49 lines
1.7 KiB
HCL
49 lines
1.7 KiB
HCL
locals {
|
|
app_slug = "${var.instance}${var.component == "" ? "" : "-"}${var.component}"
|
|
app_name = var.app_name != "" ? var.app_name : var.component == var.instance ? var.instance : format("%s-%s", var.instance, var.component)
|
|
main_group = format("app-%s", local.app_slug)
|
|
url_icon = startswith(var.icon, "fa-") ? "fa://${var.icon}" : format("https://%s/%s", var.dns_name, var.icon)
|
|
}
|
|
data "authentik_group" "akadmin" {
|
|
name = "authentik Admins"
|
|
}
|
|
resource "authentik_group" "groups" {
|
|
name = local.main_group
|
|
attributes = jsonencode({ "${local.app_name}" = true })
|
|
}
|
|
|
|
resource "authentik_group" "subgroup" {
|
|
count = length(var.sub_groups)
|
|
name = format("%s-%s", local.main_group, var.sub_groups[count.index])
|
|
parent = authentik_group.groups.id
|
|
}
|
|
|
|
resource "authentik_application" "app" {
|
|
name = var.app_name
|
|
slug = local.app_slug
|
|
group = var.app_group
|
|
protocol_provider = var.protocol_provider
|
|
backchannel_providers = var.backchannel_providers
|
|
meta_launch_url = format("https://%s", var.dns_name)
|
|
meta_icon = local.url_icon
|
|
}
|
|
|
|
resource "authentik_policy_expression" "policy" {
|
|
name = "${local.app_slug}-${local.main_group}"
|
|
expression = <<-EOF
|
|
attr = request.user.group_attributes()
|
|
return attr['${local.app_name}'] if '${local.app_name}' in attr else False
|
|
EOF
|
|
}
|
|
|
|
resource "authentik_policy_binding" "access_users" {
|
|
target = authentik_application.app.uuid
|
|
policy = authentik_policy_expression.policy.id
|
|
order = 0
|
|
}
|
|
resource "authentik_policy_binding" "access_vynil" {
|
|
target = authentik_application.app.uuid
|
|
group = data.authentik_group.akadmin.id
|
|
order = 1
|
|
}
|