#105 introduce local variable to join lists in ces module

cloudogu · Feb 5, 2025 · 43a1c9c · 43a1c9c
1 parent 44b8b58
commit 43a1c9c
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 23 deletions.
diff --git a/terraform/ces-module/main.tf b/terraform/ces-module/main.tf
@@ -34,6 +34,18 @@ locals {
       deployNamespace = split(":", namespaceAndRest.rest)[0] != "k8s-longhorn" ? var.ces_namespace : "longhorn-system"
     }
   ]
+  cas_oidc_config_formatted = {
+    enable = var.cas_oidc_config.enabled
+    discovery_uri = var.cas_oidc_config.discovery_uri
+    client_id = var.cas_oidc_config.client_id
+    display_name = var.cas_oidc_config.display_name
+    optional = var.cas_oidc_config.optional
+    scopes = join(" ", var.cas_oidc_config.scopes)
+    principal_attribute = var.cas_oidc_config.principal_attribute
+    attribute_mapping = var.cas_oidc_config.attribute_mapping
+    allowed_groups = join(", ", var.cas_oidc_config.allowed_groups)
+    initial_admin_usernames = join(", ", var.cas_oidc_config.initial_admin_usernames)
+  }
 }
 
 resource "helm_release" "k8s-ces-setup" {
@@ -77,7 +89,7 @@ resource "helm_release" "k8s-ces-setup" {
             "certificate"     = var.ces_certificate_path != null ? replace(file(var.ces_certificate_path), "\n", "\\n") : ""
             "certificateKey" = var.ces_certificate_key_path != null ? replace(file(var.ces_certificate_key_path), "\n", "\\n") : ""
 
-            "cas_oidc_config" = jsonencode(var.cas_oidc_config)
+            "cas_oidc_config" = jsonencode(local.cas_oidc_config_formatted)
             "cas_oidc_client_secret" = var.cas_oidc_client_secret
           }
         ))

diff --git a/terraform/ces-module/variables.tf b/terraform/ces-module/variables.tf
@@ -184,23 +184,23 @@ variable "cas_oidc_config" {
     client_id               = string
     display_name            = string
     optional                = string
-    scopes                  = string
+    scopes                  = list(string)
     attribute_mapping       = string
     principal_attribute     = string
-    allowed_groups          = string
-    initial_admin_usernames = string
+    allowed_groups          = list(string)
+    initial_admin_usernames = list(string)
   })
   default = {
     enabled                 = false
     discovery_uri           = ""
     client_id               = ""
     display_name            = "CAS oidc provider"
     optional                = false
-    scopes                  = "openid email profile groups"
+    scopes                  = ["openid", "email", "profile", "groups"]
     attribute_mapping       = "email:mail,family_name:surname,given_name:givenName,preferred_username:username,name:displayName,groups:externalGroups"
     principal_attribute     = "preferred_username"
-    allowed_groups          = ""
-    initial_admin_usernames = ""
+    allowed_groups          = []
+    initial_admin_usernames = []
   }
 }
 

diff --git a/terraform/examples/ces_keycloak_gke/.terraform.lock.hcl b/terraform/examples/ces_keycloak_gke/.terraform.lock.hcl
diff --git a/terraform/examples/ces_keycloak_gke/main.tf b/terraform/examples/ces_keycloak_gke/main.tf
@@ -148,9 +148,9 @@ module "ces" {
     client_id               = local.external_cas_openid_client_id
     display_name            = "CAS oidc provider"
     optional                = var.cas_oidc_optional
-    scopes = join(" ", concat(["openid"], var.keycloak_client_scopes))
-    allowed_groups          = join(", ", var.cas_oidc_allowed_groups)
-    initial_admin_usernames = join(", ", var.cas_oidc_initial_admin_usernames)
+    scopes = concat(["openid"], var.keycloak_client_scopes)
+    allowed_groups          = var.cas_oidc_allowed_groups
+    initial_admin_usernames = var.cas_oidc_initial_admin_usernames
   }
   cas_oidc_client_secret = module.keycloak.client_secret
 }