Add minio to authentik
This commit is contained in:
parent
0b838b52cc
commit
979a386831
3 changed files with 47 additions and 2 deletions
modules/services
|
@ -14,6 +14,39 @@ data "authentik_property_mapping_provider_scope" "default_scopes" {
|
|||
]
|
||||
}
|
||||
|
||||
resource "authentik_user" "default" {
|
||||
username = "serguzim"
|
||||
name = "Tobias Reisinger"
|
||||
email = "tobias@msrg.cc"
|
||||
}
|
||||
|
||||
resource "authentik_property_mapping_provider_scope" "minio" {
|
||||
name = "minio"
|
||||
scope_name = "minio"
|
||||
expression = <<EOF
|
||||
if ak_is_group_member(request.user, name="${authentik_group.minio_admins.name}"):
|
||||
return {
|
||||
"minio_policy": "consoleAdmin",
|
||||
}
|
||||
elif ak_is_group_member(request.user, name="${authentik_group.minio_users.name}"):
|
||||
return {
|
||||
"minio_policy": "readonly"
|
||||
}
|
||||
return None
|
||||
EOF
|
||||
}
|
||||
|
||||
resource "authentik_group" "minio_admins" {
|
||||
name = "Minio admins"
|
||||
users = [authentik_user.default.id]
|
||||
}
|
||||
|
||||
resource "authentik_group" "minio_users" {
|
||||
name = "Minio users"
|
||||
users = []
|
||||
}
|
||||
|
||||
|
||||
resource "authentik_provider_oauth2" "service_providers" {
|
||||
for_each = local.services_auth
|
||||
name = each.value.name
|
||||
|
@ -21,7 +54,10 @@ resource "authentik_provider_oauth2" "service_providers" {
|
|||
client_id = each.value.name
|
||||
authorization_flow = data.authentik_flow.default_authorization_flow.id
|
||||
redirect_uris = each.value.auth_redirects
|
||||
property_mappings = data.authentik_property_mapping_provider_scope.default_scopes.ids
|
||||
property_mappings = flatten([
|
||||
data.authentik_property_mapping_provider_scope.default_scopes.ids,
|
||||
each.key == "minio" ? [authentik_property_mapping_provider_scope.minio.id] : []
|
||||
])
|
||||
signing_key = data.authentik_certificate_key_pair.default.id
|
||||
}
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue