114 lines
2.7 KiB
HCL
114 lines
2.7 KiB
HCL
locals {
|
|
argocd_uri = "https://${var.argocd_service_domain}"
|
|
}
|
|
|
|
module "zitadel_project" {
|
|
source = "../../../modules/zitadel/project"
|
|
|
|
org_id = var.org_id
|
|
name = var.name
|
|
owners = [var.user_id]
|
|
}
|
|
|
|
module "zitadel_project_roles_user" {
|
|
source = "../../../modules/zitadel/project/roles"
|
|
|
|
org_id = var.org_id
|
|
project_id = module.zitadel_project.project_id
|
|
group = "Users"
|
|
roles = ["user"]
|
|
}
|
|
|
|
module "zitadel_project_roles_admin" {
|
|
source = "../../../modules/zitadel/project/roles"
|
|
|
|
org_id = var.org_id
|
|
project_id = module.zitadel_project.project_id
|
|
group = "Admins"
|
|
roles = ["admin"]
|
|
}
|
|
|
|
module "zitadel_application_argocd" {
|
|
source = "../../../modules/zitadel/project/application/web"
|
|
|
|
name = "ArgoCD"
|
|
org_id = var.org_id
|
|
project_id = module.zitadel_project.project_id
|
|
|
|
redirect_uris = ["${ local.argocd_uri}/api/dex/callback"]
|
|
post_logout_redirect_uris = [local.argocd_uri]
|
|
|
|
auth_method_type = "OIDC_AUTH_METHOD_TYPE_BASIC"
|
|
id_token_role_assertion = true
|
|
id_token_userinfo_assertion = true
|
|
}
|
|
|
|
resource "zitadel_action" "groups-claim" {
|
|
org_id = var.org_id
|
|
name = "groupsClaim"
|
|
script = templatefile("${path.module}/groupsClaim.action.tftpl", {})
|
|
allowed_to_fail = true
|
|
timeout = "10s"
|
|
}
|
|
|
|
resource "zitadel_trigger_actions" "groups-claim-pre-user-info" {
|
|
org_id = var.org_id
|
|
flow_type = "FLOW_TYPE_CUSTOMISE_TOKEN"
|
|
trigger_type = "TRIGGER_TYPE_PRE_USERINFO_CREATION"
|
|
action_ids = [zitadel_action.groups-claim.id]
|
|
}
|
|
|
|
resource "zitadel_trigger_actions" "groups-claim-pre-access-token" {
|
|
org_id = var.org_id
|
|
flow_type = "FLOW_TYPE_CUSTOMISE_TOKEN"
|
|
trigger_type = "TRIGGER_TYPE_PRE_ACCESS_TOKEN_CREATION"
|
|
action_ids = [zitadel_action.groups-claim.id]
|
|
}
|
|
|
|
module "zitadel_project_user_grant" {
|
|
source = "../../../modules/zitadel/project/user-grant"
|
|
|
|
org_id = var.org_id
|
|
|
|
project_id = module.zitadel_project.project_id
|
|
user_id = var.user_id
|
|
|
|
roles = module.zitadel_project_roles_admin.roles
|
|
}
|
|
|
|
output "client_id" {
|
|
value = module.zitadel_application_argocd.client_id
|
|
}
|
|
|
|
output "client_secret" {
|
|
value = module.zitadel_application_argocd.client_secret
|
|
}
|
|
|
|
output "scopes" {
|
|
value = ["openid", "profile", "email", "groups"]
|
|
}
|
|
|
|
output "logoutSuffix" {
|
|
value = "oidc/v1/end_session"
|
|
}
|
|
|
|
output "user_roles" {
|
|
value = module.zitadel_project_roles_user.roles
|
|
}
|
|
|
|
output "admin_roles" {
|
|
value = module.zitadel_project_roles_admin.roles
|
|
}
|
|
|
|
output "project_id" {
|
|
value = module.zitadel_project.project_id
|
|
}
|
|
|
|
output "installed" {
|
|
value = true
|
|
depends_on = [
|
|
module.zitadel_project_user_grant.installed,
|
|
zitadel_trigger_actions.groups-claim-pre-access-token, zitadel_trigger_actions.groups-claim-pre-user-info
|
|
]
|
|
}
|