Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(terraform): refactor so I can plan in GHA #3173

Merged
merged 7 commits into from
Nov 6, 2024
Merged

feat(terraform): refactor so I can plan in GHA #3173

merged 7 commits into from
Nov 6, 2024

Conversation

joryirving
Copy link
Owner

No description provided.

@github-actions github-actions bot added area/kubernetes Changes made in the kubernetes directory area/github Changes made in the github directory area/terraform cluster/utility labels Nov 6, 2024
@smurf-bot
Copy link
Contributor

smurf-bot bot commented Nov 6, 2024 

--- kubernetes/utility/apps/flux-system/tofu-controller/app Kustomization: flux-system/tofu-controller ExternalSecret: flux-system/terraform-authentik-secret

+++ kubernetes/utility/apps/flux-system/tofu-controller/app Kustomization: flux-system/tofu-controller ExternalSecret: flux-system/terraform-authentik-secret

@@ -1,58 +0,0 @@

----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  labels:
-    app.kubernetes.io/name: tofu-controller
-    kustomize.toolkit.fluxcd.io/name: tofu-controller
-    kustomize.toolkit.fluxcd.io/namespace: flux-system
-  name: terraform-authentik-secret
-  namespace: flux-system
-spec:
-  dataFrom:
-  - extract:
-      key: authentik
-  - extract:
-      key: discord
-  - extract:
-      key: kyoo
-  - extract:
-      key: lubelog
-  - extract:
-      key: grafana
-  - extract:
-      key: headscale
-  - extract:
-      key: paperless
-  - extract:
-      key: portainer
-  - extract:
-      key: weave-gitops
-  refreshInterval: 15m
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: bitwarden-secrets-manager
-  target:
-    name: terraform-authentik-secret
-    template:
-      data:
-        authentik_token: '{{ .AUTHENTIK_TOKEN }}'
-        cluster_domain: ..PLACEHOLDER_SECRET_DOMAIN..
-        discord_client_id: '{{ .DISCORD_CLIENT_ID }}'
-        discord_client_secret: '{{ .DISCORD_CLIENT_SECRET }}'
-        gitops_id: '{{ .GITOPS_CLIENT_ID }}'
-        gitops_secret: '{{ .GITOPS_CLIENT_SECRET }}'
-        grafana_id: '{{ .GRAFANA_CLIENT_ID }}'
-        grafana_secret: '{{ .GRAFANA_CLIENT_SECRET }}'
-        headscale_id: '{{ .HEADSCALE_CLIENT_ID }}'
-        headscale_secret: '{{ .HEADSCALE_CLIENT_SECRET }}'
-        kyoo_id: '{{ .KYOO_CLIENT_ID }}'
-        kyoo_secret: '{{ .KYOO_CLIENT_SECRET }}'
-        lubelog_id: '{{ .LUBELOG_CLIENT_ID }}'
-        lubelog_secret: '{{ .LUBELOG_CLIENT_SECRET }}'
-        paperless_id: '{{ .PAPERLESS_CLIENT_ID }}'
-        paperless_secret: '{{ .PAPERLESS_CLIENT_SECRET }}'
-        portainer_id: '{{ .PORTAINER_CLIENT_ID }}'
-        portainer_secret: '{{ .PORTAINER_CLIENT_SECRET }}'
-      engineVersion: v2
-
--- kubernetes/utility/apps/flux-system/tofu-controller/terraform Kustomization: flux-system/tofu-controller-terraforms Terraform: flux-system/authentik

+++ kubernetes/utility/apps/flux-system/tofu-controller/terraform Kustomization: flux-system/tofu-controller-terraforms Terraform: flux-system/authentik

@@ -32,8 +32,8 @@

   sourceRef:
     kind: OCIRepository
     name: terraform
     namespace: flux-system
   varsFrom:
   - kind: Secret
-    name: terraform-authentik-secret
+    name: terraform-bitwarden-secret
 
--- kubernetes/utility/apps/flux-system/tofu-controller/terraform Kustomization: flux-system/tofu-controller-terraforms Terraform: flux-system/minio

+++ kubernetes/utility/apps/flux-system/tofu-controller/terraform Kustomization: flux-system/tofu-controller-terraforms Terraform: flux-system/minio

@@ -32,8 +32,8 @@

   sourceRef:
     kind: OCIRepository
     name: terraform
     namespace: flux-system
   varsFrom:
   - kind: Secret
-    name: terraform-minio-secret
+    name: terraform-bitwarden-secret

@smurf-bot
Copy link
Contributor

smurf-bot bot commented Nov 6, 2024
edited
Loading

📝 Terraform Plan for minio

→ No Resource Changes!

