marcportabellaclotet-mt
commented
2 months ago Thanks for looking into this.
I did some trial with the terraform provider, and I faced these little issues:
- Global permissions can not be assigned to a role, as validation returns an error about models and object_pk
resource "authentik_rbac_permission_role" "global-permission" {
role = "xxxx"
model = "authentik_rbac.role"
permission = "authentik_rbac.access_admin_interface"
}Error:
HTTP Error '400 Bad Request' during request 'POST /api/v3/rbac/permissions/assigned_by_roles/71e19b4e-1743-4d1c-b7fd-fb0b3cb7f602/assign/': "{"non_field_errors":["The fields model, object_pk must be used together."]}"- Permissions Roles when defining an object id fails. It creates the permission in authentik server, but terraform execution complains about "invalid API response" , and the state is not updated. The res value from here is empty, resulting into a validation error. Looking into the api, should it return a value or an empty response?
resource "authentik_rbac_permission_role" "group-permission" {
role = "yyyy"
model = "authentik_core.group"
permission = "view_group"
object_id = "zzz"
}Error:
│ Error: invalid API response-
I do not find a way to a assign a role to a group.
-
When defining permission_role, the permission key is a string. Should it be a list of strings, as several permissions could be added ?
I was able to define a list of string changing the tf validation and the rest of code. However I got the above error about invalid APi response, but the permissions were created in authentik.
Roles are created without issues
RBAC is not covered yet by terraform.
It would be a nice to have feature.