catalin/fukuops
1
0
Fork 1
Code Issues Pull requests 2 Releases Packages 1 Activity

feat: update the default-scopes's resource's name to authentik_property_mapping_provider_scope
All checks were successful
checks / pre-commit (push) Successful in 1m2s
Details
checks / k8s (push) Successful in 23s
Details
checks / tflint (push) Successful in 16s
Details
OpenTofu deployments / authentik (push) Successful in 2m7s
Details
OpenTofu deployments / adguard (push) Successful in 58s
Details

Browse source
This commit is contained in:
cătălin 2024-09-06 19:41:05 +02:00
commit 98723d25d9
No known key found for this signature in database
4 changed files with 21 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.forgejo/workflows/deploy-tofu.yaml
View file

@ -14,7 +14,7 @@ jobs:
- uses: https://code.forgejo.org/actions/checkout@v4 - uses: https://code.forgejo.org/actions/checkout@v4
- uses: opentofu/setup-opentofu@v1 - uses: opentofu/setup-opentofu@v1
with: with:
tofu_version: 1.7.0 tofu_version: 1.8.1
- name: Deploy - name: Deploy
env: env:
AUTHENTIK_URL: ${{ secrets.AUTHENTIK_URL }} AUTHENTIK_URL: ${{ secrets.AUTHENTIK_URL }}

27
tofu/authentik/.terraform.lock.hcl generated
View file

@ -5,19 +5,20 @@ provider "registry.opentofu.org/goauthentik/authentik" {
version = "2024.8.2" version = "2024.8.2"
constraints = "2024.8.2" constraints = "2024.8.2"
hashes = [ hashes = [
"h1:+RVux9TSmkUsxIinptup4oOdfzObeXLaOnc0oi0Vat4=",
"h1:A7QTemIzwGczjtF83aq4UeZuHeDCI3V95tPxvRbr1Us=",
"h1:CW1zudHvXdxnoHNSFpPUuHL5b6OfjN64e9vXWg7XW0g=",
"h1:EQFfUrVDOolYS1vnQCycM8h/sJ5kSmaaLlgarMaGeUA=",
"h1:IDQUpQ0ywLW8e76Ua0KDNL2yQK6gPzZDmr6IR2+vggg=",
"h1:MTDeGtUV4fv0p5mBrixtih0ZCxSs9nVY6Cg/d9QSirU=",
"h1:OlGx4JID7vw8lv7pLOP37p6YG5kFVNW2D3uK3n0dtPA=",
"h1:UFfuygHbOClWv7qQRdOrQ78sb90AX7H9M0G4NfXvBs0=",
"h1:YUYGP/59f6rR8MfSLfO1ZDSHzR/ftLC8AcAODpX/E+I=",
"h1:YwAH0SX7sTqc2lBt6Qksxrs1QwuRHFut5OS6aRC401g=",
"h1:ZraJmKi78q13HZBD9GBqtOMNsqUWVkbHHJHmJpmEe2E=",
"h1:a/zGxz5mU9L/j0s0QuhBFDNw057ZzsEhD8aaH4YTsjI=", "h1:a/zGxz5mU9L/j0s0QuhBFDNw057ZzsEhD8aaH4YTsjI=",
"h1:eBg0O2cBNQiDPCY+h3lLkQRxdkgHRaP/RwwtA75WgeA=", "zh:1a08cf73a35237bf84e8761eb026b4175bc34bab4c6a206110cb9a3d06c86391",
"h1:j8xZm+N7SRKlaJwGzXDzWD3awDcCrD+jz257F7JFTZI=", "zh:1f5807c2ab22e21a9f4c1d19bc64c52150ac003c6a90417315d8fafb6cbfd09d",
"zh:20237b247cbee340d03629f3bb4e156e8ccf65db246eeffb4cad3dabe34f26bb",
"zh:416ee251d684360e993ea3bdd7b9b3abb869f1d27d3bfe7c53731d444493bad3",
"zh:4d76186b29969509fb950ddce03b80eba9bc3409b6bbd20f8a9e7623d84b63c0",
"zh:588bbeb5768dc0e6d6b3e7bc67709ef7bc4a7f48eeb659801bc8511d646141ac",
"zh:5f95796b207c90e4dcf5d9f2945929351c5709754ce66839279e87279a04204f",
"zh:60263694ce7e107f3f78d5cc727d6143082e0eaa97b15727af83aaed8305d351",
"zh:6ecc4bd586e37987cfa057fc3a3f87bd461e3215d9efb5654fdd639a8d5318e9",
"zh:9e05d3d930a92f160cd788a699b3e11c80b59cb67b5f0b4a9970a1f7e9b08045",
"zh:c6ecaafa4176f12c8930fe2225c34a6d64eb9eb9774b50df17714d2ae338068d",
"zh:d781b9de7ce45a0b67b177705f755746b3afb11c4cac9171825bd9ace4017da6",
"zh:df6d9bc87b752c4e75f5246b32a98049a3253762389fd8476a9b4f96729f9cdd",
"zh:ef6c1ce79965e212929674063de6280abae5ee5c064049880ab81ca0e27b7434",
] ]
} }

6
tofu/authentik/main.tf
View file

@ -51,9 +51,9 @@ module "gitea" {
client_secret = var.gitea_client_secret client_secret = var.gitea_client_secret
app_access_group_id = "" app_access_group_id = ""
redirect_uris = ["https://git.roboces.dev/user/oauth2/authentik/callback"] redirect_uris = ["https://git.roboces.dev/user/oauth2/authentik/callback"]
app_icon = "https://about.gitea.com/gitea.svg" app_icon = "https://git.roboces.dev/assets/img/logo.svg"
app_description = "Git with a cup of Tea 🍵" app_description = "Beyond coding. We forge. "
app_publisher = "Gitea" app_publisher = "Forgejo"
app_url = "https://git.roboces.dev/user/oauth2/authentik" app_url = "https://git.roboces.dev/user/oauth2/authentik"
sub_mode = "hashed_user_id" sub_mode = "hashed_user_id"
} }

5
tofu/modules/authentik-oidc/main.tf
View file

@ -16,7 +16,8 @@ data "authentik_flow" "default-authentication-flow" {
slug = "default-authentication-flow" slug = "default-authentication-flow"
} }
data "authentik_scope_mapping" "default-scopes" {
data "authentik_property_mapping_provider_scope" "default-scopes" {
managed_list = [ managed_list = [
"goauthentik.io/providers/oauth2/scope-email", "goauthentik.io/providers/oauth2/scope-email",
"goauthentik.io/providers/oauth2/scope-openid", "goauthentik.io/providers/oauth2/scope-openid",
@ -33,7 +34,7 @@ resource "authentik_provider_oauth2" "provider_oidc" {
authorization_flow = data.authentik_flow.default-authorization-flow.id authorization_flow = data.authentik_flow.default-authorization-flow.id
authentication_flow = data.authentik_flow.default-authentication-flow.id authentication_flow = data.authentik_flow.default-authentication-flow.id
redirect_uris = var.redirect_uris redirect_uris = var.redirect_uris
property_mappings = data.authentik_scope_mapping.default-scopes.ids property_mappings = data.authentik_property_mapping_provider_scope.default-scopes.ids
sub_mode = var.sub_mode sub_mode = var.sub_mode
signing_key = var.oidc_signing_key signing_key = var.oidc_signing_key
} }