locals { tld = "fourlights.dev" cluster_dns = "venus.${local.tld}" domain = "zitadel.${local.cluster_dns}" org_domain = "fourlights.${local.domain}" } module "zitadel_project" { source = "../../../modules/zitadel/project" org_id = var.org_id name = var.name owners = [var.user_id] } // TODO: add action for setting roles as scopes module "zitadel_project_operator_roles" { source = "../../../modules/zitadel/project/roles" wait_on = module.zitadel_project.installed org_id = var.org_id project_id = module.zitadel_project.project_id group = "Operator" roles = [ "manage:profiles", "manage:contacts", "manage:addresses", "manage:enquiries", "manage:flowstates", "manage:flowevents", "manage:files", "manage:brands" ] } module "zitadel_project_configurator_roles" { source = "../../../modules/zitadel/project/roles" wait_on = module.zitadel_project_operator_roles.installed org_id = var.org_id project_id = module.zitadel_project.project_id group = "Configurator" roles = [ "manage:flows" ] } module "zitadel_project_developer_roles" { source = "../../../modules/zitadel/project/roles" wait_on = module.zitadel_project_configurator_roles.installed org_id = var.org_id project_id = module.zitadel_project.project_id group = "Developer" roles = [ "manage:jobs", "manage:infrastructure" ] } module "zitadel_project_user_grant" { source = "../../../modules/zitadel/project/user-grant" wait_on = module.zitadel_project_developer_roles.installed org_id = var.org_id project_id = module.zitadel_project.project_id user_id = var.user_id roles = concat(module.zitadel_project_developer_roles.roles, module.zitadel_project_configurator_roles.roles, module.zitadel_project_operator_roles.roles) } // TODO: Move External (and 365zon Push service account) to own project // TODO: Add grant for external project // TODO: Add read roles module "zitadel_project_application_core" { source = "../../../modules/zitadel/api-m2m-swagger" wait_on = module.zitadel_project_user_grant.installed org_id = var.org_id project_id = module.zitadel_project.project_id name = "Core" zitadel_domain = local.domain cluster_domain = local.cluster_dns namespace = var.namespace project = var.name service_account = false roles = [] } module "zitadel_project_application_salesforce" { source = "../../../modules/zitadel/api-m2m-swagger" wait_on = module.zitadel_project_application_core.installed org_id = var.org_id project_id = module.zitadel_project.project_id name = "Salesforce" zitadel_domain = local.domain cluster_domain = local.cluster_dns namespace = var.namespace project = var.name roles = module.zitadel_project_operator_roles.roles } module "zitadel_project_application_external" { source = "../../../modules/zitadel/api-m2m-swagger" wait_on = module.zitadel_project_application_salesforce.installed org_id = var.org_id project_id = module.zitadel_project.project_id name = "External" zitadel_domain = local.domain cluster_domain = local.cluster_dns namespace = var.namespace project = var.name roles = module.zitadel_project_operator_roles.roles } module "zitadel_project_application_module_internal" { source = "../../../modules/zitadel/api-m2m-swagger" wait_on = module.zitadel_project_application_external.installed org_id = var.org_id project_id = module.zitadel_project.project_id name = "Internal" zitadel_domain = local.domain cluster_domain = local.cluster_dns namespace = var.namespace project = var.name roles = module.zitadel_project_operator_roles.roles } // TODO: Application for Front-End End (implicit, authorization_code, refresh_token) // TODO: Update API applications with callback apiDomain/swagger/oauth2-redirect.html to allow logging in for swagger (and probably hangire?) // TODO: Put all the relevant secrets into secret manager // TODO: Set up opentelemetry and update appinsights shit to use that. output "org_id" { value = var.org_id } output "project_id" { value = module.zitadel_project.project_id } output "installed" { value = true depends_on = [module.zitadel_project_application_external.installed] }