From 43a1c9c969a2f051a240ab391655c0ee288cb7b6 Mon Sep 17 00:00:00 2001 From: meiserloh Date: Wed, 5 Feb 2025 15:11:31 +0100 Subject: [PATCH] #105 introduce local variable to join lists in ces module --- terraform/ces-module/main.tf | 14 +++++++++- terraform/ces-module/variables.tf | 12 ++++----- .../ces_keycloak_gke/.terraform.lock.hcl | 26 +++++++++---------- terraform/examples/ces_keycloak_gke/main.tf | 6 ++--- 4 files changed, 35 insertions(+), 23 deletions(-) diff --git a/terraform/ces-module/main.tf b/terraform/ces-module/main.tf index f77a234..37136bb 100644 --- a/terraform/ces-module/main.tf +++ b/terraform/ces-module/main.tf @@ -34,6 +34,18 @@ locals { deployNamespace = split(":", namespaceAndRest.rest)[0] != "k8s-longhorn" ? var.ces_namespace : "longhorn-system" } ] + cas_oidc_config_formatted = { + enable = var.cas_oidc_config.enabled + discovery_uri = var.cas_oidc_config.discovery_uri + client_id = var.cas_oidc_config.client_id + display_name = var.cas_oidc_config.display_name + optional = var.cas_oidc_config.optional + scopes = join(" ", var.cas_oidc_config.scopes) + principal_attribute = var.cas_oidc_config.principal_attribute + attribute_mapping = var.cas_oidc_config.attribute_mapping + allowed_groups = join(", ", var.cas_oidc_config.allowed_groups) + initial_admin_usernames = join(", ", var.cas_oidc_config.initial_admin_usernames) + } } resource "helm_release" "k8s-ces-setup" { @@ -77,7 +89,7 @@ resource "helm_release" "k8s-ces-setup" { "certificate" = var.ces_certificate_path != null ? replace(file(var.ces_certificate_path), "\n", "\\n") : "" "certificateKey" = var.ces_certificate_key_path != null ? replace(file(var.ces_certificate_key_path), "\n", "\\n") : "" - "cas_oidc_config" = jsonencode(var.cas_oidc_config) + "cas_oidc_config" = jsonencode(local.cas_oidc_config_formatted) "cas_oidc_client_secret" = var.cas_oidc_client_secret } )) diff --git a/terraform/ces-module/variables.tf b/terraform/ces-module/variables.tf index d6208b8..1bd78df 100644 --- a/terraform/ces-module/variables.tf +++ b/terraform/ces-module/variables.tf @@ -184,11 +184,11 @@ variable "cas_oidc_config" { client_id = string display_name = string optional = string - scopes = string + scopes = list(string) attribute_mapping = string principal_attribute = string - allowed_groups = string - initial_admin_usernames = string + allowed_groups = list(string) + initial_admin_usernames = list(string) }) default = { enabled = false @@ -196,11 +196,11 @@ variable "cas_oidc_config" { client_id = "" display_name = "CAS oidc provider" optional = false - scopes = "openid email profile groups" + scopes = ["openid", "email", "profile", "groups"] attribute_mapping = "email:mail,family_name:surname,given_name:givenName,preferred_username:username,name:displayName,groups:externalGroups" principal_attribute = "preferred_username" - allowed_groups = "" - initial_admin_usernames = "" + allowed_groups = [] + initial_admin_usernames = [] } } diff --git