Refacto OAuth2
This commit is contained in:
@@ -1,26 +1,28 @@
|
||||
locals {
|
||||
app_slug = "${var.instance}${var.component == "" ? "" : "-"}${var.component}"
|
||||
app_slug = "${var.instance}${var.component == "" ? "" : "-"}${var.component}"
|
||||
application_labels = merge(var.labels, {
|
||||
"app.kubernetes.io/component" = "authentik-application"
|
||||
})
|
||||
app_name = var.app_name != "" ? var.app_name : var.component == var.instance ? var.instance : format("%s-%s", var.instance, var.component)
|
||||
main_group = format("app-%s", local.app_slug)
|
||||
app_name = var.app_name != "" ? var.app_name : var.component == var.instance ? var.instance : format("%s-%s", var.instance, var.component)
|
||||
main_group = format("app-%s", local.app_slug)
|
||||
secret_name = var.cert_name != "" ? var.cert_name : "${local.app_slug}-cert"
|
||||
url_icon = startswith(var.icon, "fa-") ? "fa://${var.icon}" : format("https://%s/%s", var.dns_name, var.icon)
|
||||
dns_name = var.dns_name != "" ? var.dns_name : var.rule_mapper.host
|
||||
url_icon = startswith(var.icon, "fa-") ? "fa://${var.icon}" : format("https://%s/%s", local.dns_name, var.icon)
|
||||
backend = var.rule_mapper.paths[0].backend
|
||||
rules_icons = [{
|
||||
"host" = var.rule_mapper.host
|
||||
"host" = local.dns_name
|
||||
"http" = {
|
||||
"paths" = [for mapper in var.rule_mapper.paths : {
|
||||
"paths" = [{
|
||||
"path" = "/${var.icon}"
|
||||
"pathType" = "Prefix"
|
||||
"backend" = mapper.backend
|
||||
"backend" = local.backend
|
||||
}]
|
||||
}
|
||||
}]
|
||||
}
|
||||
|
||||
resource "kubectl_manifest" "ingress_icon" {
|
||||
count = startswith(var.icon, "fa-") ? 0 : 1
|
||||
count = startswith(var.icon, "fa-") ? 0 : 1
|
||||
force_conflicts = true
|
||||
yaml_body = <<-EOF
|
||||
apiVersion: "networking.k8s.io/v1"
|
||||
@@ -33,8 +35,8 @@ resource "kubectl_manifest" "ingress_icon" {
|
||||
ingressClassName: "${var.ingress_class}"
|
||||
rules: ${jsonencode(local.rules_icons)}
|
||||
tls:
|
||||
- hosts: ${jsonencode([var.dns_name])}
|
||||
secretName: "${local.secret_name}"
|
||||
- secretName: "${local.secret_name}"
|
||||
hosts: ${jsonencode([local.dns_name])}
|
||||
EOF
|
||||
}
|
||||
|
||||
@@ -58,7 +60,7 @@ resource "authentik_application" "app" {
|
||||
group = var.app_group
|
||||
protocol_provider = var.protocol_provider
|
||||
backchannel_providers = var.backchannel_providers
|
||||
meta_launch_url = format("https://%s", var.dns_name)
|
||||
meta_launch_url = format("https://%s", local.dns_name)
|
||||
meta_icon = local.url_icon
|
||||
}
|
||||
|
||||
|
||||
@@ -5,6 +5,11 @@ output "application_id" {
|
||||
output "policy_id" {
|
||||
value = authentik_policy_expression.policy.id
|
||||
}
|
||||
|
||||
output "main_group" {
|
||||
value = local.main_group
|
||||
}
|
||||
|
||||
output "main_group_id" {
|
||||
value = authentik_group.groups.id
|
||||
}
|
||||
|
||||
@@ -15,7 +15,9 @@ variable "protocol_provider" {
|
||||
default = null
|
||||
}
|
||||
variable "dns_name" {
|
||||
type = string
|
||||
type = string
|
||||
description = "Deprecated, use rule_mapper"
|
||||
default = ""
|
||||
}
|
||||
variable "app_name" {
|
||||
type = string
|
||||
@@ -33,7 +35,7 @@ variable "backchannel_providers" {
|
||||
|
||||
variable "ingress_class" {
|
||||
type = string
|
||||
default = ""
|
||||
default = "traefik"
|
||||
}
|
||||
|
||||
variable "rule_mapper" {
|
||||
@@ -53,8 +55,8 @@ variable "rule_mapper" {
|
||||
}))
|
||||
})
|
||||
default = {
|
||||
host="not.defined"
|
||||
paths= []
|
||||
host = "not.defined"
|
||||
paths = []
|
||||
}
|
||||
}
|
||||
|
||||
@@ -65,11 +67,11 @@ variable "cert_name" {
|
||||
}
|
||||
|
||||
variable "namespace" {
|
||||
type = string
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "labels" {
|
||||
type = map(string)
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user