fix

ThomasCardin · Nov 21, 2024 · 39e067b · 39e067b
1 parent 57b3ccd
commit 39e067b
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 32 deletions.
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -9,7 +9,6 @@ module "cname-records" {
 module "zero-trust-app" {
   source             = "./modules/zero_trust_application"
   cloudflare_zone_id = var.cloudflare_zone_id
-  cloudflare_token   = var.cloudflare_token
 
   names = ["ollama", "argocd", "ceph", "grafana"]
 }
diff --git a/terraform/modules/zero_trust_application/main.tf b/terraform/modules/zero_trust_application/main.tf
@@ -1,26 +1,22 @@
-resource "cloudflare_access_policy" "github-app-policy" {
-  account_id = var.cloudflare_token
-  name       = "github-auth"
-  decision   = "allow"
-
-  include {
-    group = ["dc009146-1f84-4d2c-bbd4-670ee9d65d5d"]
-  }
-}
-
 resource "cloudflare_zero_trust_access_application" "app" {
-  depends_on = [cloudflare_access_policy.github-app-policy]
-  for_each   = { for idx, name in var.names : idx => name }
-
-  zone_id = var.cloudflare_zone_id
-
-  name                       = each.value
-  domain                     = "${each.value}.ninebasetwo.net"
-  type                       = "self_hosted"
+  for_each = { for idx, name in var.names : idx => name }
+  zone_id  = var.cloudflare_zone_id
+  name     = each.value
+  domain   = "${each.value}.ninebasetwo.net"
+  type     = "self_hosted"
   session_duration           = "24h"
   auto_redirect_to_identity  = false
   http_only_cookie_attribute = true
-  policies = [
-    cloudflare_access_policy.github-app-policy.id
-  ]
+}
+
+resource "cloudflare_access_policy" "github_app_policy" {
+  for_each = cloudflare_zero_trust_access_application.app
+  zone_id  = var.cloudflare_zone_id
+  name     = "${each.key}-github-auth"
+  application_id = each.value.id
+  precedence = 1
+  decision  = "allow"
+  include {
+    group = ["dc009146-1f84-4d2c-bbd4-670ee9d65d5d"]
+  }
 }
diff --git a/terraform/modules/zero_trust_application/variables.tf b/terraform/modules/zero_trust_application/variables.tf
@@ -6,9 +6,4 @@ variable "names" {
 variable "cloudflare_zone_id" {
   description = "The zone ID for Cloudflare"
   type        = string
-}
-
-variable "cloudflare_token" {
-  description = "cloudflare token"
-  type        = string
 }
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -8,11 +8,6 @@ variable "cloudflare_api_key" {
   type        = string
 }
 
-variable "cloudflare_token" {
-  description = "cloudflare token"
-  type        = string
-}
-
 variable "cloudflare_zone_id" {
   description = "The zone ID for Cloudflare"
   type        = string