feat: add argo workflows

2024-03-13 15:20:32 +01:00 · 2024-03-13 15:20:32 +01:00 · 2c7de2fb4c
commit 2c7de2fb4c
parent 8994143831
11 changed files with 254 additions and 0 deletions
--- a/tofu/authentik/.terraform.lock.hcl
+++ b/tofu/authentik/.terraform.lock.hcl
@ -0,0 +1,24 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/goauthentik/authentik" {
+  version     = "2024.2.0"
+  constraints = "2024.2.0"
+  hashes = [
+    "h1:AeyEcplt1WTQijM1d2E1pBPemcL57WC5bZr7y1XNui4=",
+    "zh:03b13879c66d1536f250c91f61ba078cc34af2fec271ea19c838a719dd4f1baa",
+    "zh:1c4d93aa3de72e4b00ac33fc0d4134fc5a641b863e9cd9afdc1105a4024fc8f0",
+    "zh:50d2f5b71ea5410633dbc8b143bef6fa77a9670a07a3fd85f9921e1094ab416e",
+    "zh:5320a267adb8506c23941df1c4cba56a176d0b9e0441f247fe714d34a514fcc8",
+    "zh:58376699c8941c109e49db7edfca4f83ec47b5b46619346380ca79d50902623e",
+    "zh:61f86a37dcb30167d1bfb84428b821de10c73cdec1ef911f167991ebc7eb9cd5",
+    "zh:6e99b5cf0f5987e3e3e24e26af12084f741a0f0b79a04d0b7e6703525cf4633e",
+    "zh:81c39322353f7da1c84c4ec82b6e7de70131156b256de21aee741240694e5bef",
+    "zh:bbec3872accea0294c86f812d668f9e2e8255b3d1f7424b39ddc261d6d02e036",
+    "zh:c1b56e5c4e82c683baf7854153caa85c600001ca6d1405f0d82a1aa29a600375",
+    "zh:cf4e41422aba2435f68bf1cf6c1e83315fe70c810dfd7e81a581d94490d6870b",
+    "zh:d86a2383e7fae38c9ea80f87d27d34d46a13fa24579b4612a248c888a3c9e265",
+    "zh:df693bc3156a2d632843abad9294d9192d1569039800c59e8a594c1b8e0fc9df",
+    "zh:e1a7148102d5a169dfb24c0de8441f3a9c25363976f4f2ce97f4c0b2e904302c",
+  ]
+}
--- a/tofu/authentik/main.tf
+++ b/tofu/authentik/main.tf
@ -0,0 +1,32 @@
+terraform {
+  backend "s3" {
+    bucket = "fuku-terraform"
+    key    = "authentik/terraform"
+    region = "us-east-1"
+  }
+  required_providers {
+    authentik = {
+      source  = "goauthentik/authentik"
+      version = "2024.2.0"
+    }
+  }
+}
+
+data "authentik_user" "catalin" {
+  username = "catalin"
+}
+
+resource "authentik_group" "ci" {
+  name  = "ci"
+  users = [data.authentik_user.catalin.id]
+}
+
+module "argo-workflows" {
+  source              = "../modules/authentik"
+  app_name            = "Argo Workflows"
+  app_slug            = "argo-workflows"
+  client_id           = var.argo_workflows_client_id
+  client_secret       = var.argo_workflows_client_secret
+  app_access_group_id = authentik_group.ci.id
+  redirect_uris = ["https://ci.fuku/oauth2/callback"]
+}
--- a/tofu/authentik/sample.env
+++ b/tofu/authentik/sample.env
@ -0,0 +1,4 @@
+ AUTHENTIK_URL=https://auth.fukurokuju.dev
+ AUTHENTIK_TOKEN=
+ TF_VAR_argo_workflows_client_id=
+ TF_VAR_argo_workflows_client_secret=
--- a/tofu/authentik/vars.tf
+++ b/tofu/authentik/vars.tf
@ -0,0 +1,9 @@
+variable "argo_workflows_client_id" {
+  description = "Client ID"
+  type        = string
+}
+
+variable "argo_workflows_client_secret" {
+  description = "Client secret"
+  type        = string
+}