-
Notifications
You must be signed in to change notification settings - Fork 33
/
Copy pathmain.tf
158 lines (141 loc) · 5.57 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
resource "rhcs_identity_provider" "github_identity_provider" {
count = lower(var.idp_type) == "github" ? 1 : 0
cluster = var.cluster_id
name = var.name
mapping_method = var.mapping_method
github = {
client_id = var.github_idp_client_id
client_secret = var.github_idp_client_secret
ca = var.github_idp_ca
hostname = var.github_idp_hostname
organizations = var.github_idp_organizations
teams = var.github_idp_teams
}
lifecycle {
precondition {
condition = (lower(var.idp_type) == "github" && var.github_idp_client_id == null) == false
error_message = "\"github_idp_client_id\" mustn't be empty when creating Github Identity Provider."
}
precondition {
condition = (lower(var.idp_type) == "github" && var.github_idp_client_secret == null) == false
error_message = "\"github_idp_client_secret\" mustn't be empty when creating Github Identity Provider."
}
}
}
resource "rhcs_identity_provider" "gitlab_identity_provider" {
count = lower(var.idp_type) == "gitlab" ? 1 : 0
cluster = var.cluster_id
name = var.name
mapping_method = var.mapping_method
gitlab = {
client_id = var.gitlab_idp_client_id
client_secret = var.gitlab_idp_client_secret
url = var.gitlab_idp_url
ca = var.gitlab_idp_ca
}
lifecycle {
precondition {
condition = (lower(var.idp_type) == "gitlab" && var.gitlab_idp_client_id == null) == false
error_message = "\"gitlab_idp_client_id\" mustn't be empty when creating Gitlab Identity Provider."
}
precondition {
condition = (lower(var.idp_type) == "gitlab" && var.gitlab_idp_client_secret == null) == false
error_message = "\"gitlab_idp_client_secret\" mustn't be empty when creating Gitlab Identity Provider."
}
precondition {
condition = (lower(var.idp_type) == "gitlab" && var.gitlab_idp_url == null) == false
error_message = "\"gitlab_idp_url\" mustn't be empty when creating Gitlab Identity Provider."
}
}
}
resource "rhcs_identity_provider" "google_identity_provider" {
count = lower(var.idp_type) == "google" ? 1 : 0
cluster = var.cluster_id
name = var.name
mapping_method = var.mapping_method
google = {
client_id = var.google_idp_client_id
client_secret = var.google_idp_client_secret
hosted_domain = var.google_idp_hosted_domain
}
lifecycle {
precondition {
condition = (lower(var.idp_type) == "google" && var.google_idp_client_id == null) == false
error_message = "\"google_idp_client_id\" mustn't be empty when creating Google Identity Provider."
}
precondition {
condition = (lower(var.idp_type) == "google" && var.google_idp_client_secret == null) == false
error_message = "\"google_idp_client_secret\" mustn't be empty when creating Google Identity Provider."
}
}
}
resource "rhcs_identity_provider" "htpasswd_identity_provider" {
count = lower(var.idp_type) == "htpasswd" ? 1 : 0
cluster = var.cluster_id
name = var.name
mapping_method = var.mapping_method
htpasswd = {
users = var.htpasswd_idp_users
}
lifecycle {
precondition {
condition = (lower(var.idp_type) == "htpasswd" && var.htpasswd_idp_users == null) == false
error_message = "\"htpasswd_idp_users\" mustn't be empty when creating Htpasswd Identity Provider."
}
}
}
resource "rhcs_identity_provider" "ldap_identity_provider" {
count = lower(var.idp_type) == "ldap" ? 1 : 0
cluster = var.cluster_id
name = var.name
mapping_method = var.mapping_method
ldap = {
bind_dn = var.ldap_idp_bind_dn
bind_password = var.ldap_idp_bind_password
ca = var.ldap_idp_ca
insecure = var.ldap_idp_insecure
url = var.ldap_idp_url
attributes = {
email = var.ldap_idp_emails
id = var.ldap_idp_ids
name = var.ldap_idp_names
preferred_username = var.ldap_idp_preferred_usernames
}
}
lifecycle {
precondition {
condition = (lower(var.idp_type) == "ldap" && var.ldap_idp_url == null) == false
error_message = "\"ldap_idp_url\" mustn't be empty when creating LDAP Identity Provider."
}
}
}
resource "rhcs_identity_provider" "openid_identity_provider" {
count = lower(var.idp_type) == "openid" ? 1 : 0
cluster = var.cluster_id
name = var.name
mapping_method = var.mapping_method
openid = {
ca = var.openid_idp_ca
claims = {
email = var.openid_idp_claims_email
groups = var.openid_idp_claims_groups
name = var.openid_idp_claims_name
preferred_username = var.openid_idp_claims_preferred_username
}
client_id = var.openid_idp_client_id
client_secret = var.openid_idp_client_secret
extra_scopes = var.openid_idp_extra_scopes
extra_authorize_parameters = var.openid_idp_extra_authorize_parameters
issuer = var.openid_idp_issuer
}
lifecycle {
precondition {
condition = (lower(var.idp_type) == "openid" && var.openid_idp_client_id == null) == false
error_message = "\"openid_idp_client_id\" mustn't be empty when creating OpenID Identity Provider."
}
precondition {
condition = (lower(var.idp_type) == "openid" && var.openid_idp_client_secret == null) == false
error_message = "\"openid_idp_client_secret\" mustn't be empty when creating OpenID Identity Provider."
}
}
}