116 lines
3.5 KiB
HCL
116 lines
3.5 KiB
HCL
locals {
|
|
tld = "fourlights.dev"
|
|
cluster_dns = "venus.${local.tld}"
|
|
domain = "zitadel.${local.cluster_dns}"
|
|
jwt_profile_file = "../terraform/zitadel-admin-sa.json"
|
|
}
|
|
|
|
|
|
module "zitadel-tenant" {
|
|
source = "../../infra/modules/zitadel/tenant"
|
|
|
|
domain = local.domain
|
|
name = "fourlights"
|
|
jwt_profile_file = local.jwt_profile_file
|
|
}
|
|
|
|
module "zitadel-idp-google" {
|
|
source = "../../infra/modules/zitadel/identity-provider/google"
|
|
wait_on = module.zitadel-tenant.installed
|
|
|
|
domain = local.domain
|
|
jwt_profile_file = local.jwt_profile_file
|
|
org_id = module.zitadel-tenant.org_id
|
|
client_id = "783390190667-quvko2l2kr9ksgeo3pn6pn6t8c1mai9n.apps.googleusercontent.com"
|
|
client_secret = "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"
|
|
|
|
options = {
|
|
scopes = ["openid", "profile", "email"]
|
|
is_auto_creation = true
|
|
is_auto_update = true
|
|
is_creation_allowed = true
|
|
is_linking_allowed = false
|
|
|
|
auto_linking = "AUTO_LINKING_OPTION_USERNAME"
|
|
}
|
|
}
|
|
|
|
// TODO: Create default user thomas@fourlights.nl
|
|
|
|
# module "zitadel-user" {
|
|
# source = "../../infra/modules/zitadel/user"
|
|
# wait_on = module.zitadel-idp-google.installed
|
|
#
|
|
# domain = local.domain
|
|
# org_id = module.zitadel-tenant.org_id
|
|
# jwt_profile_file = local.jwt_profile_file
|
|
#
|
|
# email = "thomas@fourlights.nl"
|
|
# idp_id = module.zitadel-idp-google.idp_id
|
|
# idp_user_id = "105558048282918392820"
|
|
# user_id = "308083708882059797"
|
|
# }
|
|
module "zitadel-owner" {
|
|
source = "../../infra/modules/zitadel/owner"
|
|
#wait_on = module.zitadel-user.installed
|
|
wait_on = module.zitadel-idp-google.installed
|
|
|
|
domain = local.domain
|
|
org_id = module.zitadel-tenant.org_id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
#user_id = module.zitadel-user.user_id
|
|
user_id = "308083708882059797"
|
|
}
|
|
|
|
module "zitadel-org-owner" {
|
|
source = "../../infra/modules/zitadel/tenant/role-owner"
|
|
#wait_on = module.zitadel-user.installed
|
|
wait_on = module.zitadel-idp-google.installed
|
|
|
|
domain = local.domain
|
|
org_id = module.zitadel-tenant.org_id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
#user_id = module.zitadel-user.user_id
|
|
user_id = "308083708882059797"
|
|
}
|
|
|
|
module "zitadel-project" {
|
|
source = "../../infra/modules/zitadel/tenant/role-owner"
|
|
#wait_on = module.zitadel-user.installed
|
|
wait_on = module.zitadel-idp-google.installed
|
|
|
|
domain = local.domain
|
|
org_id = module.zitadel-tenant.org_id
|
|
jwt_profile_file = local.jwt_profile_file
|
|
#user_id = module.zitadel-user.user_id
|
|
user_id = "308083708882059797"
|
|
}
|
|
|
|
#resource "zitadel_project" "default" {
|
|
# name = "365zon"
|
|
# org_id = module.zitadel-tenant.org_id
|
|
# project_role_assertion = true
|
|
# project_role_check = true
|
|
# has_project_check = true
|
|
# private_labeling_setting = "PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY"
|
|
#}
|
|
#
|
|
#resource "zitadel_user_grant" "default" {
|
|
# project_id = data.zitadel_project.default.id
|
|
# org_id = data.zitadel_org.default.id
|
|
# role_keys = ["super-user"]
|
|
# user_id = data.zitadel_human_user.default.id
|
|
#}
|
|
|
|
// module "zitadel-machine-user" {
|
|
// source = "../../infra/modules/zitadel/tenant"
|
|
// wait_on = module.zitadel.installed
|
|
// k8s_config_yaml = local.k8s_config_yaml
|
|
//
|
|
// domain = module.zitadel.server
|
|
// secret = "zitadel-admin-sa"
|
|
// namespace = "zitadel"
|
|
// name = "fourlights"
|
|
// }
|
|
|