)}
|
||||
spec:
|
||||
kubernetesConfig:
|
||||
image: "${var.redis.image}"
|
||||
image: "${var.images.redis.registry}/${var.images.redis.repository}:${var.images.redis.tag}"
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
storage:
|
||||
volumeClaimTemplate:
|
||||
@@ -21,10 +21,10 @@ resource "kubectl_manifest" "dolibarr_redis" {
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: "${var.redis.storage}"
|
||||
storage: "${var.storage.redis}"
|
||||
redisExporter:
|
||||
enabled: ${var.redis.exporter.enabled}
|
||||
image: "${var.redis.exporter.image}"
|
||||
image: "${var.images.redis_exporter.registry}/${var.images.redis_exporter.repository}:${var.images.redis_exporter.tag}"
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
fsGroup: 1000
|
||||
|
||||
@@ -35,7 +35,7 @@ resource "kubectl_manifest" "saml_certificate" {
|
||||
labels: ${jsonencode(local.common-labels)}
|
||||
spec:
|
||||
secretName: "${var.instance}-${var.component}-saml"
|
||||
dnsNames: ${jsonencode(local.dns-names)}
|
||||
dnsNames: ${jsonencode(local.dns_names)}
|
||||
issuerRef:
|
||||
name: "self-sign"
|
||||
kind: "ClusterIssuer"
|
||||
@@ -47,7 +47,7 @@ resource "authentik_provider_saml" "dolibarr" {
|
||||
name = "dolibarr-${var.instance}-saml"
|
||||
authentication_flow = data.authentik_flow.default-authentication-flow.id
|
||||
authorization_flow = data.authentik_flow.default-authorization-flow.id
|
||||
acs_url = "https://${var.sub-domain}.${var.domain-name}/custom/samlconnector/acs.php?entity=1&fk_idp=0"
|
||||
acs_url = "https://${var.sub_domain}.${var.domain_name}/custom/samlconnector/acs.php?entity=1&fk_idp=0"
|
||||
property_mappings = data.authentik_property_mapping_saml.saml_maps.ids
|
||||
name_id_mapping = data.authentik_property_mapping_saml.saml_name.id
|
||||
signing_kp = data.authentik_certificate_key_pair.generated.id
|
||||
|
||||
Reference in New Issue
Block a user