Triggered by @joryirving, Commit: 2b8a7ae1aaf56daec32bbe5921d3f438d8840ee1

@smurf-bot
Copy link
Contributor

smurf-bot bot commented Nov 6, 2024
edited
Loading

📝 Terraform Plan for authentik

→ Resource Changes: 18 to create, 2 to update, 0 to re-create, 21 to delete.

✨ Create

authentik_application.application["grafana"] 
+ group              = "Monitoring"
+ id                 = (known after apply)
+ meta_icon          = "https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/grafana.png"
+ meta_launch_url    = "https://grafana.jory.dev/login/generic_oauth"
+ name               = "Grafana"
+ open_in_new_tab    = true
+ policy_engine_mode = "all"
+ protocol_provider  = (known after apply)
+ slug               = "grafana"
+ uuid               = (known after apply)
authentik_application.application["headscale"] 
+ group              = "Infrastructure"
+ id                 = (known after apply)
+ meta_icon          = "https://raw.githubusercontent.com/joryirving/home-ops/main/docs/src/assets/icons/headscale.png"
+ meta_launch_url    = "https://headscale.jory.dev/"
+ name               = "Headscale"
+ open_in_new_tab    = true
+ policy_engine_mode = "all"
+ protocol_provider  = (known after apply)
+ slug               = "headscale"
+ uuid               = (known after apply)
authentik_application.application["kyoo"] 
+ group              = "Home"
+ id                 = (known after apply)
+ meta_icon          = "https://raw.githubusercontent.com/zoriya/Kyoo/master/icons/icon-256x256.png"
+ meta_launch_url    = "https://kyoo.jory.dev"
+ name               = "Kyoo"
+ open_in_new_tab    = true
+ policy_engine_mode = "all"
+ protocol_provider  = (known after apply)
+ slug               = "kyoo"
+ uuid               = (known after apply)
authentik_application.application["lubelog"] 
+ group              = "Home"
+ id                 = (known after apply)
+ meta_icon          = "https://demo.lubelogger.com/defaults/lubelogger_icon_72.png"
+ meta_launch_url    = "https://lubelog.jory.dev"
+ name               = "Lubelog"
+ open_in_new_tab    = true
+ policy_engine_mode = "all"
+ protocol_provider  = (known after apply)
+ slug               = "lubelog"
+ uuid               = (known after apply)
authentik_application.application["paperless"] 
+ group              = "Home"
+ id                 = (known after apply)
+ meta_icon          = "https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/paperless.png"
+ meta_launch_url    = "https://paperless.jory.dev/"
+ name               = "Paperless"
+ open_in_new_tab    = true
+ policy_engine_mode = "all"
+ protocol_provider  = (known after apply)
+ slug               = "paperless"
+ uuid               = (known after apply)
authentik_application.application["portainer"] 
+ group              = "Infrastructure"
+ id                 = (known after apply)
+ meta_icon          = "https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/portainer.png"
+ meta_launch_url    = "https://portainer.jory.dev/"
+ name               = "Portainer"
+ open_in_new_tab    = true
+ policy_engine_mode = "all"
+ protocol_provider  = (known after apply)
+ slug               = "portainer"
+ uuid               = (known after apply)
authentik_policy_binding.application_policy_binding["grafana"] 
+ enabled        = true
+ failure_result = false
+ group          = "Monitoring"
+ id             = (known after apply)
+ negate         = false
+ order          = 0
+ target         = (known after apply)
+ timeout        = 30
authentik_policy_binding.application_policy_binding["headscale"] 
+ enabled        = true
+ failure_result = false
+ group          = "Infrastructure"
+ id             = (known after apply)
+ negate         = false
+ order          = 0
+ target         = (known after apply)
+ timeout        = 30
