iamthefij/homelab-nomad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix nomad authelia auth

Browse Source 
Fixes long standing bug since switching over to auto generated secrets.
I forgot to update the bound audiences! This was somewhat mentioned in the
error, but I didn't understand it.
This commit is contained in:
IamTheFij 2024-12-20 11:20:44 -08:00
parent 4a10b97749
commit 32e34db160
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/authelia.tf
View File

@ -172,7 +172,7 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
oidc_discovery_url = "https://authelia.${var.base_hostname}" oidc_discovery_url = "https://authelia.${var.base_hostname}"
oidc_client_id = module.nomad_oidc_client.client_id oidc_client_id = module.nomad_oidc_client.client_id
oidc_client_secret = module.nomad_oidc_client.secret oidc_client_secret = module.nomad_oidc_client.secret
bound_audiences = ["nomad"] bound_audiences = [module.nomad_oidc_client.client_id]
oidc_scopes = [ oidc_scopes = [
"groups", "groups",
"openid", "openid",
@ -190,7 +190,7 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
resource "nomad_acl_binding_rule" "nomad_authelia_admin" { resource "nomad_acl_binding_rule" "nomad_authelia_admin" {
description = "engineering rule" description = "engineering rule"
auth_method = nomad_acl_auth_method.nomad_authelia.name auth_method = nomad_acl_auth_method.nomad_authelia.name
selector = "\"nomad-deploy\" in list.roles" selector = "\"nomad-admin\" in list.roles"
bind_type = "role" bind_type = "role"
bind_name = "admin" # acls.nomad_acl_role.admin.name bind_name = "admin" # acls.nomad_acl_role.admin.name
} }