Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tokens do not expose uuid or pkid #568

Open
spacemule opened this issue Sep 18, 2024 · 0 comments
Open

Tokens do not expose uuid or pkid #568

spacemule opened this issue Sep 18, 2024 · 0 comments

Comments

@spacemule
Copy link

First off, thanks so much for this amazing project. I've learned so much from it and had a lot of fun implementing it.

I'm trying to use the new RBAC resources in terraform, but I cannot apply them to tokens as the authentik_token resource does not output a UUID or PKID.

(As a sidenote, it's not too clear why PKID is sometimes used, and other times UUID is used. Additionally, sometimes the resources want an ID, sometimes they want a UUID. It'd be nice if the reasoning for this were clearer.)

Here's my current terraform:

resource "authentik_token" "app_pass" {
  for_each   = local.app_users
  identifier = "${each.key}-gw"
  user       = authentik_user.app["${each.key}"].id
  expiring   = false
  intent     = "app_password"
  provisioner "local-exec" {
    on_failure = fail
    command    = <<-EOT
      PKID=$(curl -XGET \
        -H 'Authorization: Bearer ${var.authentik_token}' \
        "${var.authentik_endpoint}/api/v3/core/tokens/?identifier=${self.identifier}&intent=${self.intent}" | \
        jq --raw-output .results[].pk)
      curl -XPOST \
        -H 'Authorization: Bearer ${var.authentik_token}' \
        --json \
        '{"permissions":["view_token_key"],"model":"authentik_core.token","object_pk":"'$PKID'"}' \
        "${var.authentik_endpoint}/api/v3/rbac/permissions/assigned_by_users/${self.user}/assign/"
      EOT
  }
}

With the new RBAC resources, the provisioner should be unnecessary, and the terraform would look something like this:

resource "authentik_token" "app_pass" {
 for_each   = local.app_users
 identifier = "${each.key}-gw"
 user       = authentik_user.app["${each.key}"].id
 expiring   = false
 intent     = "app_password"
}

resource "authentik_rbac_permission_user" "app_pass" {
 for_each = authentik_token.app_pass
 user = each.value.user
 permission = "view_token_key"
 model = "authentik_core.token"
 object_id = each.value.id
}

The problem is that last line. authentic_token only exposes the ID, which is not the object_id that the resource expects. So when I apply, it fails with a 400 error:

Error: HTTP Error '400 Bad Request' during request 'POST /api/v3/rbac/permissions/assigned_by_users/12/assign/': "{"non_field_errors":["“app_username-gw” is not a valid UUID."]}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@spacemule