Bump authelia

Fix nomad authelia auth
Fixes long standing bug since switching over to auto generated secrets. I forgot to update the bound audiences! This was somewhat mentioned in the error, but I didn't understand it.
2024-12-20 11:21:01 -08:00 · 2024-12-20 11:20:44 -08:00
1 changed files with 3 additions and 3 deletions
--- a/core/authelia.tf
+++ b/core/authelia.tf
@ -4,7 +4,7 @@ module "authelia" {
  name                = "authelia"
  instance_count      = 2
  priority            = 70
-  image               = "authelia/authelia:4.37"
+  image               = "authelia/authelia:4.38"
  args                = ["--config", "$${NOMAD_TASK_DIR}/authelia.yml"]
  ingress             = true
  service_port        = 9999
@ -172,7 +172,7 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
    oidc_discovery_url = "https://authelia.${var.base_hostname}"
    oidc_client_id     = module.nomad_oidc_client.client_id
    oidc_client_secret = module.nomad_oidc_client.secret
-    bound_audiences    = ["nomad"]
+    bound_audiences    = [module.nomad_oidc_client.client_id]
    oidc_scopes = [
      "groups",
      "openid",
@ -190,7 +190,7 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
 resource "nomad_acl_binding_rule" "nomad_authelia_admin" {
  description = "engineering rule"
  auth_method = nomad_acl_auth_method.nomad_authelia.name
-  selector    = "\"nomad-deploy\" in list.roles"
+  selector    = "\"nomad-admin\" in list.roles"
  bind_type   = "role"
  bind_name   = "admin" # acls.nomad_acl_role.admin.name
 }
Author	SHA1	Message	Date
Ian Fijolek	908d960f94	Bump authelia	2024-12-20 11:21:01 -08:00
Ian Fijolek	32e34db160	Fix nomad authelia auth Fixes long standing bug since switching over to auto generated secrets. I forgot to update the bound audiences! This was somewhat mentioned in the error, but I didn't understand it.	2024-12-20 11:20:44 -08:00