authentik_policy_binding.application_policy_binding["kyoo"] 
+ enabled        = true
+ failure_result = false
+ group          = "Home"
+ id             = (known after apply)
+ negate         = false
+ order          = 0
+ target         = (known after apply)
+ timeout        = 30
authentik_policy_binding.application_policy_binding["lubelog"] 
+ enabled        = true
+ failure_result = false
+ group          = "Home"
+ id             = (known after apply)
+ negate         = false
+ order          = 0
+ target         = (known after apply)
+ timeout        = 30
authentik_policy_binding.application_policy_binding["paperless"] 
+ enabled        = true
+ failure_result = false
+ group          = "Home"
+ id             = (known after apply)
+ negate         = false
+ order          = 0
+ target         = (known after apply)
+ timeout        = 30
authentik_policy_binding.application_policy_binding["portainer"] 
+ enabled        = true
+ failure_result = false
+ group          = "Infrastructure"
+ id             = (known after apply)
+ negate         = false
+ order          = 0
+ target         = (known after apply)
+ timeout        = 30
authentik_provider_oauth2.oauth2["grafana"] 
+ access_code_validity       = "minutes=1"
+ access_token_validity      = "hours=4"
+ authentication_flow        = "745ba906-041d-4740-a7f4-200811f2b00e"
+ authorization_flow         = "01a99e21-6d65-4d0b-a795-fb88146b240e"
+ client_secret              = (sensitive value)
+ client_type                = "confidential"
+ id                         = (known after apply)
+ include_claims_in_id_token = true
+ invalidation_flow          = "db122d51-9e8e-4768-bb38-4428ad2979c8"
+ issuer_mode                = "per_provider"
+ name                       = "grafana"
+ property_mappings          = [
+     "19b3134c-7727-4977-8035-376b0e7b4aff",
+     "f3d51311-4d25-43ef-ba79-d48727efc50f",
+     "55c034ce-f36a-47b5-abc7-fbbf26755e96",
  ]
+ redirect_uris              = [
+     "https://grafana.jory.dev/login/generic_oauth",
  ]
+ refresh_token_validity     = "days=30"
+ signing_key                = "a9791054-b30b-4862-ba60-2d00372998ee"
+ sub_mode                   = "hashed_user_id"
  # (1 unchanged attribute hidden)
authentik_provider_oauth2.oauth2["headscale"] 
+ access_code_validity       = "minutes=1"
+ access_token_validity      = "hours=4"
+ authentication_flow        = "745ba906-041d-4740-a7f4-200811f2b00e"
+ authorization_flow         = "01a99e21-6d65-4d0b-a795-fb88146b240e"
+ client_secret              = (sensitive value)
+ client_type                = "confidential"
+ id                         = (known after apply)
+ include_claims_in_id_token = true
+ invalidation_flow          = "db122d51-9e8e-4768-bb38-4428ad2979c8"
+ issuer_mode                = "per_provider"
+ name                       = "headscale"
+ property_mappings          = [
+     "19b3134c-7727-4977-8035-376b0e7b4aff",
+     "f3d51311-4d25-43ef-ba79-d48727efc50f",
+     "55c034ce-f36a-47b5-abc7-fbbf26755e96",
  ]
+ redirect_uris              = [
+     "https://headscale.jory.dev/oidc/callback",
  ]
+ refresh_token_validity     = "days=30"
+ signing_key                = "a9791054-b30b-4862-ba60-2d00372998ee"
+ sub_mode                   = "hashed_user_id"
  # (1 unchanged attribute hidden)
authentik_provider_oauth2.oauth2["kyoo"] 
+ access_code_validity       = "minutes=1"
+ access_token_validity      = "hours=4"
+ authentication_flow        = "745ba906-041d-4740-a7f4-200811f2b00e"
+ authorization_flow         = "01a99e21-6d65-4d0b-a795-fb88146b240e"
+ client_secret              = (sensitive value)
+ client_type                = "confidential"
+ id                         = (known after apply)
+ include_claims_in_id_token = true
+ invalidation_flow          = "db122d51-9e8e-4768-bb38-4428ad2979c8"
