fix

2023-10-01 09:45:28 +02:00
parent a374fe5e66
commit f15202de63
13 changed files with 785 additions and 57 deletions
--- a/meta/domain-auth/apps.tf
+++ b/meta/domain-auth/apps.tf
@@ -1,17 +1,17 @@
 locals {
    annotations = {
-      "vynil.solidite.fr/meta" = var.component
-      "vynil.solidite.fr/name" = "${var.namespace}-auth"
-      "vynil.solidite.fr/domain" = var.domain-name
-      "vynil.solidite.fr/issuer" = var.issuer
+      "vynil.solidite.fr/meta"    = var.component
+      "vynil.solidite.fr/name"    = "${var.namespace}-auth"
+      "vynil.solidite.fr/domain"  = var.domain-name
+      "vynil.solidite.fr/issuer"  = var.issuer
      "vynil.solidite.fr/ingress" = var.ingress-class
    }
    global = {
-        "domain" = var.namespace
-        "domain-name" = var.domain-name
-        "issuer" = var.issuer
+        "domain"        = var.namespace
+        "domain-name"   = var.domain-name
+        "issuer"        = var.issuer
        "ingress-class" = var.ingress-class
-        "backups"        = var.backups
+        "backups"       = var.backups
    }
    authentik = { for k, v in var.authentik : k => v if k!="enable" }
    authentik-ldap = { for k, v in var.authentik-ldap : k => v if k!="enable" }
--- a/meta/domain-auth/divisions.tf
+++ b/meta/domain-auth/divisions.tf
@@ -0,0 +1,117 @@
+locals {
+  sorted-div-clients-names = reverse(distinct(sort([
+    for div in var.clients.divisions: div.name
+  ])))
+  sorted-div-clients = flatten([
+    for name in local.sorted-div-clients-names: [
+      for div in var.clients.divisions:
+        div if div.name == name
+    ]
+  ])
+  sorted-div-employes-names = reverse(distinct(sort([
+    for div in var.employes.divisions: div.name
+  ])))
+  sorted-div-employes = flatten([
+    for name in local.sorted-div-employes-names: [
+      for div in var.employes.divisions:
+        div if div.name == name
+    ]
+  ])
+  sorted-div-fournisseurs-names = reverse(distinct(sort([
+    for div in var.fournisseurs.divisions: div.name
+  ])))
+  sorted-div-fournisseurs = flatten([
+    for name in local.sorted-div-fournisseurs-names: [
+      for div in var.fournisseurs.divisions:
+        div if div.name == name
+    ]
+  ])
+}
+
+resource "kubectl_manifest" "accounts-management" {
+  count = var.authentik.enable && var.employes.enable ? 1 : 0
+  depends_on = [kubernetes_namespace_v1.auth-ns]
+  yaml_body  = <<-EOF
+    apiVersion: "vynil.solidite.fr/v1"
+    kind: "Install"
+    metadata:
+      name: "accounts-management"
+      namespace: "${var.namespace}-auth"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      distrib: "${var.distributions.domain}"
+      category: "share"
+      component: "accounts-management"
+      options: ${jsonencode(merge(local.global, {
+        clients = var.clients
+        employes = var.employes
+        fournisseurs = var.fournisseurs
+      }))}
+  EOF
+}
+
+resource "kubectl_manifest" "employes-divisions" {
+  count = var.authentik.enable && var.employes.enable ? length(local.sorted-div-employes) : 0
+  depends_on = [kubernetes_namespace_v1.auth-ns,kubectl_manifest.accounts-management]
+  yaml_body  = <<-EOF
+    apiVersion: "vynil.solidite.fr/v1"
+    kind: "Install"
+    metadata:
+      name: "employes-${local.sorted-div-employes[count.index].name}"
+      namespace: "${var.namespace}-auth"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      distrib: "${var.distributions.domain}"
+      category: "share"
+      component: "division"
+      options: ${jsonencode(merge(local.global, {
+        parent = "employes"
+        apps   = local.sorted-div-employes[count.index].apps
+        teams  = local.sorted-div-employes[count.index].teams
+      }))}
+  EOF
+}
+
+resource "kubectl_manifest" "clients-divisions" {
+  count = var.authentik.enable && var.employes.enable && var.clients.enable ? length(local.sorted-div-clients) : 0
+  depends_on = [kubernetes_namespace_v1.auth-ns,kubectl_manifest.accounts-management]
+  yaml_body  = <<-EOF
+    apiVersion: "vynil.solidite.fr/v1"
+    kind: "Install"
+    metadata:
+      name: "clients-${local.sorted-div-clients[count.index].name}"
+      namespace: "${var.namespace}-auth"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      distrib: "${var.distributions.domain}"
+      category: "share"
+      component: "division"
+      options: ${jsonencode(merge(local.global, {
+        parent = "clients"
+        apps   = local.sorted-div-clients[count.index].apps
+        teams  = local.sorted-div-clients[count.index].teams
+      }))}
+  EOF
+}
+
+resource "kubectl_manifest" "fournisseurs-divisions" {
