30 lines
827 B
HCL
30 lines
827 B
HCL
data "authentik_group" "monitoring_publisher" {
|
|
name = "monitor.tjo.cloud publisher"
|
|
include_users = false
|
|
}
|
|
|
|
resource "authentik_user" "service_account" {
|
|
for_each = var.nodes
|
|
|
|
username = "${each.value.name}.ingress@svc.tjo.cloud"
|
|
name = "${each.value.name}.ingress@svc.tjo.cloud"
|
|
email = "${each.value.name}.ingress@svc.tjo.cloud"
|
|
|
|
type = "service_account"
|
|
path = "svc.tjo.cloud"
|
|
|
|
groups = [
|
|
data.authentik_group.monitoring_publisher.id,
|
|
]
|
|
}
|
|
|
|
resource "authentik_token" "service_account" {
|
|
for_each = var.nodes
|
|
|
|
identifier = "svc-tjo-cloud-service-account-${each.value.name}"
|
|
user = authentik_user.service_account[each.key].id
|
|
description = "Service account for ${each.value.name} node"
|
|
expiring = false
|
|
intent = "app_password"
|
|
retrieve_key = true
|
|
}
|