diff --git a/tf/deployment/data/users.json b/tf/deployment/data/users.json index 998b052c1..03790eeea 100644 --- a/tf/deployment/data/users.json +++ b/tf/deployment/data/users.json @@ -8,7 +8,9 @@ "username": "alex.tran1502", "id": 285511635735543828 }, - "role": "admin" + "roles": [ + "admin" + ] }, { "github": { @@ -19,7 +21,9 @@ "username": "jrasm91", "id": 613523742479483183 }, - "role": "admin", + "roles": [ + "admin" + ], "dev": true }, { @@ -29,10 +33,12 @@ }, "discord": { "username": "bo0tzz", - "id": 324007594262003722, - "extra_roles": ["yucca"] + "id": 324007594262003722 }, - "role": "admin", + "roles": [ + "admin", + "yucca" + ], "dev": true }, { @@ -42,10 +48,12 @@ }, "discord": { "username": "zackpollard", - "id": 185097470215192579, - "extra_roles": ["yucca"] + "id": 185097470215192579 }, - "role": "admin", + "roles": [ + "admin", + "yucca" + ], "dev": true }, { @@ -55,10 +63,12 @@ }, "discord": { "username": "onedr0p", - "id": 261368074328997888, - "extra_roles": ["yucca"] + "id": 261368074328997888 }, - "role": "team" + "roles": [ + "team", + "yucca" + ] }, { "github": { @@ -67,10 +77,12 @@ }, "discord": { "username": "nutgood", - "id": 129782158972813312, - "extra_roles": ["yucca"] + "id": 129782158972813312 }, - "role": "team" + "roles": [ + "team", + "yucca" + ] }, { "github": { @@ -79,10 +91,12 @@ }, "discord": { "username": "nirokato", - "id": 269581865881436170, - "extra_roles": ["yucca"] + "id": 269581865881436170 }, - "role": "team" + "roles": [ + "team", + "yucca" + ] }, { "github": { @@ -93,7 +107,9 @@ "username": "ddietzler", "id": 273458650557841408 }, - "role": "team", + "roles": [ + "team" + ], "dev": true }, { @@ -105,7 +121,9 @@ "username": ".eleman.", "id": 1110388960842219662 }, - "role": "team" + "roles": [ + "team" + ] }, { "github": { @@ -116,7 +134,9 @@ "username": "shenlong", "id": 879025674214584330 }, - "role": "team", + "roles": [ + "team" + ], "dev": true }, { @@ -128,7 +148,9 @@ "username": "bwees", "id": 172431702465970176 }, - "role": "team" + "roles": [ + "team" + ] }, { "github": { @@ -137,10 +159,12 @@ }, "discord": { "username": "insert", - "id": 99765584266264576, - "extra_roles": ["yucca"] + "id": 99765584266264576 }, - "role": "team" + "roles": [ + "team", + "yucca" + ] }, { "github": { @@ -151,7 +175,9 @@ "username": "eronwolf", "id": 264509889018068994 }, - "role": "futo" + "roles": [ + "futo" + ] }, { "github": { @@ -162,7 +188,9 @@ "username": "kennyfuto", "id": 1402320140938510398 }, - "role": "futo" + "roles": [ + "futo" + ] }, { "github": { @@ -173,7 +201,9 @@ "username": "", "id": 0 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -184,7 +214,9 @@ "username": "adamantike", "id": 820328828580134953 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -195,7 +227,9 @@ "username": "arnolicious", "id": 261816135387709441 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -206,7 +240,9 @@ "username": "hungrypandas", "id": 391059578743160832 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -217,7 +253,9 @@ "username": "benmccann", "id": 709488329003106344 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -228,7 +266,9 @@ "username": "brighteyed", "id": 638460185228345345 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -239,7 +279,9 @@ "username": "keinfalschparker", "id": 1270365817304912046 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -250,7 +292,9 @@ "username": "etnoy", "id": 1084581712702472252 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -261,7 +305,9 @@ "username": "zody", "id": 145524839938129920 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -272,7 +318,9 @@ "username": "exonintrendo", "id": 281866662007799809 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -283,7 +331,9 @@ "username": "jbaez", "id": 900373145020678194 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -294,7 +344,9 @@ "username": "martabal", "id": 261069120416514059 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -305,7 +357,9 @@ "username": "matthinc", "id": 335669624576278540 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -316,7 +370,9 @@ "username": "michelheusschen", "id": 234061895865204737 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -327,7 +383,9 @@ "username": "starl1ghtshad0w", "id": 851188544294092831 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -338,7 +396,9 @@ "username": "trustfullama", "id": 477906816022609940 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -349,7 +409,9 @@ "username": "pixeljonas", "id": 160439962502692864 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -360,7 +422,9 @@ "username": "samholton", "id": 334878799223193611 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -371,7 +435,9 @@ "username": "snowknight26", "id": 287636133876334613 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -382,7 +448,9 @@ "username": "theflamingchicken", "id": 720985629323952151 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -393,7 +461,9 @@ "username": "uhhthomas", "id": 105750004563509248 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -404,7 +474,9 @@ "username": "cjpeckover", "id": 425761443120545814 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -415,7 +487,9 @@ "username": "yarossyubayev", "id": 519561606175129600 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -426,7 +500,9 @@ "username": "idubnori", "id": 1425067440223682772 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -437,7 +513,9 @@ "username": "mees74", "id": 681497453307887617 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -448,7 +526,9 @@ "username": "timonthegoat", "id": 970963099400159233 }, - "role": "contributor" + "roles": [ + "contributor" + ] }, { "github": { @@ -459,7 +539,9 @@ "username": "aviv251", "id": 360064066527690753 }, - "role": "support" + "roles": [ + "support" + ] }, { "github": { @@ -470,7 +552,9 @@ "username": "crushedasian255", "id": 386612331288723469 }, - "role": "support" + "roles": [ + "support" + ] }, { "github": { @@ -481,7 +565,9 @@ "username": "ddshd", "id": 271815201290977288 }, - "role": "support" + "roles": [ + "support" + ] }, { "github": { @@ -492,7 +578,9 @@ "username": "winterharris", "id": 330256861980786688 }, - "role": "support" + "roles": [ + "support" + ] }, { "github": { @@ -503,7 +591,9 @@ "username": "icedragon2002002", "id": 303309066246291459 }, - "role": "support" + "roles": [ + "support" + ] }, { "github": { @@ -514,7 +604,9 @@ "username": "lifeofvio", "id": 191602681280724992 }, - "role": "support" + "roles": [ + "support" + ] }, { "github": { @@ -525,7 +617,9 @@ "username": "mraedis", "id": 145451920557867008 }, - "role": "support" + "roles": [ + "support" + ] }, { "github": { @@ -536,7 +630,9 @@ "username": "nicholasflamy", "id": 404750535342686209 }, - "role": "support" + "roles": [ + "support" + ] }, { "github": { @@ -547,7 +643,9 @@ "username": "questionario", "id": 573858858221699092 }, - "role": "support" + "roles": [ + "support" + ] }, { "github": { @@ -558,7 +656,9 @@ "username": "schuhbacca1", "id": 275064456210284546 }, - "role": "support" + "roles": [ + "support" + ] }, { "github": { @@ -569,7 +669,9 @@ "username": "solid256", "id": 1142920273851592814 }, - "role": "support" + "roles": [ + "support" + ] }, { "github": { @@ -580,7 +682,9 @@ "username": "zzzeus.", "id": 304729090064252948 }, - "role": "support" + "roles": [ + "support" + ] }, { "github": { @@ -591,7 +695,9 @@ "username": "nomachine", "id": 662674908492333056 }, - "role": "support" + "roles": [ + "support" + ] }, { "github": { @@ -602,7 +708,9 @@ "username": "skatsubo", "id": 1347560736079085599 }, - "role": "support" + "roles": [ + "support" + ] }, { "github": { @@ -613,7 +721,9 @@ "username": "xiticks", "id": 218413626061619201 }, - "role": "support" + "roles": [ + "support" + ] }, { "github": { @@ -624,6 +734,8 @@ "username": "isamu4919", "id": 135843138492170241 }, - "role": "support" + "roles": [ + "support" + ] } ] diff --git a/tf/deployment/modules/scoped/discord/community/.terraform.lock.hcl b/tf/deployment/modules/scoped/discord/community/.terraform.lock.hcl index 526f42216..03c4d99ac 100644 --- a/tf/deployment/modules/scoped/discord/community/.terraform.lock.hcl +++ b/tf/deployment/modules/scoped/discord/community/.terraform.lock.hcl @@ -24,21 +24,6 @@ provider "registry.opentofu.org/1password/onepassword" { ] } -provider "registry.opentofu.org/lucky3028/discord" { - version = "2.4.0" - hashes = [ - "h1:41nnrVu8+FD3/3DNPOPfMFQXvpLyDCJwkvVAUG2Y7s0=", - "zh:02bb7284c37830a76999ede8a6bb3664eaca81a8acf1a2f64c92fdc2e0b874c1", - "zh:22aad2828a393d9a2c2f44fb37f2292b12c75b3ef64b4a960494cf344fd8a684", - "zh:25e78b0e88e922cc99ac635f98bd820ddba04d04d9aea1382440d3534fd9e8e8", - "zh:64e1ce03929f1ab666b0da7bedb50193b898e81530485769c69d68dd9df6f569", - "zh:677f16a526a2f30a77d6b6f1d8de75889b618fc4eeb7fc4d7e1504ef6d1a5244", - "zh:849d3a36d10e1ad31b1920f229ed92019e7513a2ac83c787ed1f0cabb4671b5a", - "zh:8ba850225e1441e3c7e963af8914952ca27979b0c17be312c0a5a50fa2b5da75", - "zh:90caaa5df125a7f4c65d631a83249416268be15bdf2f01bd8095393ad72fd29c", - ] -} - provider "registry.terraform.io/zp-forks/discord" { version = "3.2.0" constraints = "~> 3.2" diff --git a/tf/deployment/modules/scoped/discord/community/users.tf b/tf/deployment/modules/scoped/discord/community/users.tf index 03d07080b..fbef506e7 100644 --- a/tf/deployment/modules/scoped/discord/community/users.tf +++ b/tf/deployment/modules/scoped/discord/community/users.tf @@ -9,31 +9,31 @@ resource "discord_member_roles" "roles" { user_id = each.value.discord.id role { role_id = discord_role.admin.id - has_role = contains(["admin"], each.value.role) + has_role = contains(each.value.roles, "admin") } role { role_id = discord_role.team.id - has_role = contains(["yucca", "team", "admin"], each.value.role) + has_role = length(setintersection(toset(each.value.roles), toset(["yucca", "team", "admin"]))) > 0 } role { role_id = discord_role.contributor.id - has_role = contains(["contributor", "futo", "yucca", "team", "admin"], each.value.role) + has_role = length(setintersection(toset(each.value.roles), toset(["contributor", "futo", "yucca", "team", "admin"]))) > 0 } role { role_id = discord_role.futo.id - has_role = contains(["futo", "yucca", "team", "admin"], each.value.role) + has_role = length(setintersection(toset(each.value.roles), toset(["futo", "yucca", "team", "admin"]))) > 0 } role { role_id = discord_role.support_crew.id - has_role = contains(["support"], each.value.role) + has_role = contains(each.value.roles, "support") } role { role_id = discord_role.yucca.id - has_role = contains(["yucca"], each.value.role) || contains(try(each.value.discord.extra_roles, []), "yucca") + has_role = contains(each.value.roles, "yucca") } } diff --git a/tf/deployment/modules/scoped/monitoring/grafana/.terraform.lock.hcl b/tf/deployment/modules/scoped/monitoring/grafana/.terraform.lock.hcl index 3d1903c1e..e69ceb7e4 100644 --- a/tf/deployment/modules/scoped/monitoring/grafana/.terraform.lock.hcl +++ b/tf/deployment/modules/scoped/monitoring/grafana/.terraform.lock.hcl @@ -2,25 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/1password/onepassword" { - version = "2.1.2" + version = "2.2.1" constraints = "~> 2.1" hashes = [ - "h1:GodYqoGG/PLyQr/Zm3EAw/lU4ixmDkWGPSJnAGT95nA=", - "zh:03d20138bf7bc645707b2c0c00203f66c07902d03c72be3f5f7bc365155bdc35", - "zh:0bf54b246f141a7d0cb75c7c2c086d372c810efc061bf5a7ae0b62b70d9558f4", - "zh:0ee19a8d1c193eaacc9679fb5ccf1d2be5d0c5e4173c3f3d82c09c717d3f354e", - "zh:152c35cdd1bb98683c0a24e48b286eab0473735da242aa27b39df81bc6f84b63", - "zh:293d264bccae325cdadcc9125b1d9fe9947a06cab05abb27c301d6244ef24cfd", - "zh:37ade0a6cc2c8c2a15535f83281caf54f6fcbc9c75f0588407f1dd8da04a9a95", - "zh:3c28c2352cd12464543e95b7d0b827abfe42794e9779f4e049789d864f88f3af", - "zh:4676825834b3132234250046ad888b881ad54f6369b5f0302c6b3250ad4983b1", - "zh:7da0327fe81c50bb71b510b342a5e2b90a3129f0e30dc479947b50e1dba9fa0d", + "h1:CosIqZ6jkgylvF23rLyNixIecZAAhFyb61sLl6GrEsc=", + "zh:025709a6b5f1b3685d277f2c48f7cb8b53d14b3699c1123d7e9a2135c099c533", + "zh:037fc89d150063a8aacdcab08ba26038b489fe2468d509b842d298ea59096ca6", + "zh:233777182b25faf1658e8ce171b684460983bb41cff79fb243662f3f9dc5ca6c", + "zh:2fb5ca2fc8c37b1d1c54da646ed13bf40897941fe92eece784fba496f677b533", + "zh:4b25b5ce1f694ec265e65234fc85d6bdf3810297ffeaced54ad46a1ba28142de", + "zh:5509d1e4fb7b45c63124ec66fd1f9d6757daa8bf1f7bdd724d5adb2965b61436", "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", - "zh:bb2899cada1cb964d75a9a4a7b915ac1ea03131769933e04b20ed0793f8eb02b", - "zh:d142810d6f04973abf8471a2cc2fb09537f79010a0f20bd62866068a42fa5ab7", - "zh:e2a39b685acd7b6846c8da3a94a355964ad2b411dc68c058a31dd2ce56aadd4a", - "zh:effe9dea248ae4fb540ca5c84e2e369b467e229dc1518c606d3aa714049daa74", - "zh:fbc4b2d7f7055a1b35c573e93bf89c6cad5f47f5dc30c0e2c61d5abfcf083cca", + "zh:a23ba946c629ec912b2fcbf606a2eb8853626ec0e0bee749f2d39146a872c082", + "zh:a3d3024485426237d7b4a4350b12dda4d29d88f3942246a9370be35ec2a51e9e", + "zh:a6ef65544ab8fc26d468b38636407a3d2d902e35c51b648729bf97c31d1937f9", + "zh:afbe9480a0da0ad8dc514b277f1e4be36b8931f045021d05c21665ef1ac0b7c8", + "zh:b2e96e69fa9ff7e179dccdef5b785cd020eb46bb2b3d1d507d009d71be6b0c26", + "zh:ceefaede9e8a3104463523ba267e3e985b27a706f7628a9ddd37330c2ca59d4d", + "zh:ea77786bd6809ff4f8043b84a0212fec4de18b7d51bc420417ba10999ca99887", + "zh:f7d8160c3669c8ab76a2da14ea740d91a08ca23d1fb657669e52a840b2b113d9", ] } diff --git a/tf/deployment/modules/shared/1password/account/.terraform.lock.hcl b/tf/deployment/modules/shared/1password/account/.terraform.lock.hcl index 54db2769c..32f9c921d 100644 --- a/tf/deployment/modules/shared/1password/account/.terraform.lock.hcl +++ b/tf/deployment/modules/shared/1password/account/.terraform.lock.hcl @@ -2,59 +2,58 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/1password/onepassword" { - version = "2.1.0" + version = "2.2.1" constraints = "~> 2.0" hashes = [ - "h1:B3G7M02HxGCgT4S1+d4ITPR0vj7ZXDzGx+vqkKtk81c=", - "zh:0d6f803760aa7cae0e841cfca17ef04411231170b2844cc0b30556d5476d9dff", - "zh:17badbffb56309f28aee1893a6b93d1cd87ed5157704fb17b93889f0ccf8cc2d", - "zh:185e0c7c66cc159769d7b91c37ab51a546efc13fb99eb206481739a521f75236", - "zh:19e213f8265445a29d8bb7c7b1f0d4e3c1fdfd538178704f8e8378db2dcdf359", - "zh:49929666304f97301f44ee0fdd39f40f63e35ccfb4c81588439bdab6d5bafde0", - "zh:4de33f5630350d6a561d5d62994d525beb8849c94287c2658f39242fe3170cf8", - "zh:4f212a8fbbbaa7a47f1b31857be3bad2d590f92be845c6b252c9716bb70076d9", - "zh:596cc2bd9aaafd2e649aabcff0125afa9d4270f702813c935fbd5694eed002e7", - "zh:618e703a43608c502066c5b909ead45b1f4202f7cebc993f447278477d32cda2", - "zh:61fde3651bcb2e691ee9d82ce1de03588d006f53b2e8e2516910321da8627228", + "h1:CosIqZ6jkgylvF23rLyNixIecZAAhFyb61sLl6GrEsc=", + "zh:025709a6b5f1b3685d277f2c48f7cb8b53d14b3699c1123d7e9a2135c099c533", + "zh:037fc89d150063a8aacdcab08ba26038b489fe2468d509b842d298ea59096ca6", + "zh:233777182b25faf1658e8ce171b684460983bb41cff79fb243662f3f9dc5ca6c", + "zh:2fb5ca2fc8c37b1d1c54da646ed13bf40897941fe92eece784fba496f677b533", + "zh:4b25b5ce1f694ec265e65234fc85d6bdf3810297ffeaced54ad46a1ba28142de", + "zh:5509d1e4fb7b45c63124ec66fd1f9d6757daa8bf1f7bdd724d5adb2965b61436", "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", - "zh:db05022113841a00174bba5e24cfc77195bbc03d24339c5e8ac4346069901e45", - "zh:dcc7792a24c74890081a96ba2bc360d90ab71a4d25232ca18046d9868c835e21", - "zh:f2e67a298d20bf52cb208611767b420962d3f0d518e89cf41cc432551b1faf63", - "zh:f7e587814506c7e74fc1d80b29465c8e4b7bdbf803f7f8c0a8bb498968cdd58d", + "zh:a23ba946c629ec912b2fcbf606a2eb8853626ec0e0bee749f2d39146a872c082", + "zh:a3d3024485426237d7b4a4350b12dda4d29d88f3942246a9370be35ec2a51e9e", + "zh:a6ef65544ab8fc26d468b38636407a3d2d902e35c51b648729bf97c31d1937f9", + "zh:afbe9480a0da0ad8dc514b277f1e4be36b8931f045021d05c21665ef1ac0b7c8", + "zh:b2e96e69fa9ff7e179dccdef5b785cd020eb46bb2b3d1d507d009d71be6b0c26", + "zh:ceefaede9e8a3104463523ba267e3e985b27a706f7628a9ddd37330c2ca59d4d", + "zh:ea77786bd6809ff4f8043b84a0212fec4de18b7d51bc420417ba10999ca99887", + "zh:f7d8160c3669c8ab76a2da14ea740d91a08ca23d1fb657669e52a840b2b113d9", ] } provider "registry.opentofu.org/hashicorp/local" { - version = "2.5.2" + version = "2.7.0" hashes = [ - "h1:6lS+5A/4WFAqY3/RHWFRBSiFVLPRjvLaUgxPQvjXLHU=", - "zh:25b95b76ceaa62b5c95f6de2fa6e6242edbf51e7fc6c057b7f7101aa4081f64f", - "zh:3c974fdf6b42ca6f93309cf50951f345bfc5726ec6013b8832bcd3be0eb3429e", - "zh:5de843bf6d903f5cca97ce1061e2e06b6441985c68d013eabd738a9e4b828278", - "zh:86beead37c7b4f149a54d2ae633c99ff92159c748acea93ff0f3603d6b4c9f4f", - "zh:8e52e81d3dc50c3f79305d257da7fde7af634fed65e6ab5b8e214166784a720e", - "zh:9882f444c087c69559873b2d72eec406a40ede21acb5ac334d6563bf3a2387df", - "zh:a4484193d110da4a06c7bffc44cc6b61d3b5e881cd51df2a83fdda1a36ea25d2", - "zh:a53342426d173e29d8ee3106cb68abecdf4be301a3f6589e4e8d42015befa7da", - "zh:d25ef2aef6a9004363fc6db80305d30673fc1f7dd0b980d41d863b12dacd382a", - "zh:fa2d522fb323e2121f65b79709fd596514b293d816a1d969af8f72d108888e4c", + "h1:ztAhzyJDidK0Lo0MXxbjlI/0Zkgw4oQvlfZ0ggHi8p4=", + "zh:39e037a963356e583d90d509d82f6dc19914ef5c66970fb166db414f035468f4", + "zh:5292e51488d40d6c2b365daa9a406144c3fa3f769f1c03065adb4757d41c6ea0", + "zh:62db48adf8676e8c67f923352a4acb8e52470220ecaa0c9e21a660f359fd5446", + "zh:6d5f4555371edde0975b5c2ce5fb048be737ea5dc9aab75c8f9fe37f37bf7850", + "zh:790ab029516ee126a2b5a122ab0638c09585c71c109b91cefc794a4ecc2ba32e", + "zh:7b7410b923c17a3495e416b940dbef7ee6e2e82298ea2f5b7f9a0e4c2cad4b69", + "zh:8baa1caf36ba2b0b63e91cd00750e643d21f13535dce04ae824a1211537c6867", + "zh:aebc221a0da83e970c737c71e76701df731c6f8d70e56ead85bc1f83996f852d", + "zh:b3c3ee356591800b11d45fb0bb7d39c8eb3a2141c56dd87808b1fcdc9380816c", ] } provider "registry.opentofu.org/hashicorp/null" { - version = "3.2.3" + version = "3.2.4" hashes = [ - "h1:LF8arSzHfhbyQSFtTMTYEqCM34klzrbAQBJMHYCs9d8=", - "zh:1d57d25084effd3fdfd902eca00020b34b1fb020253b84d7dd471301606015ac", - "zh:65b7f9799b88464d9c2ec529713b7f52ea744275b61a8dc86cdedab1b2dcb933", - "zh:80d3e9c95b7b4ae7c54005cd127cae82e5c53d2b7023ef24c147337bac9dadd9", - "zh:841b60c07683e4bf456799ccd718896fdafdcc2c49252ae09967f2e74d8c8a03", - "zh:8fa1c592a9c78222e35713c6edb3f1f818a4c6f3524a30a209f0a7e919827b68", - "zh:bb795cc1429e09466840c09d39a28edf1db5070b1ec76822fc1173906a264572", - "zh:da1784818a89bea29dfe660632f0060a7a843e4e564d74435fbeca002b0f7d2a", - "zh:f409bf21b1cdaa6dac47cd79806f3d93f67e9507fe4dbf33b0165335f53bc2e1", - "zh:fbea7a1ff84b430ba9594698e93196d81d03e4036de3d1cafccb2a96d5b38581", - "zh:fbf0c84663a7e85881388d7d71ac862184f05fbf2d17ecf76bc5d3d7503ea260", + "h1:jsKjBiLb+v3OIC3xuDiY4sR0r1OHUMSWPYKult9MhT0=", + "zh:1769783386610bed8bb1e861a119fe25058be41895e3996d9216dd6bb8a7aee3", + "zh:32c62a9387ad0b861b5262b41c5e9ed6e940eda729c2a0e58100e6629af27ddb", + "zh:339bf8c2f9733fce068eb6d5612701144c752425cebeafab36563a16be460fb2", + "zh:36731f23343aee12a7e078067a98644c0126714c4fe9ac930eecb0f2361788c4", + "zh:3d106c7e32a929e2843f732625a582e562ff09120021e510a51a6f5d01175b8d", + "zh:74bcb3567708171ad83b234b92c9d63ab441ef882b770b0210c2b14fdbe3b1b6", + "zh:90b55bdbffa35df9204282251059e62c178b0ac7035958b93a647839643c0072", + "zh:ae24c0e5adc692b8f94cb23a000f91a316070fdc19418578dcf2134ff57cf447", + "zh:b5c10d4ad860c4c21273203d1de6d2f0286845edf1c64319fa2362df526b5f58", + "zh:e05bbd88e82e1d6234988c85db62fd66f11502645838fff594a2ec25352ecd80", ] } diff --git a/tf/deployment/modules/shared/cloudflare/account/.terraform.lock.hcl b/tf/deployment/modules/shared/cloudflare/account/.terraform.lock.hcl index c25eea14e..78f151417 100644 --- a/tf/deployment/modules/shared/cloudflare/account/.terraform.lock.hcl +++ b/tf/deployment/modules/shared/cloudflare/account/.terraform.lock.hcl @@ -2,31 +2,31 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/1password/onepassword" { - version = "2.1.2" - constraints = "~> 2.0" + version = "2.2.1" + constraints = "~> 2.0, ~> 2.1" hashes = [ - "h1:GodYqoGG/PLyQr/Zm3EAw/lU4ixmDkWGPSJnAGT95nA=", - "zh:03d20138bf7bc645707b2c0c00203f66c07902d03c72be3f5f7bc365155bdc35", - "zh:0bf54b246f141a7d0cb75c7c2c086d372c810efc061bf5a7ae0b62b70d9558f4", - "zh:0ee19a8d1c193eaacc9679fb5ccf1d2be5d0c5e4173c3f3d82c09c717d3f354e", - "zh:152c35cdd1bb98683c0a24e48b286eab0473735da242aa27b39df81bc6f84b63", - "zh:293d264bccae325cdadcc9125b1d9fe9947a06cab05abb27c301d6244ef24cfd", - "zh:37ade0a6cc2c8c2a15535f83281caf54f6fcbc9c75f0588407f1dd8da04a9a95", - "zh:3c28c2352cd12464543e95b7d0b827abfe42794e9779f4e049789d864f88f3af", - "zh:4676825834b3132234250046ad888b881ad54f6369b5f0302c6b3250ad4983b1", - "zh:7da0327fe81c50bb71b510b342a5e2b90a3129f0e30dc479947b50e1dba9fa0d", + "h1:CosIqZ6jkgylvF23rLyNixIecZAAhFyb61sLl6GrEsc=", + "zh:025709a6b5f1b3685d277f2c48f7cb8b53d14b3699c1123d7e9a2135c099c533", + "zh:037fc89d150063a8aacdcab08ba26038b489fe2468d509b842d298ea59096ca6", + "zh:233777182b25faf1658e8ce171b684460983bb41cff79fb243662f3f9dc5ca6c", + "zh:2fb5ca2fc8c37b1d1c54da646ed13bf40897941fe92eece784fba496f677b533", + "zh:4b25b5ce1f694ec265e65234fc85d6bdf3810297ffeaced54ad46a1ba28142de", + "zh:5509d1e4fb7b45c63124ec66fd1f9d6757daa8bf1f7bdd724d5adb2965b61436", "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", - "zh:bb2899cada1cb964d75a9a4a7b915ac1ea03131769933e04b20ed0793f8eb02b", - "zh:d142810d6f04973abf8471a2cc2fb09537f79010a0f20bd62866068a42fa5ab7", - "zh:e2a39b685acd7b6846c8da3a94a355964ad2b411dc68c058a31dd2ce56aadd4a", - "zh:effe9dea248ae4fb540ca5c84e2e369b467e229dc1518c606d3aa714049daa74", - "zh:fbc4b2d7f7055a1b35c573e93bf89c6cad5f47f5dc30c0e2c61d5abfcf083cca", + "zh:a23ba946c629ec912b2fcbf606a2eb8853626ec0e0bee749f2d39146a872c082", + "zh:a3d3024485426237d7b4a4350b12dda4d29d88f3942246a9370be35ec2a51e9e", + "zh:a6ef65544ab8fc26d468b38636407a3d2d902e35c51b648729bf97c31d1937f9", + "zh:afbe9480a0da0ad8dc514b277f1e4be36b8931f045021d05c21665ef1ac0b7c8", + "zh:b2e96e69fa9ff7e179dccdef5b785cd020eb46bb2b3d1d507d009d71be6b0c26", + "zh:ceefaede9e8a3104463523ba267e3e985b27a706f7628a9ddd37330c2ca59d4d", + "zh:ea77786bd6809ff4f8043b84a0212fec4de18b7d51bc420417ba10999ca99887", + "zh:f7d8160c3669c8ab76a2da14ea740d91a08ca23d1fb657669e52a840b2b113d9", ] } provider "registry.opentofu.org/cloudflare/cloudflare" { version = "4.52.5" - constraints = "4.52.5" + constraints = "~> 4.46, 4.52.5" hashes = [ "h1:+rfzF+16ZcWZWnTyW/p1HHTzYbPKX8Zt2nIFtR/+f+E=", "h1:18bXaaOSq8MWKuMxo/4y7EB7/i7G90y5QsKHZRmkoDo=", @@ -61,18 +61,17 @@ provider "registry.opentofu.org/cloudflare/cloudflare" { } provider "registry.opentofu.org/hashicorp/random" { - version = "3.6.3" + version = "3.8.1" hashes = [ - "h1:Ry0Lr0zaoicslZlcUR4rAySPpl/a7QupfMfuAxhW3fw=", - "zh:1bfd2e54b4eee8c761a40b6d99d45880b3a71abc18a9a7a5319204da9c8363b2", - "zh:21a15ac74adb8ba499aab989a4248321b51946e5431219b56fc827e565776714", - "zh:221acfac3f7a5bcd6cb49f79a1fca99da7679bde01017334bad1f951a12d85ba", - "zh:3026fcdc0c1258e32ab519df878579160b1050b141d6f7883b39438244e08954", - "zh:50d07a7066ea46873b289548000229556908c3be746059969ab0d694e053ee4c", - "zh:54280cdac041f2c2986a585f62e102bc59ef412cad5f4ebf7387c2b3a357f6c0", - "zh:632adf40f1f63b0c5707182853c10ae23124c00869ffff05f310aef2ed26fcf3", - "zh:b8c2876cce9a38501d14880a47e59a5182ee98732ad7e576e9a9ce686a46d8f5", - "zh:f27e6995e1e9fe3914a2654791fc8d67cdce44f17bf06e614ead7dfd2b13d3ae", - "zh:f423f2b7e5c814799ad7580b5c8ae23359d8d342264902f821c357ff2b3c6d3d", + "h1:EHn3jsqOKhWjbg0X+psk0Ww96yz3N7ASqEKKuFvDFwo=", + "zh:25c458c7c676f15705e872202dad7dcd0982e4a48e7ea1800afa5fc64e77f4c8", + "zh:2edeaf6f1b20435b2f81855ad98a2e70956d473be9e52a5fdf57ccd0098ba476", + "zh:44becb9d5f75d55e36dfed0c5beabaf4c92e0a2bc61a3814d698271c646d48e7", + "zh:7699032612c3b16cc69928add8973de47b10ce81b1141f30644a0e8a895b5cd3", + "zh:86d07aa98d17703de9fbf402c89590dc1e01dbe5671dd6bc5e487eb8fe87eee0", + "zh:8c411c77b8390a49a8a1bc9f176529e6b32369dd33a723606c8533e5ca4d68c1", + "zh:a5ecc8255a612652a56b28149994985e2c4dc046e5d34d416d47fa7767f5c28f", + "zh:aea3fe1a5669b932eda9c5c72e5f327db8da707fe514aaca0d0ef60cb24892f9", + "zh:f56e26e6977f755d7ae56fa6320af96ecf4bb09580d47cb481efbf27f1c5afff", ] } diff --git a/tf/deployment/modules/shared/github/org/.terraform.lock.hcl b/tf/deployment/modules/shared/github/org/.terraform.lock.hcl index 6e26f3dd5..f1e30915a 100644 --- a/tf/deployment/modules/shared/github/org/.terraform.lock.hcl +++ b/tf/deployment/modules/shared/github/org/.terraform.lock.hcl @@ -2,49 +2,47 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/1password/onepassword" { - version = "2.1.1" + version = "2.2.1" constraints = "~> 2.1" hashes = [ - "h1:/MbQZAxCGZZkIrBiZqJCLavrP4FKWzOE36gmBd/W9uQ=", - "h1:uAat7tvWRAQowjlHPnoxqykZxoTWWrGWAnEJnIThYmM=", - "zh:2ff1639be2548cafc75f5e28239d39963b10ca5f41ae262765e01de58eeac32e", - "zh:381c0dc0135ee2f48eeeeefb5330687afa79af2e693fc5c7c45fe6b0c80262e3", - "zh:3c886861916d493c700f0065d02eda72b54aa0d04d40d8e56bbbe2b0d4eeba89", - "zh:66d542256345ac1dcdf02b7cbe6894149b22572218b76bab9f80407ac3705abe", - "zh:68c5e510b1bdcc333367297fb1d6c787476dbd00bba7a63128f932782d8c4d04", - "zh:68e43644445616640b883bbd0c377d2823f6043891ddef70c7a44711b921806b", - "zh:6e10ca99623551301ea59e2a8a5e42a72a9202f070eb9204e3e813398710caeb", - "zh:746955d23ab379885dd7c8aef4797000240d9329b5253221e950289cdffaaa8d", - "zh:82c79db3b61f8401346b72f3d3ffe1c0ea5fd198d0619157421c782e1725cefd", - "zh:84b14eb915492a05c109e08dbc424dd5d291ab9cb5bb694d00b83eeb84754d99", + "h1:CosIqZ6jkgylvF23rLyNixIecZAAhFyb61sLl6GrEsc=", + "zh:025709a6b5f1b3685d277f2c48f7cb8b53d14b3699c1123d7e9a2135c099c533", + "zh:037fc89d150063a8aacdcab08ba26038b489fe2468d509b842d298ea59096ca6", + "zh:233777182b25faf1658e8ce171b684460983bb41cff79fb243662f3f9dc5ca6c", + "zh:2fb5ca2fc8c37b1d1c54da646ed13bf40897941fe92eece784fba496f677b533", + "zh:4b25b5ce1f694ec265e65234fc85d6bdf3810297ffeaced54ad46a1ba28142de", + "zh:5509d1e4fb7b45c63124ec66fd1f9d6757daa8bf1f7bdd724d5adb2965b61436", "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", - "zh:c5e3e5af3bd3f5650794763489b8bf31b16228651c8dd73272eb18a9f7583000", - "zh:db12ae2e7a5553cf00a1c0ccec6acb7cfff8ae25ac18909decc5e92e7e336a98", - "zh:e75fa9e1e97965008c7cdf2925cab1a7e05a7d15af87ad47166e5060c229b1c8", - "zh:eb0a1f4e0dafb2b37452958b22702f2234356d807587cf25f2379ee68e2a12d1", + "zh:a23ba946c629ec912b2fcbf606a2eb8853626ec0e0bee749f2d39146a872c082", + "zh:a3d3024485426237d7b4a4350b12dda4d29d88f3942246a9370be35ec2a51e9e", + "zh:a6ef65544ab8fc26d468b38636407a3d2d902e35c51b648729bf97c31d1937f9", + "zh:afbe9480a0da0ad8dc514b277f1e4be36b8931f045021d05c21665ef1ac0b7c8", + "zh:b2e96e69fa9ff7e179dccdef5b785cd020eb46bb2b3d1d507d009d71be6b0c26", + "zh:ceefaede9e8a3104463523ba267e3e985b27a706f7628a9ddd37330c2ca59d4d", + "zh:ea77786bd6809ff4f8043b84a0212fec4de18b7d51bc420417ba10999ca99887", + "zh:f7d8160c3669c8ab76a2da14ea740d91a08ca23d1fb657669e52a840b2b113d9", ] } provider "registry.opentofu.org/integrations/github" { - version = "6.2.3" + version = "6.11.1" constraints = "~> 6.0" hashes = [ - "h1:nHTegsQYYUJZbaTnU1aMJBgnZUbR2zsfCl7DsL/kZjQ=", - "h1:qBH3fN/NItflQkBoIVdQa7n8WvBOuu7Ao20oeoAubKM=", - "zh:05874671652a260b12d784cc46b0eea156f493a5f12e00368d1f6cb319156257", - "zh:0c7a3cae5a66e5c5efc3b25ba646a0d46bfe1fd3edba1f5a75f51aede85a9d1b", - "zh:174310010d08f13e36e53ff18e44a21dd040c89884ef190a192c6ce27926a912", - "zh:23d1d8731e518354ce6a83419f49101aece63882b0ca7c489f3c598cc6ea5d5e", - "zh:4e88953816daf11ab1681c32c7988d4e29476fc44f0959fe03173532cf5044de", - "zh:6fab07734ccf27f5afee4442abae2d33245eabf35519032ce1e2aad6961a640a", - "zh:7b2f324b918e161c892c29ee80d36c48ca8b891b8047e132fc701ca741e5ae72", - "zh:8ef4f0d691ade98082ef1f6b36e556468e5ab26e60021f0de0fb22e3acdfd990", - "zh:8f0f3e139faa8f2b9075bb9978dd683f4bab5ac91171bbb969addd04d7f0b90f", - "zh:97cb6d7fdf640237cc2f0ab830db8f878770968c59fd28298e9dddb8b9e6294d", - "zh:a17038d8747c6bb660e4c5981e8ffbbc33c66ba164868fd35d442e7f828a1e01", - "zh:aa9f4b7d947f7b11277b4e9ba7147f5594cf60a6589b7aac4344f73d1400d1c0", - "zh:c780b951e14d583ef6ffef9a934831b56ee157c50ed8e969c676a636810f7db1", - "zh:d8497bb2986fd76107b7208b33cc39281797164fdea09453e987b969a461befb", + "h1:Hqvebe3Zc19DxRCHHLIByBvxCm+WJqGyAyYCbJDuHGE=", + "zh:0a5262b033a30d8a77ebf844dc3afd7e726d5f53ac1c9d4072cf9157820d1f73", + "zh:437236181326f92d1a7c56985b2ac3223efd73f75c528323b90f4b7d1b781090", + "zh:49a12c14d1d3a143a124ba81f15fbf18714af90752c993698c76e84fa85da004", + "zh:61eaf17b559a26ca14deb597375a6678d054d739e8b81c586ef1d0391c307916", + "zh:7f3f1e2c36f4787ca9a5aeb5317b8c3f6cc652368d1f8f00fb80f404109d4db1", + "zh:85a232f2e96e5adafa2676f38a96b8cc074e96f715caf6ee1d169431174897d2", + "zh:979d005af2a9003d887413195948c899e9f5aba4a79cce1eed40f3ba50301af1", + "zh:b8c8cd3254504d2184d2b2233ad41b5fdfda91a36fc864926cbc5c7eee1bfea3", + "zh:d00959e62930fb75d2b97c1d66ab0143120541d5a1b3f26d3551f24cb0361f83", + "zh:d0b544eed171c7563387fe87f0af3d238bb3804798159b4d0453c97927237daf", + "zh:ecfa19b1219aa55b1ece98d8cff5b1494dc0387329c8ae0d8f762ec3871fb75d", + "zh:f2c99825f38c92ac599ad36b9d093ea0c0d790fd0c02e861789e14735a605f86", + "zh:f33b5abe14ad5fb9978da5dbd3bc6989f69766150d4b30ed283a2c281871eda3", + "zh:f6c2fe9dd958c554170dc0c35ca41b60fcc6253304cde0b9941c5c872b18ac54", "zh:fbd1fee2c9df3aa19cf8851ce134dea6e45ea01cb85695c1726670c285797e25", ] } diff --git a/tf/deployment/modules/shared/github/org/users.tf b/tf/deployment/modules/shared/github/org/users.tf index 0d23a34d5..e8b9e6089 100644 --- a/tf/deployment/modules/shared/github/org/users.tf +++ b/tf/deployment/modules/shared/github/org/users.tf @@ -8,10 +8,10 @@ locals { collaborators = { for user in local.github_users : user.github.username => ( - (user.role == "contributor" || user.role == "futo") ? "maintain" : - (user.role == "support" ? "triage" : null) + length(setintersection(toset(user.roles), toset(["contributor", "futo"]))) > 0 ? "maintain" : + (contains(user.roles, "support") ? "triage" : null) ) - if user.role == "contributor" || user.role == "support" || user.role == "futo" + if length(setintersection(toset(user.roles), toset(["contributor", "support", "futo"]))) > 0 } bots = { @@ -41,11 +41,11 @@ resource "github_team_members" "team" { dynamic "members" { for_each = { for user in local.github_users : user.github.username => user - if user.role == "team" + if contains(user.roles, "team") } content { username = members.value.github.username - role = members.value.role == "admin" ? "maintainer" : "member" + role = contains(members.value.roles, "admin") ? "maintainer" : "member" } } } @@ -55,11 +55,11 @@ resource "github_team_members" "leadership" { dynamic "members" { for_each = { for user in local.github_users : user.github.username => user - if user.role == "admin" + if contains(user.roles, "admin") } content { username = members.value.github.username - role = members.value.role == "admin" ? "maintainer" : "member" + role = contains(members.value.roles, "admin") ? "maintainer" : "member" } } } @@ -67,11 +67,11 @@ resource "github_team_members" "leadership" { resource "github_membership" "org_members" { for_each = { for user in local.github_users : user.github.username => user - if user.role == "team" || user.role == "yucca" || user.role == "admin" + if length(setintersection(toset(user.roles), toset(["team", "yucca", "admin"]))) > 0 } username = each.key - role = each.value.role == "admin" ? "admin" : "member" + role = contains(each.value.roles, "admin") ? "admin" : "member" } resource "github_repository_collaborators" "repo_collaborators" { diff --git a/tf/deployment/modules/shared/github/secrets/.terraform.lock.hcl b/tf/deployment/modules/shared/github/secrets/.terraform.lock.hcl index 412daada5..f1e30915a 100644 --- a/tf/deployment/modules/shared/github/secrets/.terraform.lock.hcl +++ b/tf/deployment/modules/shared/github/secrets/.terraform.lock.hcl @@ -2,47 +2,47 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/1password/onepassword" { - version = "2.1.1" + version = "2.2.1" constraints = "~> 2.1" hashes = [ - "h1:uAat7tvWRAQowjlHPnoxqykZxoTWWrGWAnEJnIThYmM=", - "zh:2ff1639be2548cafc75f5e28239d39963b10ca5f41ae262765e01de58eeac32e", - "zh:381c0dc0135ee2f48eeeeefb5330687afa79af2e693fc5c7c45fe6b0c80262e3", - "zh:3c886861916d493c700f0065d02eda72b54aa0d04d40d8e56bbbe2b0d4eeba89", - "zh:66d542256345ac1dcdf02b7cbe6894149b22572218b76bab9f80407ac3705abe", - "zh:68c5e510b1bdcc333367297fb1d6c787476dbd00bba7a63128f932782d8c4d04", - "zh:68e43644445616640b883bbd0c377d2823f6043891ddef70c7a44711b921806b", - "zh:6e10ca99623551301ea59e2a8a5e42a72a9202f070eb9204e3e813398710caeb", - "zh:746955d23ab379885dd7c8aef4797000240d9329b5253221e950289cdffaaa8d", - "zh:82c79db3b61f8401346b72f3d3ffe1c0ea5fd198d0619157421c782e1725cefd", - "zh:84b14eb915492a05c109e08dbc424dd5d291ab9cb5bb694d00b83eeb84754d99", + "h1:CosIqZ6jkgylvF23rLyNixIecZAAhFyb61sLl6GrEsc=", + "zh:025709a6b5f1b3685d277f2c48f7cb8b53d14b3699c1123d7e9a2135c099c533", + "zh:037fc89d150063a8aacdcab08ba26038b489fe2468d509b842d298ea59096ca6", + "zh:233777182b25faf1658e8ce171b684460983bb41cff79fb243662f3f9dc5ca6c", + "zh:2fb5ca2fc8c37b1d1c54da646ed13bf40897941fe92eece784fba496f677b533", + "zh:4b25b5ce1f694ec265e65234fc85d6bdf3810297ffeaced54ad46a1ba28142de", + "zh:5509d1e4fb7b45c63124ec66fd1f9d6757daa8bf1f7bdd724d5adb2965b61436", "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", - "zh:c5e3e5af3bd3f5650794763489b8bf31b16228651c8dd73272eb18a9f7583000", - "zh:db12ae2e7a5553cf00a1c0ccec6acb7cfff8ae25ac18909decc5e92e7e336a98", - "zh:e75fa9e1e97965008c7cdf2925cab1a7e05a7d15af87ad47166e5060c229b1c8", - "zh:eb0a1f4e0dafb2b37452958b22702f2234356d807587cf25f2379ee68e2a12d1", + "zh:a23ba946c629ec912b2fcbf606a2eb8853626ec0e0bee749f2d39146a872c082", + "zh:a3d3024485426237d7b4a4350b12dda4d29d88f3942246a9370be35ec2a51e9e", + "zh:a6ef65544ab8fc26d468b38636407a3d2d902e35c51b648729bf97c31d1937f9", + "zh:afbe9480a0da0ad8dc514b277f1e4be36b8931f045021d05c21665ef1ac0b7c8", + "zh:b2e96e69fa9ff7e179dccdef5b785cd020eb46bb2b3d1d507d009d71be6b0c26", + "zh:ceefaede9e8a3104463523ba267e3e985b27a706f7628a9ddd37330c2ca59d4d", + "zh:ea77786bd6809ff4f8043b84a0212fec4de18b7d51bc420417ba10999ca99887", + "zh:f7d8160c3669c8ab76a2da14ea740d91a08ca23d1fb657669e52a840b2b113d9", ] } provider "registry.opentofu.org/integrations/github" { - version = "6.2.3" + version = "6.11.1" constraints = "~> 6.0" hashes = [ - "h1:nHTegsQYYUJZbaTnU1aMJBgnZUbR2zsfCl7DsL/kZjQ=", - "zh:05874671652a260b12d784cc46b0eea156f493a5f12e00368d1f6cb319156257", - "zh:0c7a3cae5a66e5c5efc3b25ba646a0d46bfe1fd3edba1f5a75f51aede85a9d1b", - "zh:174310010d08f13e36e53ff18e44a21dd040c89884ef190a192c6ce27926a912", - "zh:23d1d8731e518354ce6a83419f49101aece63882b0ca7c489f3c598cc6ea5d5e", - "zh:4e88953816daf11ab1681c32c7988d4e29476fc44f0959fe03173532cf5044de", - "zh:6fab07734ccf27f5afee4442abae2d33245eabf35519032ce1e2aad6961a640a", - "zh:7b2f324b918e161c892c29ee80d36c48ca8b891b8047e132fc701ca741e5ae72", - "zh:8ef4f0d691ade98082ef1f6b36e556468e5ab26e60021f0de0fb22e3acdfd990", - "zh:8f0f3e139faa8f2b9075bb9978dd683f4bab5ac91171bbb969addd04d7f0b90f", - "zh:97cb6d7fdf640237cc2f0ab830db8f878770968c59fd28298e9dddb8b9e6294d", - "zh:a17038d8747c6bb660e4c5981e8ffbbc33c66ba164868fd35d442e7f828a1e01", - "zh:aa9f4b7d947f7b11277b4e9ba7147f5594cf60a6589b7aac4344f73d1400d1c0", - "zh:c780b951e14d583ef6ffef9a934831b56ee157c50ed8e969c676a636810f7db1", - "zh:d8497bb2986fd76107b7208b33cc39281797164fdea09453e987b969a461befb", + "h1:Hqvebe3Zc19DxRCHHLIByBvxCm+WJqGyAyYCbJDuHGE=", + "zh:0a5262b033a30d8a77ebf844dc3afd7e726d5f53ac1c9d4072cf9157820d1f73", + "zh:437236181326f92d1a7c56985b2ac3223efd73f75c528323b90f4b7d1b781090", + "zh:49a12c14d1d3a143a124ba81f15fbf18714af90752c993698c76e84fa85da004", + "zh:61eaf17b559a26ca14deb597375a6678d054d739e8b81c586ef1d0391c307916", + "zh:7f3f1e2c36f4787ca9a5aeb5317b8c3f6cc652368d1f8f00fb80f404109d4db1", + "zh:85a232f2e96e5adafa2676f38a96b8cc074e96f715caf6ee1d169431174897d2", + "zh:979d005af2a9003d887413195948c899e9f5aba4a79cce1eed40f3ba50301af1", + "zh:b8c8cd3254504d2184d2b2233ad41b5fdfda91a36fc864926cbc5c7eee1bfea3", + "zh:d00959e62930fb75d2b97c1d66ab0143120541d5a1b3f26d3551f24cb0361f83", + "zh:d0b544eed171c7563387fe87f0af3d238bb3804798159b4d0453c97927237daf", + "zh:ecfa19b1219aa55b1ece98d8cff5b1494dc0387329c8ae0d8f762ec3871fb75d", + "zh:f2c99825f38c92ac599ad36b9d093ea0c0d790fd0c02e861789e14735a605f86", + "zh:f33b5abe14ad5fb9978da5dbd3bc6989f69766150d4b30ed283a2c281871eda3", + "zh:f6c2fe9dd958c554170dc0c35ca41b60fcc6253304cde0b9941c5c872b18ac54", "zh:fbd1fee2c9df3aa19cf8851ce134dea6e45ea01cb85695c1726670c285797e25", ] } diff --git a/tf/deployment/modules/shared/github/webhooks/.terraform.lock.hcl b/tf/deployment/modules/shared/github/webhooks/.terraform.lock.hcl index 412daada5..f1e30915a 100644 --- a/tf/deployment/modules/shared/github/webhooks/.terraform.lock.hcl +++ b/tf/deployment/modules/shared/github/webhooks/.terraform.lock.hcl @@ -2,47 +2,47 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/1password/onepassword" { - version = "2.1.1" + version = "2.2.1" constraints = "~> 2.1" hashes = [ - "h1:uAat7tvWRAQowjlHPnoxqykZxoTWWrGWAnEJnIThYmM=", - "zh:2ff1639be2548cafc75f5e28239d39963b10ca5f41ae262765e01de58eeac32e", - "zh:381c0dc0135ee2f48eeeeefb5330687afa79af2e693fc5c7c45fe6b0c80262e3", - "zh:3c886861916d493c700f0065d02eda72b54aa0d04d40d8e56bbbe2b0d4eeba89", - "zh:66d542256345ac1dcdf02b7cbe6894149b22572218b76bab9f80407ac3705abe", - "zh:68c5e510b1bdcc333367297fb1d6c787476dbd00bba7a63128f932782d8c4d04", - "zh:68e43644445616640b883bbd0c377d2823f6043891ddef70c7a44711b921806b", - "zh:6e10ca99623551301ea59e2a8a5e42a72a9202f070eb9204e3e813398710caeb", - "zh:746955d23ab379885dd7c8aef4797000240d9329b5253221e950289cdffaaa8d", - "zh:82c79db3b61f8401346b72f3d3ffe1c0ea5fd198d0619157421c782e1725cefd", - "zh:84b14eb915492a05c109e08dbc424dd5d291ab9cb5bb694d00b83eeb84754d99", + "h1:CosIqZ6jkgylvF23rLyNixIecZAAhFyb61sLl6GrEsc=", + "zh:025709a6b5f1b3685d277f2c48f7cb8b53d14b3699c1123d7e9a2135c099c533", + "zh:037fc89d150063a8aacdcab08ba26038b489fe2468d509b842d298ea59096ca6", + "zh:233777182b25faf1658e8ce171b684460983bb41cff79fb243662f3f9dc5ca6c", + "zh:2fb5ca2fc8c37b1d1c54da646ed13bf40897941fe92eece784fba496f677b533", + "zh:4b25b5ce1f694ec265e65234fc85d6bdf3810297ffeaced54ad46a1ba28142de", + "zh:5509d1e4fb7b45c63124ec66fd1f9d6757daa8bf1f7bdd724d5adb2965b61436", "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", - "zh:c5e3e5af3bd3f5650794763489b8bf31b16228651c8dd73272eb18a9f7583000", - "zh:db12ae2e7a5553cf00a1c0ccec6acb7cfff8ae25ac18909decc5e92e7e336a98", - "zh:e75fa9e1e97965008c7cdf2925cab1a7e05a7d15af87ad47166e5060c229b1c8", - "zh:eb0a1f4e0dafb2b37452958b22702f2234356d807587cf25f2379ee68e2a12d1", + "zh:a23ba946c629ec912b2fcbf606a2eb8853626ec0e0bee749f2d39146a872c082", + "zh:a3d3024485426237d7b4a4350b12dda4d29d88f3942246a9370be35ec2a51e9e", + "zh:a6ef65544ab8fc26d468b38636407a3d2d902e35c51b648729bf97c31d1937f9", + "zh:afbe9480a0da0ad8dc514b277f1e4be36b8931f045021d05c21665ef1ac0b7c8", + "zh:b2e96e69fa9ff7e179dccdef5b785cd020eb46bb2b3d1d507d009d71be6b0c26", + "zh:ceefaede9e8a3104463523ba267e3e985b27a706f7628a9ddd37330c2ca59d4d", + "zh:ea77786bd6809ff4f8043b84a0212fec4de18b7d51bc420417ba10999ca99887", + "zh:f7d8160c3669c8ab76a2da14ea740d91a08ca23d1fb657669e52a840b2b113d9", ] } provider "registry.opentofu.org/integrations/github" { - version = "6.2.3" + version = "6.11.1" constraints = "~> 6.0" hashes = [ - "h1:nHTegsQYYUJZbaTnU1aMJBgnZUbR2zsfCl7DsL/kZjQ=", - "zh:05874671652a260b12d784cc46b0eea156f493a5f12e00368d1f6cb319156257", - "zh:0c7a3cae5a66e5c5efc3b25ba646a0d46bfe1fd3edba1f5a75f51aede85a9d1b", - "zh:174310010d08f13e36e53ff18e44a21dd040c89884ef190a192c6ce27926a912", - "zh:23d1d8731e518354ce6a83419f49101aece63882b0ca7c489f3c598cc6ea5d5e", - "zh:4e88953816daf11ab1681c32c7988d4e29476fc44f0959fe03173532cf5044de", - "zh:6fab07734ccf27f5afee4442abae2d33245eabf35519032ce1e2aad6961a640a", - "zh:7b2f324b918e161c892c29ee80d36c48ca8b891b8047e132fc701ca741e5ae72", - "zh:8ef4f0d691ade98082ef1f6b36e556468e5ab26e60021f0de0fb22e3acdfd990", - "zh:8f0f3e139faa8f2b9075bb9978dd683f4bab5ac91171bbb969addd04d7f0b90f", - "zh:97cb6d7fdf640237cc2f0ab830db8f878770968c59fd28298e9dddb8b9e6294d", - "zh:a17038d8747c6bb660e4c5981e8ffbbc33c66ba164868fd35d442e7f828a1e01", - "zh:aa9f4b7d947f7b11277b4e9ba7147f5594cf60a6589b7aac4344f73d1400d1c0", - "zh:c780b951e14d583ef6ffef9a934831b56ee157c50ed8e969c676a636810f7db1", - "zh:d8497bb2986fd76107b7208b33cc39281797164fdea09453e987b969a461befb", + "h1:Hqvebe3Zc19DxRCHHLIByBvxCm+WJqGyAyYCbJDuHGE=", + "zh:0a5262b033a30d8a77ebf844dc3afd7e726d5f53ac1c9d4072cf9157820d1f73", + "zh:437236181326f92d1a7c56985b2ac3223efd73f75c528323b90f4b7d1b781090", + "zh:49a12c14d1d3a143a124ba81f15fbf18714af90752c993698c76e84fa85da004", + "zh:61eaf17b559a26ca14deb597375a6678d054d739e8b81c586ef1d0391c307916", + "zh:7f3f1e2c36f4787ca9a5aeb5317b8c3f6cc652368d1f8f00fb80f404109d4db1", + "zh:85a232f2e96e5adafa2676f38a96b8cc074e96f715caf6ee1d169431174897d2", + "zh:979d005af2a9003d887413195948c899e9f5aba4a79cce1eed40f3ba50301af1", + "zh:b8c8cd3254504d2184d2b2233ad41b5fdfda91a36fc864926cbc5c7eee1bfea3", + "zh:d00959e62930fb75d2b97c1d66ab0143120541d5a1b3f26d3551f24cb0361f83", + "zh:d0b544eed171c7563387fe87f0af3d238bb3804798159b4d0453c97927237daf", + "zh:ecfa19b1219aa55b1ece98d8cff5b1494dc0387329c8ae0d8f762ec3871fb75d", + "zh:f2c99825f38c92ac599ad36b9d093ea0c0d790fd0c02e861789e14735a605f86", + "zh:f33b5abe14ad5fb9978da5dbd3bc6989f69766150d4b30ed283a2c281871eda3", + "zh:f6c2fe9dd958c554170dc0c35ca41b60fcc6253304cde0b9941c5c872b18ac54", "zh:fbd1fee2c9df3aa19cf8851ce134dea6e45ea01cb85695c1726670c285797e25", ] } diff --git a/tf/deployment/modules/shared/zitadel/.terraform.lock.hcl