From cf29a7252dc70e32de915d184494b50974b349fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Huss?= <sebastien.huss@gmail.com>
Date: Mon, 29 Jan 2024 09:01:44 +0100
Subject: [PATCH] fix

---
 share/authentik/index.yaml      | 283 ++++++++++++++++----------------
 share/authentik/ingress.tf      |  75 ---------
 share/authentik/presentation.tf |  67 ++++++++
 3 files changed, 209 insertions(+), 216 deletions(-)
 delete mode 100644 share/authentik/ingress.tf
 create mode 100644 share/authentik/presentation.tf

diff --git a/share/authentik/index.yaml b/share/authentik/index.yaml
index 665f938..4e75ae4 100644
--- a/share/authentik/index.yaml
+++ b/share/authentik/index.yaml
@@ -6,132 +6,31 @@ metadata:
   name: authentik
   description: authentik is an open-source Identity Provider focused on flexibility and versatility
 options:
-  redis:
-    default:
-      exporter:
-        enabled: true
-    examples:
-    - exporter:
-        enabled: true
-    properties:
-      exporter:
-        default:
-          enabled: true
-        properties:
-          enabled:
-            default: true
-            type: boolean
-        type: object
-    type: object
-  error_reporting:
-    default:
-      enabled: false
-      environment: k8s
-      send_pii: false
-    examples:
-    - enabled: false
-      environment: k8s
-      send_pii: false
-    properties:
-      enabled:
-        default: false
-        type: boolean
-      environment:
-        default: k8s
-        type: string
-      send_pii:
-        default: false
-        type: boolean
-    type: object
-  backups:
-    default:
-      enable: false
-      endpoint: ''
-      key_id_key: s3-id
-      retention:
-        db: 30d
-      schedule:
-        db: 0 3 * * *
-      secret_key: s3-secret
-      secret_name: backup-settings
-      use_barman: false
-    examples:
-    - enable: false
-      endpoint: ''
-      key_id_key: s3-id
-      retention:
-        db: 30d
-      schedule:
-        db: 0 3 * * *
-      secret_key: s3-secret
-      secret_name: backup-settings
-      use_barman: false
-    properties:
-      enable:
-        default: false
-        type: boolean
-      endpoint:
-        default: ''
-        type: string
-      key_id_key:
-        default: s3-id
-        type: string
-      retention:
-        default:
-          db: 30d
-        properties:
-          db:
-            default: 30d
-            type: string
-        type: object
-      schedule:
-        default:
-          db: 0 3 * * *
-        properties:
-          db:
-            default: 0 3 * * *
-            type: string
-        type: object
-      secret_key:
-        default: s3-secret
-        type: string
-      secret_name:
-        default: backup-settings
-        type: string
-      use_barman:
-        default: false
-        type: boolean
-    type: object
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  postgres:
-    default:
-      replicas: 1
-    examples:
-    - replicas: 1
-    properties:
-      replicas:
-        default: 1
-        type: integer
-    type: object
-  sub_domain:
-    default: auth
-    examples:
-    - auth
-    type: string
-  ingress_class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
   domain_name:
     default: your_company.com
     examples:
     - your_company.com
     type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  loglevel:
+    default: info
+    examples:
+    - info
+    type: string
+  admin:
+    default:
+      email: auth-admin
+    examples:
+    - email: auth-admin
+    properties:
+      email:
+        default: auth-admin
+        type: string
+    type: object
   images:
     default:
       app:
@@ -269,26 +168,21 @@ options:
             type: string
         type: object
     type: object
+  postgres:
+    default:
+      replicas: 1
+    examples:
+    - replicas: 1
+    properties:
+      replicas:
+        default: 1
+        type: integer
+    type: object
   domain:
     default: your-company
     examples:
     - your-company
     type: string
-  loglevel:
-    default: info
-    examples:
-    - info
-    type: string
-  admin:
-    default:
-      email: auth-admin
-    examples:
-    - email: auth-admin
-    properties:
-      email:
-        default: auth-admin
-        type: string
-    type: object
   storage:
     default:
       postgres:
@@ -318,11 +212,6 @@ options:
             type: string
         type: object
     type: object
-  geoip:
-    default: /geoip/GeoLite2-City.mmdb
-    examples:
-    - /geoip/GeoLite2-City.mmdb
-    type: string
   email:
     default:
       port: 587
@@ -348,6 +237,117 @@ options:
         default: false
         type: boolean
     type: object
+  error_reporting:
+    default:
+      enabled: false
+      environment: k8s
+      send_pii: false
+    examples:
+    - enabled: false
+      environment: k8s
+      send_pii: false
+    properties:
+      enabled:
+        default: false
+        type: boolean
+      environment:
+        default: k8s
+        type: string
+      send_pii:
+        default: false
+        type: boolean
+    type: object
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key_id_key: s3-id
+      retention:
+        db: 30d
+      schedule:
+        db: 0 3 * * *
+      secret_key: s3-secret
+      secret_name: backup-settings
+      use_barman: false
+    examples:
+    - enable: false
+      endpoint: ''
+      key_id_key: s3-id
+      retention:
+        db: 30d
+      schedule:
+        db: 0 3 * * *
+      secret_key: s3-secret
+      secret_name: backup-settings
+      use_barman: false
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key_id_key:
+        default: s3-id
+        type: string