+ issuer_mode                = "per_provider"
+ name                       = "kyoo"
+ property_mappings          = [
+     "19b3134c-7727-4977-8035-376b0e7b4aff",
+     "f3d51311-4d25-43ef-ba79-d48727efc50f",
+     "55c034ce-f36a-47b5-abc7-fbbf26755e96",
  ]
+ redirect_uris              = [
+     "https://kyoo.jory.dev/api/auth/logged/authentik",
  ]
+ refresh_token_validity     = "days=30"
+ signing_key                = "a9791054-b30b-4862-ba60-2d00372998ee"
+ sub_mode                   = "hashed_user_id"
  # (1 unchanged attribute hidden)
authentik_provider_oauth2.oauth2["lubelog"] 
+ access_code_validity       = "minutes=1"
+ access_token_validity      = "hours=4"
+ authentication_flow        = "745ba906-041d-4740-a7f4-200811f2b00e"
+ authorization_flow         = "01a99e21-6d65-4d0b-a795-fb88146b240e"
+ client_secret              = (sensitive value)
+ client_type                = "confidential"
+ id                         = (known after apply)
+ include_claims_in_id_token = true
+ invalidation_flow          = "db122d51-9e8e-4768-bb38-4428ad2979c8"
+ issuer_mode                = "per_provider"
+ name                       = "lubelog"
+ property_mappings          = [
+     "19b3134c-7727-4977-8035-376b0e7b4aff",
+     "f3d51311-4d25-43ef-ba79-d48727efc50f",
+     "55c034ce-f36a-47b5-abc7-fbbf26755e96",
  ]
+ redirect_uris              = [
+     "https://lubelog.jory.dev/Login/RemoteAuth",
  ]
+ refresh_token_validity     = "days=30"
+ signing_key                = "a9791054-b30b-4862-ba60-2d00372998ee"
+ sub_mode                   = "hashed_user_id"
  # (1 unchanged attribute hidden)
authentik_provider_oauth2.oauth2["paperless"] 
+ access_code_validity       = "minutes=1"
+ access_token_validity      = "hours=4"
+ authentication_flow        = "745ba906-041d-4740-a7f4-200811f2b00e"
+ authorization_flow         = "01a99e21-6d65-4d0b-a795-fb88146b240e"
+ client_secret              = (sensitive value)
+ client_type                = "confidential"
+ id                         = (known after apply)
+ include_claims_in_id_token = true
+ invalidation_flow          = "db122d51-9e8e-4768-bb38-4428ad2979c8"
+ issuer_mode                = "per_provider"
+ name                       = "paperless"
+ property_mappings          = [
+     "19b3134c-7727-4977-8035-376b0e7b4aff",
+     "f3d51311-4d25-43ef-ba79-d48727efc50f",
+     "55c034ce-f36a-47b5-abc7-fbbf26755e96",
  ]
+ redirect_uris              = [
+     "https://paperless.jory.dev/accounts/oidc/authentik/login/callback/",
  ]
+ refresh_token_validity     = "days=30"
+ signing_key                = "a9791054-b30b-4862-ba60-2d00372998ee"
+ sub_mode                   = "hashed_user_id"
  # (1 unchanged attribute hidden)
authentik_provider_oauth2.oauth2["portainer"] 
+ access_code_validity       = "minutes=1"
+ access_token_validity      = "hours=4"
+ authentication_flow        = "745ba906-041d-4740-a7f4-200811f2b00e"
+ authorization_flow         = "01a99e21-6d65-4d0b-a795-fb88146b240e"
+ client_secret              = (sensitive value)
+ client_type                = "confidential"
+ id                         = (known after apply)
+ include_claims_in_id_token = true
+ invalidation_flow          = "db122d51-9e8e-4768-bb38-4428ad2979c8"
+ issuer_mode                = "per_provider"
+ name                       = "portainer"
+ property_mappings          = [
+     "19b3134c-7727-4977-8035-376b0e7b4aff",
+     "f3d51311-4d25-43ef-ba79-d48727efc50f",
+     "55c034ce-f36a-47b5-abc7-fbbf26755e96",
  ]
+ redirect_uris              = [
+     "https://portainer.jory.dev/",
  ]
+ refresh_token_validity     = "days=30"
+ signing_key                = "a9791054-b30b-4862-ba60-2d00372998ee"
+ sub_mode                   = "hashed_user_id"
  # (1 unchanged attribute hidden)