b/tf/deployment/modules/shared/zitadel/.terraform.lock.hcl index 42a32449c..b88a52858 100644 --- a/tf/deployment/modules/shared/zitadel/.terraform.lock.hcl +++ b/tf/deployment/modules/shared/zitadel/.terraform.lock.hcl @@ -2,42 +2,59 @@ # Manual edits may be lost in future updates. provider "registry.opentofu.org/1password/onepassword" { - version = "2.1.2" + version = "2.2.1" constraints = "~> 2.1" hashes = [ - "h1:GodYqoGG/PLyQr/Zm3EAw/lU4ixmDkWGPSJnAGT95nA=", - "zh:03d20138bf7bc645707b2c0c00203f66c07902d03c72be3f5f7bc365155bdc35", - "zh:0bf54b246f141a7d0cb75c7c2c086d372c810efc061bf5a7ae0b62b70d9558f4", - "zh:0ee19a8d1c193eaacc9679fb5ccf1d2be5d0c5e4173c3f3d82c09c717d3f354e", - "zh:152c35cdd1bb98683c0a24e48b286eab0473735da242aa27b39df81bc6f84b63", - "zh:293d264bccae325cdadcc9125b1d9fe9947a06cab05abb27c301d6244ef24cfd", - "zh:37ade0a6cc2c8c2a15535f83281caf54f6fcbc9c75f0588407f1dd8da04a9a95", - "zh:3c28c2352cd12464543e95b7d0b827abfe42794e9779f4e049789d864f88f3af", - "zh:4676825834b3132234250046ad888b881ad54f6369b5f0302c6b3250ad4983b1", - "zh:7da0327fe81c50bb71b510b342a5e2b90a3129f0e30dc479947b50e1dba9fa0d", + "h1:CosIqZ6jkgylvF23rLyNixIecZAAhFyb61sLl6GrEsc=", + "zh:025709a6b5f1b3685d277f2c48f7cb8b53d14b3699c1123d7e9a2135c099c533", + "zh:037fc89d150063a8aacdcab08ba26038b489fe2468d509b842d298ea59096ca6", + "zh:233777182b25faf1658e8ce171b684460983bb41cff79fb243662f3f9dc5ca6c", + "zh:2fb5ca2fc8c37b1d1c54da646ed13bf40897941fe92eece784fba496f677b533", + "zh:4b25b5ce1f694ec265e65234fc85d6bdf3810297ffeaced54ad46a1ba28142de", + "zh:5509d1e4fb7b45c63124ec66fd1f9d6757daa8bf1f7bdd724d5adb2965b61436", "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", - "zh:bb2899cada1cb964d75a9a4a7b915ac1ea03131769933e04b20ed0793f8eb02b", - "zh:d142810d6f04973abf8471a2cc2fb09537f79010a0f20bd62866068a42fa5ab7", - "zh:e2a39b685acd7b6846c8da3a94a355964ad2b411dc68c058a31dd2ce56aadd4a", - "zh:effe9dea248ae4fb540ca5c84e2e369b467e229dc1518c606d3aa714049daa74", - "zh:fbc4b2d7f7055a1b35c573e93bf89c6cad5f47f5dc30c0e2c61d5abfcf083cca", + "zh:a23ba946c629ec912b2fcbf606a2eb8853626ec0e0bee749f2d39146a872c082", + "zh:a3d3024485426237d7b4a4350b12dda4d29d88f3942246a9370be35ec2a51e9e", + "zh:a6ef65544ab8fc26d468b38636407a3d2d902e35c51b648729bf97c31d1937f9", + "zh:afbe9480a0da0ad8dc514b277f1e4be36b8931f045021d05c21665ef1ac0b7c8", + "zh:b2e96e69fa9ff7e179dccdef5b785cd020eb46bb2b3d1d507d009d71be6b0c26", + "zh:ceefaede9e8a3104463523ba267e3e985b27a706f7628a9ddd37330c2ca59d4d", + "zh:ea77786bd6809ff4f8043b84a0212fec4de18b7d51bc420417ba10999ca99887", + "zh:f7d8160c3669c8ab76a2da14ea740d91a08ca23d1fb657669e52a840b2b113d9", + ] +} + +provider "registry.opentofu.org/hashicorp/http" { + version = "3.5.0" + constraints = "~> 3.5" + hashes = [ + "h1:yvwvVZ0vdbsTUMru+7Cr0On1FVgDJHAaC6TNvy/OWzM=", + "zh:0a2b33494eec6a91a183629cf217e073be063624c5d3f70870456ddb478308e9", + "zh:180f40124fa01b98b3d2f79128646b151818e09d6a1a9ca08e0b032a0b1e9cb1", + "zh:3e29e1de149dc10bf78620526c7cb8c62cd76087f5630dfaba0e93cda1f3aa7b", + "zh:4420950200cf86042ec940d0e2c9b7c89966bf556bf8038ba36217eae663bca5", + "zh:5d1f7d02109b2e2dca7ec626e5563ee765583792d0fd64081286f16f9433bd0d", + "zh:8500b138d338b1994c4206aa577b5c44e1d7260825babcf43245a7075bfa52a5", + "zh:b42165a6c4cfb22825938272d12b676e4a6946ac4e750f85df870c947685df2d", + "zh:b919bf3ee8e3b01051a0da3433b443a925e272893d3724ee8fc0f666ec7012c9", + "zh:d13b81ea6755cae785b3e11634936cdff2dc1ec009dc9610d8e3c7eb32f42e69", + "zh:f1c9d2eb1a6b618ae77ad86649679241bd8d6aacec06d0a68d86f748687f4eb3", ] } provider "registry.opentofu.org/hashicorp/random" { - version = "3.7.2" + version = "3.8.1" hashes = [ - "h1:yHMBbZOIHlXUuBQ8Mhioe0hwmhermuboq2eNNoCJaf8=", - "zh:2ffeb1058bd7b21a9e15a5301abb863053a2d42dffa3f6cf654a1667e10f4727", - "zh:519319ed8f4312ed76519652ad6cd9f98bc75cf4ec7990a5684c072cf5dd0a5d", - "zh:7371c2cc28c94deb9dba62fbac2685f7dde47f93019273a758dd5a2794f72919", - "zh:9b0ac4c1d8e36a86b59ced94fa517ae9b015b1d044b3455465cc6f0eab70915d", - "zh:c6336d7196f1318e1cbb120b3de8426ce43d4cacd2c75f45dba2dbdba666ce00", - "zh:c71f18b0cb5d55a103ea81e346fb56db15b144459123f1be1b0209cffc1deb4e", - "zh:d2dc49a6cac2d156e91b0506d6d756809e36bf390844a187f305094336d3e8d8", - "zh:d5b5fc881ccc41b268f952dae303501d6ec9f9d24ee11fe2fa56eed7478e15d0", - "zh:db9723eaca26d58c930e13fde221d93501529a5cd036b1f167ef8cff6f1a03cc", - "zh:fe3359f733f3ab518c6f85f3a9cd89322a7143463263f30321de0973a52d4ad8", + "h1:EHn3jsqOKhWjbg0X+psk0Ww96yz3N7ASqEKKuFvDFwo=", + "zh:25c458c7c676f15705e872202dad7dcd0982e4a48e7ea1800afa5fc64e77f4c8", + "zh:2edeaf6f1b20435b2f81855ad98a2e70956d473be9e52a5fdf57ccd0098ba476", + "zh:44becb9d5f75d55e36dfed0c5beabaf4c92e0a2bc61a3814d698271c646d48e7", + "zh:7699032612c3b16cc69928add8973de47b10ce81b1141f30644a0e8a895b5cd3", + "zh:86d07aa98d17703de9fbf402c89590dc1e01dbe5671dd6bc5e487eb8fe87eee0", + "zh:8c411c77b8390a49a8a1bc9f176529e6b32369dd33a723606c8533e5ca4d68c1", + "zh:a5ecc8255a612652a56b28149994985e2c4dc046e5d34d416d47fa7767f5c28f", + "zh:aea3fe1a5669b932eda9c5c72e5f327db8da707fe514aaca0d0ef60cb24892f9", + "zh:f56e26e6977f755d7ae56fa6320af96ecf4bb09580d47cb481efbf27f1c5afff", ] } diff --git a/tf/deployment/modules/shared/zitadel/actions.tf b/tf/deployment/modules/shared/zitadel/actions.tf index 7d6f97c7c..e4de2547d 100644 --- a/tf/deployment/modules/shared/zitadel/actions.tf +++ b/tf/deployment/modules/shared/zitadel/actions.tf @@ -112,3 +112,29 @@ resource "zitadel_trigger_actions" "map_roles" { trigger_type = "TRIGGER_TYPE_PRE_USERINFO_CREATION" flow_type = "FLOW_TYPE_CUSTOMISE_TOKEN" } + +resource "zitadel_action" "saml_map_roles" { + org_id = zitadel_org.immich.id + name = "samlMapRoles" + script = <<-EOT + function samlMapRoles(ctx, api) { + if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { + return; + } + let roles = []; + ctx.v1.user.grants.grants.forEach(grant => { + roles.push(grant.roles) + }) + api.v1.attributes.setCustomAttribute('Roles', '', ...roles) + } + EOT + allowed_to_fail = false + timeout = "10s" +} + +resource "zitadel_trigger_actions" "saml_map_roles" { + org_id = zitadel_org.immich.id + action_ids = [zitadel_action.saml_map_roles.id] + trigger_type = "TRIGGER_TYPE_PRE_SAML_RESPONSE_CREATION" + flow_type = "FLOW_TYPE_SAML_RESPONSE" +} diff --git a/tf/deployment/modules/shared/zitadel/config.tf b/tf/deployment/modules/shared/zitadel/config.tf index 128f7c5a4..696d1f2b9 100644 --- a/tf/deployment/modules/shared/zitadel/config.tf +++ b/tf/deployment/modules/shared/zitadel/config.tf @@ -13,6 +13,10 @@ terraform { source = "1Password/onepassword" version = "~> 2.1" } + http = { + source = "hashicorp/http" + version = "~> 3.5" + } } } diff --git a/tf/deployment/modules/shared/zitadel/defaults.tf b/tf/deployment/modules/shared/zitadel/defaults.tf index da9b55007..22964be1a 100644 --- a/tf/deployment/modules/shared/zitadel/defaults.tf +++ b/tf/deployment/modules/shared/zitadel/defaults.tf @@ -41,7 +41,7 @@ resource "zitadel_project" "zitadel" { resource "zitadel_instance_member" "superusers" { for_each = { for user in local.users_data : user.github.id => user - if user.github.username != null && user.github.username != "" && user.role == "admin" + if user.github.username != null && user.github.username != "" && contains(user.roles, "admin") } user_id = zitadel_human_user.users[each.key].id roles = ["IAM_OWNER"] @@ -57,7 +57,7 @@ resource "zitadel_project_role" "zitadel_admin" { resource "zitadel_user_grant" "superusers" { for_each = { for user in local.users_data : user.github.id => user - if user.github.username != null && user.github.username != "" && user.role == "admin" + if user.github.username != null && user.github.username != "" && contains(user.roles, "admin") } org_id = zitadel_project.zitadel.org_id project_id = zitadel_project.zitadel.id diff --git a/tf/deployment/modules/shared/zitadel/permissions.tf b/tf/deployment/modules/shared/zitadel/permissions.tf index aed6ce5c1..6ec0c713e 100644 --- a/tf/deployment/modules/shared/zitadel/permissions.tf +++ b/tf/deployment/modules/shared/zitadel/permissions.tf @@ -1,22 +1,23 @@ locals { project_to_displaynames = flatten([ for project in local.projects : [ - for role in keys(project.roles) : { + for role in project.roles : { project_name = project.name - role_key = role + role_key = role.key } ] ]) - project_to_zitadel_role_to_immich_role = flatten([ + # For each user+project, grant only the highest-priority role (first match in the ordered list) + project_user_grants = flatten([ for project in local.projects : [ - for zitadel_role, immich_roles in project.roles : [ - [for user in local.users_data : { - project_name = project.name - role_key = zitadel_role - github_user_id = user.github.id - } if contains(immich_roles, user.role) && user.github.username != null && user.github.username != ""] - ] + for user in local.users_data : { + project_name = project.name + role_key = [for role in project.roles : role.key if length(setintersection(toset(role.grants_to), toset(user.roles))) > 0][0] + github_user_id = user.github.id + } + if length([for role in project.roles : role.key if length(setintersection(toset(role.grants_to), toset(user.roles))) > 0]) > 0 + && user.github.username != null && user.github.username != "" ] ]) } @@ -35,7 +36,7 @@ resource "zitadel_project_role" "project_roles" { resource "zitadel_user_grant" "project_grants" { for_each = { - for user_role in local.project_to_zitadel_role_to_immich_role : "${user_role.project_name}_${user_role.role_key}_${user_role.github_user_id}" => user_role + for grant in local.project_user_grants : "${grant.project_name}_${grant.github_user_id}" => grant } depends_on = [zitadel_project_role.project_roles] diff --git a/tf/deployment/modules/shared/zitadel/project.tf b/tf/deployment/modules/shared/zitadel/project.tf index d6971e2a1..ccb0a055d 100644 --- a/tf/deployment/modules/shared/zitadel/project.tf +++ b/tf/deployment/modules/shared/zitadel/project.tf @@ -4,47 +4,68 @@ locals { appType = "WEB" redirectUris = [] grantTypes = ["AUTHORIZATION_CODE"] + protocol = "oidc" + metadataUrl = "" } projects_data = [ { name = "Grafana Monitoring Prod" - roles = { "GrafanaAdmin" : ["admin"], "Editor" : ["team"] } + roles = [{ key = "GrafanaAdmin", grants_to = ["admin"] }, { key = "Editor", grants_to = ["team"] }] redirectUris = ["https://monitoring.immich.cloud/login/generic_oauth"] }, { name = "Grafana Monitoring Dev" - roles = { "GrafanaAdmin" : ["admin"], "Editor" : ["team"] } + roles = [{ key = "GrafanaAdmin", grants_to = ["admin"] }, { key = "Editor", grants_to = ["team"] }] redirectUris = ["https://monitoring.dev.immich.cloud/login/generic_oauth"] }, { name = "Grafana Data Prod" - roles = { "GrafanaAdmin" : ["admin"], "Editor" : ["team"] } + roles = [{ key = "GrafanaAdmin", grants_to = ["admin"] }, { key = "Editor", grants_to = ["team"] }] redirectUris = ["https://grafana.data.immich.cloud/login/generic_oauth"] }, { - name = "Outline" - roles = { "Leadership" : ["admin"], "Team" : ["team"], "Contributor" : ["contributor"], "Support Crew" : ["support"] } + name = "Outline" + roles = [ + { key = "Leadership", grants_to = ["admin"] }, + { key = "Team", grants_to = ["team"] }, + { key = "Contributor", grants_to = ["contributor"] }, + { key = "Support Crew", grants_to = ["support"] } + ] authMethod = "BASIC" redirectUris = ["https://outline.immich.cloud/auth/oidc.callback"] }, { name = "ContainerSSH" - roles = { - "Granted" : ["admin", "team", "contributor"] - } + roles = [ + { key = "Granted", grants_to = ["admin", "team", "contributor"] } + ] appType = "NATIVE" grantTypes = ["DEVICE_CODE"] }, { name = "OAuth2 Proxy" - roles = { "Granted" : ["admin", "team"] } + roles = [{ key = "Granted", grants_to = ["admin", "team"] }] redirectUris = ["https://oauth2-proxy.internal.immich.cloud/oauth2/callback"] + }, + { + name = "OVHCloud" + protocol = "saml" + roles = [{ key = "ADMIN", grants_to = ["admin", "yucca"] }, { key = "DEFAULT", grants_to = ["team"] }] + metadataUrl = "https://auth.eu.ovhcloud.com/sso/saml/sp/metadata.xml" } ] projects = [ for project in local.projects_data : merge(local.project_defaults, project) ] + + oidc_projects = [ + for project in local.projects : project if project.protocol == "oidc" + ] + + saml_projects = [ + for project in local.projects : project if project.protocol == "saml" + ] } resource "zitadel_project" "projects" { @@ -57,7 +78,7 @@ resource "zitadel_project" "projects" { } resource "zitadel_application_oidc" "applications" { - for_each = { for project in local.projects : project.name => project } + for_each = { for project in local.oidc_projects : project.name => project } name = upper(replace(each.value.name, "/[^a-zA-Z0-9]/", "_")) org_id = zitadel_org.immich.id project_id = zitadel_project.projects[each.key].id @@ -91,3 +112,16 @@ resource "onepassword_item" "application_client_secret" { password = each.value.client_secret } + +data "http" "saml_sp_metadata" { + for_each = { for project in local.saml_projects : project.name => project } + url = each.value.metadataUrl +} + +resource "zitadel_application_saml" "applications" { + for_each = { for project in local.saml_projects : project.name => project } + name = upper(replace(each.value.name, "/[^a-zA-Z0-9]/", "_")) + org_id = zitadel_org.immich.id + project_id = zitadel_project.projects[each.key].id + metadata_xml = data.http.saml_sp_metadata[each.key].response_body +} diff --git a/tf/deployment/modules/shared/zitadel/users.tf b/tf/deployment/modules/shared/zitadel/users.tf index 6f67784d4..c451b5a0a 100644 --- a/tf/deployment/modules/shared/zitadel/users.tf +++ b/tf/deployment/modules/shared/zitadel/users.tf @@ -44,5 +44,5 @@ resource "zitadel_user_metadata" "role" { org_id = zitadel_org.immich.id user_id = zitadel_human_user.users[each.key].id key = "role" - value = each.value.role + value = jsonencode(each.value.roles) }