From 32e34db1603ca0933708aedc383c1ed3c920c35d Mon Sep 17 00:00:00 2001
From: Ian Fijolek <ian@iamthefij.com>
Date: Fri, 20 Dec 2024 11:20:44 -0800
Subject: [PATCH] Fix nomad authelia auth

Fixes long standing bug since switching over to auto generated secrets.
I forgot to update the bound audiences! This was somewhat mentioned in the
error, but I didn't understand it.
---
 core/authelia.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/authelia.tf b/core/authelia.tf
index 4cf126a..bbe7c0e 100644
--- a/core/authelia.tf
+++ b/core/authelia.tf
@@ -172,7 +172,7 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
     oidc_discovery_url = "https://authelia.${var.base_hostname}"
     oidc_client_id     = module.nomad_oidc_client.client_id
     oidc_client_secret = module.nomad_oidc_client.secret
-    bound_audiences    = ["nomad"]
+    bound_audiences    = [module.nomad_oidc_client.client_id]
     oidc_scopes = [
       "groups",
       "openid",
@@ -190,7 +190,7 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
 resource "nomad_acl_binding_rule" "nomad_authelia_admin" {
   description = "engineering rule"
   auth_method = nomad_acl_auth_method.nomad_authelia.name
-  selector    = "\"nomad-deploy\" in list.roles"
+  selector    = "\"nomad-admin\" in list.roles"
   bind_type   = "role"
   bind_name   = "admin" # acls.nomad_acl_role.admin.name
 }