+  count = var.authentik.enable && var.employes.enable && var.fournisseurs.enable ? length(local.sorted-div-fournisseurs) : 0
+  depends_on = [kubernetes_namespace_v1.auth-ns,kubectl_manifest.accounts-management]
+  yaml_body  = <<-EOF
+    apiVersion: "vynil.solidite.fr/v1"
+    kind: "Install"
+    metadata:
+      name: "fournisseurs-${local.sorted-div-fournisseurs[count.index].name}"
+      namespace: "${var.namespace}-auth"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      distrib: "${var.distributions.domain}"
+      category: "share"
+      component: "division"
+      options: ${jsonencode(merge(local.global, {
+        parent = "fournisseurs"
+        apps   = local.sorted-div-fournisseurs[count.index].apps
+        teams  = local.sorted-div-fournisseurs[count.index].teams
+      }))}
+  EOF
+}
--- a/meta/domain-auth/index.yaml
+++ b/meta/domain-auth/index.yaml
@@ -6,51 +6,6 @@ metadata:
  name: domain-auth
  description: null
 options:
-  distributions:
-    default:
-      core: core
-      domain: domain
-    examples:
-    - core: core
-      domain: domain
-    properties:
-      core:
-        default: core
-        type: string
-      domain:
-        default: domain
-        type: string
-    type: object
-  authentik-forward:
-    default:
-      enable: false
-    examples:
-    - enable: false
-    properties:
-      enable:
-        default: false
-        type: boolean
-    type: object
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  authentik:
-    default:
-      enable: true
-    examples:
-    - enable: true
-    properties:
-      enable:
-        default: true
-        type: boolean
-    type: object
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
  authentik-ldap:
    default:
      enable: false
@@ -61,6 +16,30 @@ options:
        default: false
        type: boolean
    type: object
+  employes:
+    properties:
+      apps:
+        items:
+          type: string
+        type: array
+      divisions:
+        items:
+          properties:
+            apps:
+              items:
+                type: string
+              type: array
+            name:
+              type: string
+            teams:
+              items:
+                type: object
+              type: array
+          type: object
+        type: array
+      enable:
+        default: true
+        type: boolean
  backups:
    default:
      enable: false
@@ -91,11 +70,45 @@ options:
        default: backup-settings
        type: string
    type: object
-  ingress-class:
-    default: traefik
+  distributions:
+    default:
+      core: core
+      domain: domain
    examples:
-    - traefik
-    type: string
+    - core: core
+      domain: domain
+    properties:
+      core:
+        default: core
+        type: string
+      domain:
+        default: domain
+        type: string
+    type: object
+  clients:
+    properties:
+      apps:
+        items:
+          type: string
+        type: array
+      divisions:
+        items:
+          properties:
+            apps:
+              items:
+                type: string
+              type: array
+            name:
+              type: string
+            teams:
+              items:
+                type: object
+              type: array
+          type: object
+        type: array
+      enable:
+        default: false
+        type: boolean
  storage-classes:
    default:
      BlockReadWriteMany: ''
@@ -121,11 +134,70 @@ options:
        default: ''
        type: string
    type: object
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  fournisseurs:
+    properties:
+      apps:
+        items:
+          type: string
+        type: array
+      divisions:
+        items:
+          properties:
+            apps:
+              items:
+                type: string
+              type: array
+            name:
+              type: string
+            teams:
+              items:
+                type: object
+              type: array
+          type: object
+        type: array
+      enable:
+        default: false
+        type: boolean
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  authentik:
+    default:
+      enable: true
+    examples:
+    - enable: true
+    properties:
+      enable:
+        default: true
+        type: boolean
+    type: object
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
  domain:
    default: your-company
    examples:
    - your-company
    type: string
+  authentik-forward:
+    default:
+      enable: false
+    examples:
+    - enable: false
+    properties:
+      enable:
+        default: false
+        type: boolean
+    type: object
 dependencies: []
 providers:
  kubernetes: true