Merge pull request #2 from mastodon/oidc

Add OIDC provider configuration

cluster.tf

@@ -20,3 +20,18 @@ resource "ovh_cloud_project_kube_nodepool" "node_pool" {
   max_nodes     = var.node_pools[count.index].nodes
   min_nodes     = var.node_pools[count.index].nodes
 }
+
+resource "ovh_cloud_project_kube_oidc" "oidc" {
+  count = var.oidc_provider_url != "" ? 1 : 0
+
+  service_name = var.project_id
+  kube_id      = ovh_cloud_project_kube.cluster.id
+
+  client_id    = var.oidc_client_id
+  issuer_url   = var.oidc_provider_url
+
+  oidc_username_claim  = var.oidc_username_claim
+  oidc_username_prefix = var.oidc_username_prefix
+  oidc_groups_claim    = var.oidc_groups_claim
+  oidc_groups_prefix   = var.oidc_groups_prefix
+}

variables.tf

@@ -47,3 +47,41 @@ variable "network_gateway_model" {
     error_message = "Valid values for network_gateway_model are (s, m, l)"
   }
 }
+
+# OIDC settings
+
+variable "oidc_provider_url" {
+  description = "URL to use for OIDC authentication. Enables OIDC if specified."
+  type        = string
+  default     = ""
+}
+
+variable "oidc_client_id" {
+  description = "OIDC client ID to give the cluster for login."
+  type        = string
+  default     = ""
+}
+
+variable "oidc_username_claim" {
+  description = "OIDC Property to use for username."
+  type        = string
+  default     = "email"
+}
+
+variable "oidc_username_prefix" {
+  description = "Prefix to add to all usernames connecting to the cluster."
+  type        = string
+  default     = ""
+}
+
+variable "oidc_groups_claim" {
+  description = "Groups to include in the OIDC claim."
+  type        = list(string)
+  default     = []
+}
+
+variable "oidc_groups_prefix" {
+  description = "Prefix to add to all groups connecting to the cluster."
+  type        = string
+  default     = ""
+}