+      retention:
+        default:
+          db: 30d
+        properties:
+          db:
+            default: 30d
+            type: string
+        type: object
+      schedule:
+        default:
+          db: 0 3 * * *
+        properties:
+          db:
+            default: 0 3 * * *
+            type: string
+        type: object
+      secret_key:
+        default: s3-secret
+        type: string
+      secret_name:
+        default: backup-settings
+        type: string
+      use_barman:
+        default: false
+        type: boolean
+    type: object
+  ingress_class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  redis:
+    default:
+      exporter:
+        enabled: true
+    examples:
+    - exporter:
+        enabled: true
+    properties:
+      exporter:
+        default:
+          enabled: true
+        properties:
+          enabled:
+            default: true
+            type: boolean
+        type: object
+    type: object
+  sub_domain:
+    default: auth
+    examples:
+    - auth
+    type: string
+  geoip:
+    default: /geoip/GeoLite2-City.mmdb
+    examples:
+    - /geoip/GeoLite2-City.mmdb
+    type: string
 dependencies:
 - dist: null
   category: core
@@ -372,6 +372,7 @@ providers:
   authentik: true
   kubectl: true
   postgresql: null
+  mysql: null
   restapi: null
   http: null
   gitea: null
diff --git a/share/authentik/ingress.tf b/share/authentik/ingress.tf
deleted file mode 100644
index 8dc29b4..0000000
--- a/share/authentik/ingress.tf
+++ /dev/null
@@ -1,75 +0,0 @@
-locals {
-    dns_names = ["${var.sub_domain}.${var.domain_name}"]
-    middlewares = ["${var.instance}-https"]
-    service = {
-      "name"  = "${var.instance}"
-      "port" = {
-        "number" = 80
-      }
-    }
-    rules = [ for v in local.dns_names : {
-      "host" = "${v}"
-      "http" = {
-        "paths" = [{
-          "backend"  = {
-            "service" = local.service
-          }
-          "path"     = "/"
-          "pathType" = "Prefix"
-        }]
-      }
-    }]
-}
-
-resource "kubectl_manifest" "prj_certificate" {
-  yaml_body  = <<-EOF
-    apiVersion: "cert-manager.io/v1"
-    kind: "Certificate"
-    metadata:
-      name: "${var.instance}"
-      namespace: "${var.namespace}"
-      labels: ${jsonencode(local.common-labels)}
-    spec:
-        secretName: "${var.instance}-cert"
-        dnsNames: ${jsonencode(local.dns_names)}
-        issuerRef:
-          name: "${var.issuer}"
-          kind: "ClusterIssuer"
-          group: "cert-manager.io"
-  EOF
-}
-
-resource "kubectl_manifest" "prj_https_redirect" {
-  yaml_body  = <<-EOF
-    apiVersion: "traefik.containo.us/v1alpha1"
-    kind: "Middleware"
-    metadata:
-      name: "${var.instance}-https"
-      namespace: "${var.namespace}"
-      labels: ${jsonencode(local.common-labels)}
-    spec:
-      redirectScheme:
-        scheme: "https"
-        permanent: true
-  EOF
-}
-
-resource "kubectl_manifest" "prj_ingress" {
-  force_conflicts = true
-  yaml_body  = <<-EOF
-    apiVersion: "networking.k8s.io/v1"
-    kind: "Ingress"
-    metadata:
-      name: "${var.instance}"
-      namespace: "${var.namespace}"
-      labels: ${jsonencode(local.common-labels)}
-      annotations:
-        "traefik.ingress.kubernetes.io/router.middlewares": "${join(",", [for m in local.middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}"
-    spec:
-      ingressClassName: "${var.ingress_class}"
-      rules: ${jsonencode(local.rules)}
-      tls:
-      - hosts: ${jsonencode(local.dns_names)}
-        secretName: "${var.instance}-cert"
-  EOF
-}
diff --git a/share/authentik/presentation.tf b/share/authentik/presentation.tf
new file mode 100644
index 0000000..67b8116
--- /dev/null
+++ b/share/authentik/presentation.tf
@@ -0,0 +1,67 @@
+locals {
+    dns_names = ["${var.sub_domain}.${var.domain_name}"]
+    service = {
+      "name"  = "${var.instance}"
+      "port" = {
+        "number" = 80
+      }
+    }
+}
+resource "kubectl_manifest" "gitlab_userinfo" {
+  yaml_body  = <<-EOF
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: Middleware
+    metadata:
+      name: "${var.instance}-gitlab-userinfo"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      replacePathRegex:
+        regex: ^/application/o/[^\\/]*/api/v4/user
+        replacement: /application/o/userinfo/
+    EOF
+}
+resource "kubectl_manifest" "gitlab_authorize" {
+  yaml_body  = <<-EOF
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: Middleware
+    metadata:
+      name: "${var.instance}-gitlab-authorize"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      replacePathRegex:
+        regex: ^/application/o/[^\\/]*/oauth/authorize
+        replacement: /application/o/authorize/
+    EOF
+}
+resource "kubectl_manifest" "gitlab_token" {
+  yaml_body  = <<-EOF
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: Middleware
+    metadata:
+      name: "${var.instance}-gitlab-token"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      replacePathRegex:
+        regex: ^/application/o/[^\\/]*/oauth/token
+        replacement: /application/o/token/
+    EOF
+}
+module "ingress" {
+  source = "git::https://git.solidite.fr/vynil/kydah-modules.git//ingress"
+  component         = ""
+  instance          = var.instance
+  namespace         = var.namespace
+  issuer            = var.issuer
+  ingress_class     = var.ingress_class
+  labels            = local.common-labels
+  dns_names         = local.dns_names
+  middlewares       = [kubectl_manifest.gitlab_userinfo.name,kubectl_manifest.gitlab_authorize.name,kubectl_manifest.gitlab_token.name]
+  services          = [local.service]
+  providers = {
+    kubectl = kubectl
+  }
+}
+