serviceauthcentral-gcp-tofu

OpenTofu module for deploying a fully working ServiceAuthCentral deployment in GCP

References

• ServiceAuthCentral - Simplify microservice security with ServiceAuthCentral: Centralized, open-source authorization in the cloud, minus the shared secrets.
• ServiceAuthCentral Documentation - Documentation for ServiceAuthCentral
• serviceauthcentralweb - Web based management interface for ServiceCloudAuth
• serviceauthcentral-client-java - Java client for requesting tokens from the ServiceAuthCentral OAuth 2.0 authorization server.
• serviceauthcentral-gcp-tofu - OpenTofu module for deploying a fully working ServiceAuthCentral deployment in GCP

Tofu Modules

• serviceauthcentral-token-gcp-tofu - OpenTofu module for deploying ServiceAuthCentral token API to Cloud Run in GCP
• serviceauthcentral-manage-gcp-tofu - OpenTofu module for deploying ServiceAuthCentral manage API to Cloud Run in GCP
• serviceauthcentral-kms-gcp-tofu - OpenTofu module for deploying ServiceAuthCentral KMS Keys in GCP
• serviceauthcentral-firestore-gcp-tofu - OpenTofu module for deploying ServiceAuthCentral Firestore Database
• serviceauthcentral-firestore-bootstrap-gcp-tofu - OpenTofu module for deploying ServiceAuthCentral Firestore records needed to bootstrap an install
• serviceauthcentral-workload-identity-gcp-tofu - OpenTofu module for deploying ServiceAuthCentral Workload Identity Federation in GCP

Requirements

Name	Version
terraform	>= 1.0.0

Providers

No providers.

Modules

Name	Source	Version
crossfiresyncrun	./crossfiresyncrun-tofu	n/a
serviceauthcentral_firestore_bootstrap_gcp	./serviceauthcentral-firestore-bootstrap-gcp-tofu	n/a
serviceauthcentral_firestore_gcp	./serviceauthcentral-firestore-gcp-tofu	n/a
serviceauthcentral_kms_gcp	./serviceauthcentral-kms-gcp-tofu	n/a
serviceauthcentral_manage_gcp	./serviceauthcentral-manage-gcp-tofu	n/a
serviceauthcentral_token_gcp	./serviceauthcentral-token-gcp-tofu	n/a
serviceauthcentral_workload_identity_gcp	./serviceauthcentral-workload-identity-gcp-tofu	n/a

Resources

No resources.

Inputs

Name	Description	Type	Default	Required
artifact_registry_host	The name of the Artifact Registry repository	string	"us-docker.pkg.dev"	no
artifact_registry_name	The name of the Artifact Registry repository	string	n/a	yes
artifact_registry_project_id	The project to use for Artifact Registry. Will default to the project_id if not set.	string	null	no
crossfiresyncrun_tag	The tag for the crossfiresyncrun image to deploy	string	"dev"	no
firestore_deletion_policy	The deletion policy for Firestore databases	string	"ABANDON"	no
kms_existing_key	Boolean value indicating if an existing KMS key should be used	bool	false	no
name	The name of the application	string	"serviceauthcentral"	no
project_id	The GCP project id	string	n/a	yes
regions	List of regions where resources will be created	list(string)	n/a	yes
sac_authorized_admin_user_clientid	The client id of the initial admin user	string	n/a	yes
sac_cors_origins	The SAC_CORS_ORIGINS envirionment variable specifying the allowed origins	string	n/a	yes
sac_issuer	The SAC_ISSUER envirionment variable specifying the issuer	string	n/a	yes
sac_user_provider_github_clientid	The SAC_USER_PROVIDER_GITHUB_CLIENTID envirionment variable specifying the GitHub client id	string	n/a	yes
sac_user_provider_github_clientsecret	The SAC_USER_PROVIDER_GITHUB_CLIENTSECRET envirionment variable specifying the GitHub client secret	string	n/a	yes
sac_user_redirecturi	The SAC_USER_REDIRECTURI envirionment variable specifying the redirect uri	string	n/a	yes
serviceauthcentral_manage_tag	The tag for the serviceauthcentral manage image to deploy	string	"dev"	no
serviceauthcentral_token_tag	The tag for the serviceauthcentral token image to deploy	string	"dev"	no

Outputs

Name	Description
manage_region_service_map	n/a
token_region_service_map	n/a