♻️ Update

authentik_brand.home 
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change. The value is unchanged.
! domain              = (sensitive value)
  id                  = "cce34b50-3608-4b37-b8c8-cf9833a5ccc6"
  # (13 unchanged attributes hidden)
authentik_source_oauth.discord 
# Warning: this attribute value will no longer be marked as sensitive
# after applying this change.
! consumer_key        = (sensitive value)
! consumer_secret     = (sensitive value)
  id                  = "discord"
  name                = "Discord"
  # (19 unchanged attributes hidden)

🗑️ Delete

authentik_application.gitops_application 
- backchannel_providers = [] -> null
- group                 = "Infrastructure" -> null
- id                    = "gitops" -> null
- meta_icon             = "https://raw.githubusercontent.com/joryirving/home-ops/main/docs/src/assets/icons/weave.png" -> null
- meta_launch_url       = (sensitive value) -> null
- name                  = "Gitops" -> null
- open_in_new_tab       = true -> null
- policy_engine_mode    = "all" -> null
- protocol_provider     = 34 -> null
- slug                  = "gitops" -> null
- uuid                  = "aaaff416-c7aa-484d-8a56-af9c6b197065" -> null
  # (2 unchanged attributes hidden)

→ because authentik_application.gitops_application is not in configuration

authentik_application.grafana_application 
- backchannel_providers = [] -> null
- group                 = "Monitoring" -> null
- id                    = "grafana" -> null
- meta_icon             = "https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/grafana.png" -> null
- meta_launch_url       = (sensitive value) -> null
- name                  = "Grafana" -> null
- open_in_new_tab       = true -> null
- policy_engine_mode    = "all" -> null
- protocol_provider     = 1 -> null
- slug                  = "grafana" -> null
- uuid                  = "f4bb7461-d9ea-46af-94ff-3f2ff814650c" -> null
  # (2 unchanged attributes hidden)

→ because authentik_application.grafana_application is not in configuration

authentik_application.headscale_application 
- backchannel_providers = [] -> null
- group                 = "Infrastructure" -> null
- id                    = "headscale" -> null
- meta_icon             = "https://raw.githubusercontent.com/joryirving/home-ops/main/docs/src/assets/icons/headscale.png" -> null
- meta_launch_url       = (sensitive value) -> null
- name                  = "Headscale" -> null
- open_in_new_tab       = true -> null
- policy_engine_mode    = "all" -> null
- protocol_provider     = 102 -> null
- slug                  = "headscale" -> null
- uuid                  = "de670c7c-8440-4202-ab5c-e9d141d5761c" -> null
  # (2 unchanged attributes hidden)

→ because authentik_application.headscale_application is not in configuration

authentik_application.kyoo_application 
- backchannel_providers = [] -> null
- group                 = "Home" -> null
- id                    = "kyoo" -> null
- meta_icon             = "https://raw.githubusercontent.com/zoriya/Kyoo/master/icons/icon-256x256.png" -> null
- meta_launch_url       = (sensitive value) -> null
- name                  = "Kyoo" -> null
- open_in_new_tab       = true -> null
- policy_engine_mode    = "all" -> null
- protocol_provider     = 101 -> null
- slug                  = "kyoo" -> null
- uuid                  = "b4a31f08-18ec-412c-bb9b-4acb0bd4ab5c" -> null
  # (2 unchanged attributes hidden)

→ because authentik_application.kyoo_application is not in configuration

authentik_application.lubelog_application 
- backchannel_providers = [] -> null
- group                 = "Home" -> null
- id                    = "lubelog" -> null
- meta_icon             = "https://demo.lubelogger.com/defaults/lubelogger_icon_72.png" -> null
- meta_launch_url       = (sensitive value) -> null
- name                  = "Lubelog" -> null
- open_in_new_tab       = true -> null
- policy_engine_mode    = "all" -> null
- protocol_provider     = 68 -> null
- slug                  = "lubelog" -> null
- uuid                  = "669b2251-5882-44b4-a1c0-5e72d1e9f81e" -> null
  # (2 unchanged attributes hidden)

→ because authentik_application.lubelog_application is not in configuration

authentik_application.paperless_application 
- backchannel_providers = [] -> null
- group                 = "Home" -> null
- id                    = "paperless" -> null
- meta_icon             = "https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/paperless.png" -> null
- meta_launch_url       = (sensitive value) -> null
- name                  = "Paperless" -> null
- open_in_new_tab       = true -> null
- policy_engine_mode    = "all" -> null
- protocol_provider     = 67 -> null
- slug                  = "paperless" -> null
- uuid                  = "d7c74643-c7c7-4f6b-a3d5-28a847d5288e" -> null
  # (2 unchanged attributes hidden)

→ because authentik_application.paperless_application is not in configuration

authentik_application.portainer_application 
- backchannel_providers = [] -> null
- group                 = "Infrastructure" -> null
- id                    = "portainer" -> null
- meta_icon             = "https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/portainer.png" -> null
- meta_launch_url       = (sensitive value) -> null
- name                  = "Portainer" -> null
- open_in_new_tab       = true -> null
- policy_engine_mode    = "all" -> null
- protocol_provider     = 2 -> null
- slug                  = "portainer" -> null
- uuid                  = "93a61050-40d0-45a1-8a7f-e3f33c0b2df2" -> null
  # (2 unchanged attributes hidden)

