serguzim/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add minio to authentik

Browse source
This commit is contained in:
Tobias Reisinger 2024-10-09 01:33:24 +02:00
parent 0b838b52cc
commit 979a386831
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
3 changed files with 47 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

38
modules/services/authentik.tf
View file

@ -14,6 +14,39 @@ data "authentik_property_mapping_provider_scope" "default_scopes" {
]
}
resource "authentik_user" "default" {
username = "serguzim"
name = "Tobias Reisinger"
email = "tobias@msrg.cc"
}
resource "authentik_property_mapping_provider_scope" "minio" {
name = "minio"
scope_name = "minio"
expression = <<EOF
if ak_is_group_member(request.user, name="${authentik_group.minio_admins.name}"):
return {
"minio_policy": "consoleAdmin",
}
elif ak_is_group_member(request.user, name="${authentik_group.minio_users.name}"):
return {
"minio_policy": "readonly"
}
return None
EOF
}
resource "authentik_group" "minio_admins" {
name = "Minio admins"
users = [authentik_user.default.id]
}
resource "authentik_group" "minio_users" {
name = "Minio users"
users = []
}
resource "authentik_provider_oauth2" "service_providers" {
for_each = local.services_auth
name = each.value.name
@ -21,7 +54,10 @@ resource "authentik_provider_oauth2" "service_providers" {
client_id = each.value.name
authorization_flow = data.authentik_flow.default_authorization_flow.id
redirect_uris = each.value.auth_redirects
property_mappings = data.authentik_property_mapping_provider_scope.default_scopes.ids
property_mappings = flatten([
data.authentik_property_mapping_provider_scope.default_scopes.ids,
each.key == "minio" ? [authentik_property_mapping_provider_scope.minio.id] : []
])
signing_key = data.authentik_certificate_key_pair.default.id
}