Refacto Saml

2024-09-22 20:48:00 +02:00
parent 5299267f47
commit 47776ea7bf
5 changed files with 31 additions and 1 deletions
--- a/.ci-img.yml
+++ b/.ci-img.yml
@@ -0,0 +1,5 @@
+---
+lint:
+  image: ghcr.io/terraform-linters/tflint
+opentofu:
+  image: ghcr.io/opentofu/opentofu:latest
--- a/saml/outputs.tf
+++ b/saml/outputs.tf
@@ -1,3 +1,11 @@
-output "provider-id" {
+output "provider_id" {
  value = authentik_provider_saml.prj.id
 }
+
+output "metadata_url" {
+  value = "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/api/v3/providers/saml/${authentik_provider_saml.prj.id}/metadata/?download"
+}
+
+output "saml_certificate_secret_name" {
+  value = "${local.app_slug}-saml"
+}
--- a/saml/providers.tf
+++ b/saml/providers.tf
@@ -1,5 +1,10 @@
 terraform {
+  required_version = ">= 1.0"
  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.20.0"
+    }
    kubectl = {
      source  = "gavinbunney/kubectl"
      version = "~> 1.14.0"
--- a/saml/saml.tf
+++ b/saml/saml.tf
@@ -60,3 +60,9 @@ resource "authentik_provider_saml" "prj" {
  sp_binding          = var.binding
 }

+data "kubernetes_ingress_v1" "authentik" {
+  metadata {
+    name      = "authentik"
+    namespace = "${var.domain}-auth"
+  }
+}
--- a/saml/variables.tf
+++ b/saml/variables.tf
@@ -4,6 +4,12 @@ variable "component" {
 variable "instance" {
  type = string
 }
+variable "namespace" {
+  type = string
+}
+variable "domain" {
+  type = string
+}
 variable "issuer" {
  type = string
 }