→ because authentik_application.portainer_application is not in configuration

authentik_group.media 
- attributes   = jsonencode({})
- id           = "bf2150a5-9cdf-4b81-8039-38e751c62e83" -> null
- is_superuser = false -> null
- name         = "Media" -> null
- parent       = "699117ec-9643-4b84-b634-ad7c4351a1ac" -> null
- users        = [
-     1,
]   -> null

→ because authentik_group.media is not in configuration

authentik_policy_binding.gitops_infra 
- enabled        = true -> null
- failure_result = false -> null
- group          = "145e0f89-3219-4707-a4ba-523c218c470c" -> null
- id             = "2cc8b324-e6fd-4bfe-83c1-008a4fc40850" -> null
- negate         = false -> null
- order          = 0 -> null
- target         = "aaaff416-c7aa-484d-8a56-af9c6b197065" -> null
- timeout        = 30 -> null
- user           = 0 -> null
  # (1 unchanged attribute hidden)

→ because authentik_policy_binding.gitops_infra is not in configuration

authentik_policy_binding.grafana_admins 
- enabled        = true -> null
- failure_result = false -> null
- group          = "543bf3d7-43c5-466c-aa6c-483839d19c56" -> null
- id             = "ee700df5-0986-4328-87d2-2b1181c5003c" -> null
- negate         = false -> null
- order          = 0 -> null
- target         = "f4bb7461-d9ea-46af-94ff-3f2ff814650c" -> null
- timeout        = 30 -> null
- user           = 0 -> null
  # (1 unchanged attribute hidden)

→ because authentik_policy_binding.grafana_admins is not in configuration

authentik_policy_binding.grafana_infra 
- enabled        = true -> null
- failure_result = false -> null
- group          = "9704b845-23f4-413c-a892-6f22ee7f7c4b" -> null
- id             = "9aea3fa2-3648-4970-b9c1-eaf30246e9d0" -> null
- negate         = false -> null
- order          = 0 -> null
- target         = "f4bb7461-d9ea-46af-94ff-3f2ff814650c" -> null
- timeout        = 30 -> null
- user           = 0 -> null
  # (1 unchanged attribute hidden)

→ because authentik_policy_binding.grafana_infra is not in configuration

authentik_policy_binding.headscale 
- enabled        = true -> null
- failure_result = false -> null
- group          = "243607e7-9d27-4306-95e3-df88959da365" -> null
- id             = "3b8ecb82-79a8-4045-ae9b-b634c54d3a40" -> null
- negate         = false -> null
- order          = 0 -> null
- target         = "de670c7c-8440-4202-ab5c-e9d141d5761c" -> null
- timeout        = 30 -> null
- user           = 0 -> null
  # (1 unchanged attribute hidden)

→ because authentik_policy_binding.headscale is not in configuration

authentik_policy_binding.paperless_monitoring 
- enabled        = true -> null
- failure_result = false -> null
- group          = "4567b672-8b1f-40a4-a4f1-6d9e4281a7aa" -> null
- id             = "38eee2bc-c27e-4a6b-84f7-7ea5f4c09438" -> null
- negate         = false -> null
- order          = 0 -> null
- target         = "d7c74643-c7c7-4f6b-a3d5-28a847d5288e" -> null
- timeout        = 30 -> null
- user           = 0 -> null
  # (1 unchanged attribute hidden)

→ because authentik_policy_binding.paperless_monitoring is not in configuration

authentik_policy_binding.portainer_infra 
- enabled        = true -> null
- failure_result = false -> null
- group          = "145e0f89-3219-4707-a4ba-523c218c470c" -> null
- id             = "caf33cc8-5f55-450d-a550-1e417d25c73a" -> null
- negate         = false -> null
- order          = 0 -> null
- target         = "93a61050-40d0-45a1-8a7f-e3f33c0b2df2" -> null
- timeout        = 30 -> null
- user           = 0 -> null
  # (1 unchanged attribute hidden)

