51 lines
1.4 KiB
HCL
51 lines
1.4 KiB
HCL
resource "random_password" "oidc_client_id" {
|
|
length = 72
|
|
override_special = "-._~"
|
|
}
|
|
|
|
resource "random_password" "oidc_secret" {
|
|
length = 72
|
|
override_special = "-._~"
|
|
}
|
|
|
|
resource "nomad_variable" "authelia_oidc_secret" {
|
|
path = "secrets/authelia/${var.name}"
|
|
items = {
|
|
client_id = resource.random_password.oidc_client_id.result
|
|
secret = resource.random_password.oidc_secret.result
|
|
secret_hash = resource.random_password.oidc_secret.bcrypt_hash
|
|
}
|
|
}
|
|
|
|
resource "nomad_variable" "authelia_access_control_oidc" {
|
|
path = "authelia/access_control/oidc_clients/${var.name}"
|
|
items = {
|
|
id = resource.random_password.oidc_client_id.result
|
|
description = var.oidc_client_config.description
|
|
authorization_policy = var.oidc_client_config.authorization_policy
|
|
redirect_uris = yamlencode(var.oidc_client_config.redirect_uris)
|
|
scopes = yamlencode(var.oidc_client_config.scopes)
|
|
}
|
|
}
|
|
|
|
resource "nomad_acl_policy" "oidc_authelia" {
|
|
count = var.job_acl != null ? 1 : 0
|
|
name = "${var.name}-authelia"
|
|
description = "Give access to shared authelia variables"
|
|
rules_hcl = <<EOH
|
|
namespace "default" {
|
|
variables {
|
|
path "secrets/authelia/${var.name}" {
|
|
capabilities = ["read"]
|
|
}
|
|
}
|
|
}
|
|
EOH
|
|
|
|
job_acl {
|
|
job_id = var.job_acl.job_id
|
|
group = var.job_acl.group
|
|
task = var.job_acl.task
|
|
}
|
|
}
|