296 lines
9.4 KiB
HCL
296 lines
9.4 KiB
HCL
locals {
|
|
tld = "fourlights.dev"
|
|
cluster_dns = "venus.${local.tld}"
|
|
domain = "zitadel.${local.cluster_dns}"
|
|
org_domain = "fourlights.${local.domain}"
|
|
jwt_profile_file = "../terraform/zitadel-admin-sa.json"
|
|
name = "365Zon"
|
|
|
|
user_id = "308083708882059797"
|
|
}
|
|
|
|
terraform {
|
|
required_providers {
|
|
zitadel = {
|
|
source = "zitadel/zitadel"
|
|
version = "2.0.2"
|
|
}
|
|
}
|
|
}
|
|
|
|
provider "zitadel" {
|
|
domain = local.domain
|
|
insecure = "false"
|
|
jwt_profile_file = local.jwt_profile_file
|
|
}
|
|
|
|
data "zitadel_orgs" "default" {
|
|
domain = local.domain
|
|
}
|
|
|
|
data "zitadel_org" "default" {
|
|
for_each = toset(data.zitadel_orgs.default.ids)
|
|
id = each.value
|
|
}
|
|
|
|
module "zitadel_project" {
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/project"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
name = local.name
|
|
owners = [local.user_id]
|
|
}
|
|
|
|
// TODO: add action for setting roles as scopes
|
|
|
|
module "zitadel_project_operator_roles" {
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/project/roles"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
project_id = module.zitadel_project[count.index].project_id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
group = "Operator"
|
|
roles = [
|
|
"manage:profiles", "manage:contacts", "manage:addresses", "manage:enquiries", "manage:flowstates",
|
|
"manage:flowevents", "manage:files"
|
|
]
|
|
}
|
|
|
|
module "zitadel_project_configurator_roles" {
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/project/roles"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
project_id = module.zitadel_project[count.index].project_id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
group = "Configurator"
|
|
roles = [
|
|
"manage:brands", "manage:flows"
|
|
]
|
|
}
|
|
|
|
module "zitadel_project_developer_roles" {
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/project/roles"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
project_id = module.zitadel_project[count.index].project_id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
group = "Developer"
|
|
roles = [
|
|
"manage:jobs", "manage:infrastructure"
|
|
]
|
|
}
|
|
|
|
// TODO: Move External (and 365zon Push service account) to own project
|
|
// TODO: Add grant for external project
|
|
// TODO: Add read roles
|
|
|
|
module "zitadel_project_application_core_api" {
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/project/application/api"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
project_id = module.zitadel_project[count.index].project_id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
|
|
name = "Core API"
|
|
}
|
|
|
|
module "zitadel_project_application_core_ua" {
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/project/applicaitn/user-agent"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
project_id = module.zitadel_project[count.index].project_id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
|
|
name = "Core (Swagger)"
|
|
|
|
|
|
}
|
|
|
|
module "zitadel_project_application_module_365zon_api" {
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/project/application/api"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
project_id = module.zitadel_project[count.index].project_id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
|
|
name = "Module: Salesforce Pull API"
|
|
}
|
|
|
|
module "zitadel_project_application_module_365zon_ua" {
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/project/application/user-agent"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
project_id = module.zitadel_project[count.index].project_id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
|
|
name = "Module: Salesforce Pull (Swagger)"
|
|
}
|
|
|
|
module "zitadel_project_application_module_external_api" {
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/project/application/api"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
project_id = module.zitadel_project[count.index].project_id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
|
|
name = "Module: External API"
|
|
}
|
|
|
|
module "zitadel_project_application_module_external_ua" {
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/project/application/user-agent"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
project_id = module.zitadel_project[count.index].project_id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
|
|
name = "Module: External (Swagger)"
|
|
}
|
|
|
|
module "zitadel_project_application_module_internal_api" {
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/project/application/api"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
project_id = module.zitadel_project[count.index].project_id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
|
|
name = "Module: Internal API"
|
|
}
|
|
|
|
module "zitadel_project_application_module_internal_ua" {
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/project/application/user-agent"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
project_id = module.zitadel_project[count.index].project_id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
|
|
name = "Module: Internal swagger"
|
|
}
|
|
|
|
module "zitadel_service_account_module_internal" {
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/service-account"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
|
|
user_name = "${local.name}-module-internal@${ local.org_domain }"
|
|
name = "Module Internal @ ${local.name}"
|
|
|
|
with_secret = true
|
|
access_token_type = "ACCESS_TOKEN_TYPE_JWT"
|
|
}
|
|
|
|
module "zitadel_project_member_module_internal" {
|
|
wait_on = module.zitadel_project_operator_roles[count.index].installed
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/project/member"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
|
|
project_id = module.zitadel_project[count.index].project_id
|
|
user_id = module.zitadel_service_account_module_internal[count.index].user_id
|
|
|
|
roles = module.zitadel_project_operator_roles[count.index].roles
|
|
}
|
|
|
|
module "zitadel_service_account_module_external" {
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/service-account"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
|
|
user_name = "${local.name}-module-external@${ local.org_domain }"
|
|
name = "Module External @ ${local.name}"
|
|
|
|
with_secret = true
|
|
access_token_type = "ACCESS_TOKEN_TYPE_JWT"
|
|
}
|
|
|
|
module "zitadel_project_member_module_external" {
|
|
wait_on = module.zitadel_project_operator_roles[count.index].installed
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/project/member"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
|
|
project_id = module.zitadel_project[count.index].project_id
|
|
user_id = module.zitadel_service_account_module_external[count.index].user_id
|
|
|
|
roles = module.zitadel_project_operator_roles[count.index].roles
|
|
}
|
|
|
|
module "zitadel_service_account_module_365zon" {
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/service-account"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
|
|
user_name = "${local.name}-module-365zon@${ local.org_domain }"
|
|
name = "Module 365Zon @ ${local.name}"
|
|
|
|
with_secret = true
|
|
access_token_type = "ACCESS_TOKEN_TYPE_JWT"
|
|
}
|
|
|
|
module "zitadel_project_member_module_365zon" {
|
|
wait_on = module.zitadel_project_operator_roles[count.index].installed
|
|
count = data.zitadel_org.default.count
|
|
source = "../../infra/modules/zitadel/project/member"
|
|
|
|
domain = local.domain
|
|
org_id = data.zitadel_org.default[count.index].id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
|
|
project_id = module.zitadel_project[count.index].project_id
|
|
user_id = module.zitadel_service_account_module_365zon[count.index].user_id
|
|
|
|
roles = module.zitadel_project_operator_roles[count.index].roles
|
|
}
|
|
|
|
// TODO: Application for Front-End End (implicit, authorization_code, refresh_token)
|
|
// TODO: Update API applications with callback apiDomain/swagger/oauth2-redirect.html to allow logging in for swagger (and probably hangire?)
|
|
// TODO: Put all the relevant secrets into secret manager
|
|
// TODO: Set up opentelemetry and update appinsights shit to use that.
|
|
|
|
output "org_ids" {
|
|
value = data.zitadel_orgs.default.ids
|
|
}
|
|
|
|
output "project_ids" {
|
|
value = [for project in module.zitadel_project : project.project_id]
|
|
}
|