→ because authentik_policy_binding.portainer_infra is not in configuration

authentik_provider_oauth2.gitops_oauth2 
- access_code_validity       = "minutes=1" -> null
- access_token_validity      = "hours=4" -> null
- authorization_flow         = "01a99e21-6d65-4d0b-a795-fb88146b240e" -> null
- client_id                  = (sensitive value) -> null
- client_secret              = (sensitive value) -> null
- client_type                = "confidential" -> null
- id                         = "34" -> null
- include_claims_in_id_token = true -> null
- issuer_mode                = "per_provider" -> null
- jwks_sources               = [] -> null
- name                       = "gitops" -> null
- property_mappings          = [
-     "19b3134c-7727-4977-8035-376b0e7b4aff",
-     "f3d51311-4d25-43ef-ba79-d48727efc50f",
-     "55c034ce-f36a-47b5-abc7-fbbf26755e96",
]   -> null
- redirect_uris              = [
-     (sensitive value),
]   -> null
- refresh_token_validity     = "days=30" -> null
- signing_key                = "a9791054-b30b-4862-ba60-2d00372998ee" -> null
- sub_mode                   = "hashed_user_id" -> null
  # (1 unchanged attribute hidden)

→ because authentik_provider_oauth2.gitops_oauth2 is not in configuration

authentik_provider_oauth2.grafana_oauth2 
- access_code_validity       = "minutes=1" -> null
- access_token_validity      = "hours=4" -> null
- authentication_flow        = "745ba906-041d-4740-a7f4-200811f2b00e" -> null
- authorization_flow         = "01a99e21-6d65-4d0b-a795-fb88146b240e" -> null
- client_id                  = (sensitive value) -> null
- client_secret              = (sensitive value) -> null
- client_type                = "confidential" -> null
- id                         = "1" -> null
- include_claims_in_id_token = true -> null
- issuer_mode                = "per_provider" -> null
- jwks_sources               = [] -> null
- name                       = "grafana" -> null
- property_mappings          = [
-     "19b3134c-7727-4977-8035-376b0e7b4aff",
-     "f3d51311-4d25-43ef-ba79-d48727efc50f",
-     "55c034ce-f36a-47b5-abc7-fbbf26755e96",
]   -> null
- redirect_uris              = [
-     (sensitive value),
]   -> null
- refresh_token_validity     = "days=30" -> null
- signing_key                = "a9791054-b30b-4862-ba60-2d00372998ee" -> null
- sub_mode                   = "hashed_user_id" -> null

→ because authentik_provider_oauth2.grafana_oauth2 is not in configuration

authentik_provider_oauth2.headscale_oauth2 
- access_code_validity       = "minutes=1" -> null
- access_token_validity      = "hours=4" -> null
- authorization_flow         = "01a99e21-6d65-4d0b-a795-fb88146b240e" -> null
- client_id                  = (sensitive value) -> null
- client_secret              = (sensitive value) -> null
- client_type                = "confidential" -> null
- id                         = "102" -> null
- include_claims_in_id_token = true -> null
- issuer_mode                = "per_provider" -> null
- jwks_sources               = [] -> null
- name                       = "headscale" -> null
- property_mappings          = [
-     "19b3134c-7727-4977-8035-376b0e7b4aff",
-     "f3d51311-4d25-43ef-ba79-d48727efc50f",
-     "55c034ce-f36a-47b5-abc7-fbbf26755e96",
]   -> null
- redirect_uris              = [
-     (sensitive value),
]   -> null
- refresh_token_validity     = "days=30" -> null
- signing_key                = "a9791054-b30b-4862-ba60-2d00372998ee" -> null
- sub_mode                   = "hashed_user_id" -> null
  # (1 unchanged attribute hidden)

→ because authentik_provider_oauth2.headscale_oauth2 is not in configuration

authentik_provider_oauth2.kyoo_oauth2 
- access_code_validity       = "minutes=1" -> null
- access_token_validity      = "hours=4" -> null
- authorization_flow         = "01a99e21-6d65-4d0b-a795-fb88146b240e" -> null
- client_id                  = (sensitive value) -> null
- client_secret              = (sensitive value) -> null
- client_type                = "confidential" -> null
- id                         = "101" -> null
- include_claims_in_id_token = true -> null
- issuer_mode                = "per_provider" -> null
- jwks_sources               = [] -> null
- name                       = "kyoo" -> null
- property_mappings          = [
-     "19b3134c-7727-4977-8035-376b0e7b4aff",
-     "f3d51311-4d25-43ef-ba79-d48727efc50f",
-     "55c034ce-f36a-47b5-abc7-fbbf26755e96",
]   -> null
- redirect_uris              = [
-     (sensitive value),
]   -> null
- refresh_token_validity     = "days=30" -> null
- signing_key                = "a9791054-b30b-4862-ba60-2d00372998ee" -> null
- sub_mode                   = "hashed_user_id" -> null
  # (1 unchanged attribute hidden)

