This repository has been archived on 2026-05-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
app/apps/overlays/uat/terraform/main.tf
T
Test User daf8a7bd56 fix(GRO-693): add UAT Terraform infrastructure with correct GitRepository
- Add terraform workspace at apps/overlays/uat/terraform/ (backend.tf,
  main.tf, variables.tf, users.tf, imports.tf, terraform.tfvars)
- Add Terraform CRD (authentik-terraform.yaml) with correct path
  ./apps/overlays/uat/terraform relative to groombook/app repo root
- Add GitRepository CRD (gitrepository-groombook.yaml) pointing to
  groombook/app at fix/gro-844-network-policy branch (NOT groombook/infra
  which no longer exists)
- Add kustomization.yaml to tie it together

Root cause: the GitRepository was pointing to https://github.com/groombook/infra
which no longer exists, and the terraform files were not committed to the
current repository at the correct path.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-21 19:55:35 +00:00

100 lines
3.6 KiB
Terraform

# =============================================================================
# Terraform configuration for Authentik groombook-uat application
# =============================================================================
# This Terraform workspace manages the Authentik OAuth2 application and provider
# for the groombook-uat environment.
#
# The authentik_token used for authentication is sourced from the
# `authentik-credentials` SealedSecret (injected as TF_VAR_authentik_token
# by the Terraform CRD runnerPodTemplate.spec.varsFrom).
#
# To import existing resources (run via tf-controller exec or locally with
# AUTHENTIK_TOKEN set):
# tofu import authentik_oauth2_provider.groombook-uat pk-284
# tofu import authentik_application.groombook-uat e77a9c45-bed6-4a23-bc62-178f166f099e
# =============================================================================
# -----------------------------------------------------------------------------
# Provider configuration
# -----------------------------------------------------------------------------
terraform {
required_providers {
authentik = {
source = "goauthentik/authentik"
version = "~> 2024.12"
}
}
}
provider "authentik" {
url = var.authentik_url
api_token = var.authentik_token
tls_verify = true
}
# -----------------------------------------------------------------------------
# OAuth2 Provider for groombook-uat
# pk = 284 (existing — imported, not recreated)
# -----------------------------------------------------------------------------
resource "authentik_oauth2_provider" "groombook-uat" {
name = "groombook-uat-provider"
slug = "groombook-uat"
client_id = "" # managed by imported resource; tracked via ignore_changes
client_secret = "" # managed by imported resource; tracked via ignore_changes
client_type = "confidential"
redirect_uris = ["https://uat.groombook.dev/api/auth/oauth2/callback/authentik"]
signing_key = "authentik signing key"
# Keep Terraform from overwriting the client_id, client_secret, and signing_key
# which are managed by the imported existing resource
lifecycle {
ignore_changes = [
client_id,
client_secret,
signing_key,
]
}
}
# -----------------------------------------------------------------------------
# Application for groombook-uat
# pk = e77a9c45-bed6-4a23-bc62-178f166f099e (existing — imported, not recreated)
# -----------------------------------------------------------------------------
resource "authentik_application" "groombook-uat" {
name = "groombook-uat"
slug = "groombook-uat"
group = "groombook"
policy_ids = []
description = "GroomBook UAT application"
# Link to the OAuth2 provider
oauth2_provider = authentik_oauth2_provider.groombook-uat.id
# Track name, slug, group, and oauth2_provider for drift detection;
# ignore policy_ids and description which may be updated out-of-band
lifecycle {
ignore_changes = [
policy_ids,
description,
]
}
}
# -----------------------------------------------------------------------------
# Outputs (for reference / verification)
# -----------------------------------------------------------------------------
output "oauth2_provider_pk" {
description = "Authentik OAuth2 Provider primary key"
value = authentik_oauth2_provider.groombook-uat.pk
}
output "application_pk" {
description = "Authentik Application primary key"
value = authentik_application.groombook-uat.pk
}
output "application_slug" {
description = "Authentik Application slug"
value = authentik_application.groombook-uat.slug
}