a/terraform/examples/ces_keycloak_gke/.terraform.lock.hcl b/terraform/examples/ces_keycloak_gke/.terraform.lock.hcl index 528e9eb..59a5590 100644 --- a/terraform/examples/ces_keycloak_gke/.terraform.lock.hcl +++ b/terraform/examples/ces_keycloak_gke/.terraform.lock.hcl @@ -2,21 +2,21 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "6.18.1" + version = "6.19.0" constraints = ">= 5.3.0, >= 5.31.1" hashes = [ - "h1:8zB9kfcafSCeIFO/Ein+Z5gN6hMIV4CrPm43evEkzTE=", - "zh:43543160dc2cee6f05b37eadc49e0da2ed99b1d16ca40dcb74de4ec17bf30430", - "zh:44e92661b6b2e7823f931c459780eaa844c7ee8fecca676aa632ededfc0d6180", - "zh:504cc9967f9e51969d012338e7b36bf689a672e0c780d821ea36bbad0d1bd4c4", - "zh:6e3c24761dd073984274dcdb5e5a7f81619c2665c2aef5b35769b31cb1c72bb8", - "zh:86ce6f0049a4d243574f5c3a31b6e405cc48e203f3d97722615779a5f06143e4", - "zh:bf2b79a89ea02d146a3ea0c1c1232bb065ba2283c54f4a3d4ac8b04e11f2119d", - "zh:ca5e3a2758c92a934e91a5d1919947300e0645e2ba71aeb9884b896e6b123d3f", - "zh:d8f4f55faea7250226839a02c6134d193f3d072293452be58e8181aab925b1ad", - "zh:e5189f66c2c4e1264092c79d11bc07e7dc82d99701dc0592dcd879a746ec2910", - "zh:e6471441d4565910a67d79f480dafc8c1d19e29ae1588b0515269f7fb815f40f", - "zh:e6514660a85b8f921b968576250ac3d983cda1c06aaef801c21e908a8b9f873b", + "h1:Mug/ens8Xqf8uyAL249htDwsfWiDbzeJROygk7BXMkc=", + "zh:32ffeedd1131d81f290f4e4213b948c221f40d6b3b5e54b22781c2ed6e8ad3a5", + "zh:40b388e0356d849e6bf3f03be950f6bb7fa3e26a9a85977662f58f693a93901b", + "zh:5775262765dd66dae4886f3e8c85a39d4954892e352ce077e21f9310ffd6a9f4", + "zh:5e4626bdde902e35c97179a421fb303fa76e08ef89271275a40468d26f93a05e", + "zh:5fcc9482ec0b697f0d2223117f770e7eb6146837bf5d509b1ed59ae24ffd623f", + "zh:829e8bb61e4ac47e70138f7a381e9f0e6e51dc76d4f373fd0eb2da7d9d3d5968", + "zh:8baeab5b3bcafb03cb567302df6047580300b5881de9694c3fa40f4b6f6bf714", + "zh:a6a800d89e3dcbdcb5ba8bd87e981a1336785cdb206610581ba072828b2a83c4", + "zh:bf7620009f0a1b89756f2aa2a748db8bd0683947f26bb1999ba1c8c6479d1149", + "zh:d93b4202012672becf64473775330928c3cdf4471eb3db4502e7cca1badfbe6a", + "zh:dbeae2a0a11062d285964c0360c8f090cf260d163823c0f237396ce64900fb43", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/terraform/examples/ces_keycloak_gke/main.tf b/terraform/examples/ces_keycloak_gke/main.tf index cce6f5e..36ca91c 100644 --- a/terraform/examples/ces_keycloak_gke/main.tf +++ b/terraform/examples/ces_keycloak_gke/main.tf @@ -148,9 +148,9 @@ module "ces" { client_id = local.external_cas_openid_client_id display_name = "CAS oidc provider" optional = var.cas_oidc_optional - scopes = join(" ", concat(["openid"], var.keycloak_client_scopes)) - allowed_groups = join(", ", var.cas_oidc_allowed_groups) - initial_admin_usernames = join(", ", var.cas_oidc_initial_admin_usernames) + scopes = concat(["openid"], var.keycloak_client_scopes) + allowed_groups = var.cas_oidc_allowed_groups + initial_admin_usernames = var.cas_oidc_initial_admin_usernames } cas_oidc_client_secret = module.keycloak.client_secret } \ No newline at end of file