→ because authentik_provider_oauth2.kyoo_oauth2 is not in configuration

authentik_provider_oauth2.lubelog_oauth2 
- access_code_validity       = "minutes=1" -> null
- access_token_validity      = "hours=4" -> null
- authorization_flow         = "01a99e21-6d65-4d0b-a795-fb88146b240e" -> null
- client_id                  = (sensitive value) -> null
- client_secret              = (sensitive value) -> null
- client_type                = "confidential" -> null
- id                         = "68" -> null
- include_claims_in_id_token = true -> null
- issuer_mode                = "per_provider" -> null
- jwks_sources               = [] -> null
- name                       = "lubelog" -> null
- property_mappings          = [
-     "19b3134c-7727-4977-8035-376b0e7b4aff",
-     "f3d51311-4d25-43ef-ba79-d48727efc50f",
-     "55c034ce-f36a-47b5-abc7-fbbf26755e96",
]   -> null
- redirect_uris              = [
-     (sensitive value),
]   -> null
- refresh_token_validity     = "days=30" -> null
- signing_key                = "a9791054-b30b-4862-ba60-2d00372998ee" -> null
- sub_mode                   = "hashed_user_id" -> null
  # (1 unchanged attribute hidden)

→ because authentik_provider_oauth2.lubelog_oauth2 is not in configuration

authentik_provider_oauth2.paperless_oauth2 
- access_code_validity       = "minutes=1" -> null
- access_token_validity      = "hours=4" -> null
- authorization_flow         = "01a99e21-6d65-4d0b-a795-fb88146b240e" -> null
- client_id                  = (sensitive value) -> null
- client_secret              = (sensitive value) -> null
- client_type                = "confidential" -> null
- id                         = "67" -> null
- include_claims_in_id_token = true -> null
- issuer_mode                = "per_provider" -> null
- jwks_sources               = [] -> null
- name                       = "paperless" -> null
- property_mappings          = [
-     "19b3134c-7727-4977-8035-376b0e7b4aff",
-     "f3d51311-4d25-43ef-ba79-d48727efc50f",
-     "55c034ce-f36a-47b5-abc7-fbbf26755e96",
]   -> null
- redirect_uris              = [
-     (sensitive value),
]   -> null
- refresh_token_validity     = "days=30" -> null
- signing_key                = "a9791054-b30b-4862-ba60-2d00372998ee" -> null
- sub_mode                   = "hashed_user_id" -> null
  # (1 unchanged attribute hidden)

→ because authentik_provider_oauth2.paperless_oauth2 is not in configuration

authentik_provider_oauth2.portainer_oauth2 
- access_code_validity       = "minutes=1" -> null
- access_token_validity      = "hours=4" -> null
- authorization_flow         = "01a99e21-6d65-4d0b-a795-fb88146b240e" -> null
- client_id                  = (sensitive value) -> null
- client_secret              = (sensitive value) -> null
- client_type                = "confidential" -> null
- id                         = "2" -> null
- include_claims_in_id_token = true -> null
- issuer_mode                = "per_provider" -> null
- jwks_sources               = [] -> null
- name                       = "portainer" -> null
- property_mappings          = [
-     "19b3134c-7727-4977-8035-376b0e7b4aff",
-     "f3d51311-4d25-43ef-ba79-d48727efc50f",
-     "55c034ce-f36a-47b5-abc7-fbbf26755e96",
]   -> null
- redirect_uris              = [
-     (sensitive value),
]   -> null
- refresh_token_validity     = "days=30" -> null
- signing_key                = "a9791054-b30b-4862-ba60-2d00372998ee" -> null
- sub_mode                   = "hashed_user_id" -> null
  # (1 unchanged attribute hidden)

→ because authentik_provider_oauth2.portainer_oauth2 is not in configuration

Triggered by @joryirving, Commit: 2b8a7ae1aaf56daec32bbe5921d3f438d8840ee1

@joryirving joryirving merged commit 07b2c59 into main Nov 6, 2024
11 checks passed
@joryirving joryirving deleted the feat/tf-workflow branch November 6, 2024 18:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/github Changes made in the github directory area/kubernetes Changes made in the kubernetes directory area/terraform cluster/utility
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@joryirving