123 lines
2.9 KiB
HCL
123 lines
2.9 KiB
HCL
terraform {
|
|
required_providers {
|
|
slugify = {
|
|
source = "public-cloud-wl/slugify"
|
|
version = "0.1.1"
|
|
}
|
|
}
|
|
}
|
|
|
|
locals {
|
|
authority = "https://${var.zitadel_domain}"
|
|
slug_project = provider::slugify::slug(var.project)
|
|
slug_name = provider::slugify::slug(var.name)
|
|
|
|
cluster = "${local.slug_project}.${var.cluster_domain}"
|
|
uri = "https://${local.slug_name}.${local.cluster}"
|
|
}
|
|
|
|
module "zitadel_project_application_api" {
|
|
source = "../project/application/api"
|
|
wait_on = var.wait_on
|
|
|
|
org_id = var.org_id
|
|
project_id = var.project_id
|
|
|
|
name = "${var.name} API"
|
|
}
|
|
|
|
module "zitadel_project_application_ua" {
|
|
source = "../project/application/user-agent"
|
|
wait_on = module.zitadel_project_application_api.installed
|
|
|
|
org_id = var.org_id
|
|
project_id = var.project_id
|
|
|
|
name = "${ var.name } (Swagger)"
|
|
|
|
redirect_uris = ["${local.uri}/swagger/oauth2-redirect.html"]
|
|
post_logout_redirect_uris = [local.uri]
|
|
}
|
|
|
|
|
|
resource "kubernetes_secret" "user-agent" {
|
|
type = "Opaque"
|
|
depends_on = [module.zitadel_project_application_ua]
|
|
|
|
metadata {
|
|
name = "${local.slug_name}-user-agent"
|
|
namespace = var.namespace
|
|
}
|
|
|
|
data = {
|
|
"authority" = local.authority
|
|
"audience" = var.project_id
|
|
"client_id" = module.zitadel_project_application_ua.client_id
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_secret" "api" {
|
|
type = "Opaque"
|
|
depends_on = [module.zitadel_project_application_api]
|
|
|
|
metadata {
|
|
name = "${local.slug_name}-api"
|
|
namespace = var.namespace
|
|
}
|
|
|
|
data = {
|
|
"authority" = local.authority
|
|
"client_id" = module.zitadel_project_application_api.client_id
|
|
"client_secret" = module.zitadel_project_application_api.client_secret
|
|
}
|
|
}
|
|
|
|
module "zitadel_service_account" {
|
|
count = var.service_account ? 1 : 0
|
|
wait_on = module.zitadel_project_application_api.installed
|
|
source = "../service-account"
|
|
|
|
org_id = var.org_id
|
|
|
|
user_name = "${local.slug_name}@${ local.cluster }"
|
|
name = "${var.name} @ ${var.project}"
|
|
|
|
with_secret = true
|
|
access_token_type = "ACCESS_TOKEN_TYPE_JWT"
|
|
}
|
|
|
|
module "zitadel_project_user_grant" {
|
|
count = var.service_account ? 1 : 0
|
|
source = "../project/user-grant"
|
|
|
|
org_id = var.org_id
|
|
|
|
project_id = var.project_id
|
|
user_id = module.zitadel_service_account[0].user_id
|
|
|
|
roles = var.roles
|
|
}
|
|
|
|
resource "kubernetes_secret" "service-account" {
|
|
count = var.service_account ? 1 : 0
|
|
type = "Opaque"
|
|
depends_on = [module.zitadel_service_account]
|
|
|
|
metadata {
|
|
name = "${local.slug_name}-service-account"
|
|
namespace = var.namespace
|
|
}
|
|
|
|
data = {
|
|
"authority" = local.authority
|
|
"audience" = var.project_id
|
|
"client_id" = module.zitadel_service_account[count.index].client_id
|
|
"client_secret" = module.zitadel_service_account[count.index].client_secret
|
|
}
|
|
}
|
|
|
|
output "installed" {
|
|
value = true
|
|
depends_on = [kubernetes_secret.service-account]
|
|
}
|