2024-09-20 18:50:34 +00:00
|
|
|
data "authentik_group" "monitoring_publisher" {
|
|
|
|
|
name = "monitor.tjo.cloud publisher"
|
|
|
|
|
include_users = false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resource "authentik_user" "service_account" {
|
|
|
|
|
for_each = var.nodes
|
|
|
|
|
|
2024-11-04 20:32:57 +00:00
|
|
|
username = "${each.value.host}.${local.domain}"
|
|
|
|
|
name = "${each.value.host}.${local.domain}"
|
2024-09-20 18:50:34 +00:00
|
|
|
|
|
|
|
|
type = "service_account"
|
2024-11-04 20:32:57 +00:00
|
|
|
path = "ingress.tjo.cloud"
|
2024-09-20 18:50:34 +00:00
|
|
|
|
|
|
|
|
groups = [
|
|
|
|
|
data.authentik_group.monitoring_publisher.id,
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resource "authentik_token" "service_account" {
|
|
|
|
|
for_each = var.nodes
|
|
|
|
|
|
2024-11-04 20:32:57 +00:00
|
|
|
identifier = replace("service-account-${each.value.host}-${local.domain}", ".", "-")
|
2024-09-20 19:32:17 +00:00
|
|
|
user = authentik_user.service_account[each.key].id
|
2024-11-04 20:32:57 +00:00
|
|
|
description = "Service account for ${each.value.host}.${local.domain} node."
|
2024-09-20 19:32:17 +00:00
|
|
|
expiring = false
|
|
|
|
|
intent = "app_password"
|
|
|
|
|
retrieve_key = true
|
2024-09-20 18:50:34 +00:00
|
|
|
}
|
