mirror of
https://github.com/recklessop/zroc.git
synced 2026-07-02 21:13:15 -04:00
5a617fd550
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
111 lines
3.7 KiB
YAML
111 lines
3.7 KiB
YAML
version: 1
|
|
metadata:
|
|
name: zROC Initial Configuration
|
|
labels:
|
|
blueprints.goauthentik.io/instantiate: "true"
|
|
|
|
entries:
|
|
- model: authentik_core.group
|
|
state: present
|
|
identifiers:
|
|
name: zroc-admins
|
|
attrs:
|
|
name: zroc-admins
|
|
|
|
- model: authentik_core.group
|
|
state: present
|
|
identifiers:
|
|
name: zroc-viewers
|
|
attrs:
|
|
name: zroc-viewers
|
|
|
|
- model: authentik_providers_oauth2.scopemapping
|
|
state: present
|
|
identifiers:
|
|
managed: goauthentik.io/providers/oauth2/scope-zroc-groups
|
|
attrs:
|
|
managed: goauthentik.io/providers/oauth2/scope-zroc-groups
|
|
name: "zROC Groups Scope"
|
|
scope_name: groups
|
|
expression: |
|
|
return [group.name for group in request.user.ak_groups.all()]
|
|
|
|
- model: authentik_providers_oauth2.oauth2provider
|
|
state: present
|
|
identifiers:
|
|
name: zROC Dashboard Provider
|
|
attrs:
|
|
name: zROC Dashboard Provider
|
|
client_type: confidential
|
|
client_id: !Env ZROC_OIDC_CLIENT_ID
|
|
client_secret: !Env ZROC_OIDC_CLIENT_SECRET
|
|
authorization_flow: !Find [authentik_flows.flow, [name, default-provider-authorization-implicit-consent]]
|
|
redirect_uris: !Env ZROC_PUBLIC_URL
|
|
signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
|
|
access_code_validity: minutes=1
|
|
access_token_validity: hours=1
|
|
refresh_token_validity: days=30
|
|
property_mappings:
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
|
|
- !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-zroc-groups]]
|
|
|
|
- model: authentik_core.application
|
|
state: present
|
|
identifiers:
|
|
slug: zroc-dashboard
|
|
attrs:
|
|
name: zROC Dashboard
|
|
slug: zroc-dashboard
|
|
provider: !Find [authentik_providers_oauth2.oauth2provider, [name, zROC Dashboard Provider]]
|
|
meta_launch_url: !Env ZROC_PUBLIC_URL
|
|
meta_description: Zerto Resiliency Observation Console
|
|
policy_engine_mode: any
|
|
|
|
- model: authentik_stages_authenticator_validate.authenticatorvalidatestage
|
|
state: present
|
|
identifiers:
|
|
name: zroc-totp-validation
|
|
attrs:
|
|
name: zroc-totp-validation
|
|
device_classes:
|
|
- totp
|
|
- static
|
|
not_configured_action: configure
|
|
configuration_stages:
|
|
- !Find [authentik_stages_authenticator_totp.authenticatortotpstage, [name, default-authenticator-totp-setup]]
|
|
|
|
- model: authentik_flows.flowstagebinding
|
|
state: present
|
|
identifiers:
|
|
target: !Find [authentik_flows.flow, [slug, default-authentication-flow]]
|
|
stage: !Find [authentik_stages_authenticator_validate.authenticatorvalidatestage, [name, zroc-totp-validation]]
|
|
attrs:
|
|
target: !Find [authentik_flows.flow, [slug, default-authentication-flow]]
|
|
stage: !Find [authentik_stages_authenticator_validate.authenticatorvalidatestage, [name, zroc-totp-validation]]
|
|
order: 30
|
|
evaluate_on_plan: true
|
|
re_evaluate_policies: false
|
|
|
|
- model: authentik_core.user
|
|
state: present
|
|
identifiers:
|
|
username: zroc-service-account
|
|
attrs:
|
|
username: zroc-service-account
|
|
name: zROC Service Account
|
|
type: service_account
|
|
is_active: true
|
|
|
|
- model: authentik_core.token
|
|
state: present
|
|
identifiers:
|
|
identifier: zroc-ui-admin-token
|
|
attrs:
|
|
identifier: zroc-ui-admin-token
|
|
user: !Find [authentik_core.user, [username, zroc-service-account]]
|
|
intent: api
|
|
description: "Used by zROC UI backend for user management"
|
|
expiring: false
|