Refacto Saml

.ci-img.yml

@@ -0,0 +1,5 @@
+---
+lint:
+  image: ghcr.io/terraform-linters/tflint
+opentofu:
+  image: ghcr.io/opentofu/opentofu:latest

saml/outputs.tf

@@ -1,3 +1,11 @@
-output "provider-id" {
+output "provider_id" {
   value = authentik_provider_saml.prj.id
 }
+
+output "metadata_url" {
+  value = "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/api/v3/providers/saml/${authentik_provider_saml.prj.id}/metadata/?download"
+}
+
+output "saml_certificate_secret_name" {
+  value = "${local.app_slug}-saml"
+}

saml/providers.tf

@@ -1,5 +1,10 @@
 terraform {
+  required_version = ">= 1.0"
   required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.20.0"
+    }
     kubectl = {
       source  = "gavinbunney/kubectl"
       version = "~> 1.14.0"

saml/saml.tf

@@ -60,3 +60,9 @@ resource "authentik_provider_saml" "prj" {
   sp_binding          = var.binding
 }
 
+data "kubernetes_ingress_v1" "authentik" {
+  metadata {
+    name      = "authentik"
+    namespace = "${var.domain}-auth"
+  }
+}

saml/variables.tf

@@ -4,6 +4,12 @@ variable "component" {
 variable "instance" {
   type = string
 }
+variable "namespace" {
+  type = string
+}
+variable "domain" {
+  type = string
+}
 variable "issuer" {
   type = string
 }