fix: consolidate base config into production blueprint
Some checks failed
CI/CD Pipeline / Code Quality & Linting (push) Has been cancelled
CI/CD Pipeline / Policy Validation (push) Has been cancelled
CI/CD Pipeline / Test Suite (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-firm-connectors) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-forms) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-hmrc) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ingestion) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-normalize-map) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ocr) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-indexer) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-reason) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rpa) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (ui-review) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (ui-review) (push) Has been cancelled
CI/CD Pipeline / Generate SBOM (push) Has been cancelled
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
CI/CD Pipeline / Notifications (push) Has been cancelled
Some checks failed
CI/CD Pipeline / Code Quality & Linting (push) Has been cancelled
CI/CD Pipeline / Policy Validation (push) Has been cancelled
CI/CD Pipeline / Test Suite (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-firm-connectors) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-forms) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-hmrc) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ingestion) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-normalize-map) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ocr) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-indexer) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-reason) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rpa) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (ui-review) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (ui-review) (push) Has been cancelled
CI/CD Pipeline / Generate SBOM (push) Has been cancelled
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
CI/CD Pipeline / Notifications (push) Has been cancelled
This commit is contained in:
harkon
@@ -7,6 +7,94 @@ metadata:
|
|||||||
name: AI Tax Agent — Production Bootstrap
|
name: AI Tax Agent — Production Bootstrap
|
||||||
|
|
||||||
entries:
|
entries:
|
||||||
|
# --- Groups first (so the admin user can reference them) -------------------
|
||||||
|
- model: authentik_core.group
|
||||||
|
state: present
|
||||||
|
identifiers:
|
||||||
|
name: "Administrators"
|
||||||
|
attrs:
|
||||||
|
is_superuser: true
|
||||||
|
|
||||||
|
- model: authentik_core.group
|
||||||
|
state: present
|
||||||
|
identifiers:
|
||||||
|
name: "Tax Reviewers"
|
||||||
|
attrs:
|
||||||
|
is_superuser: false
|
||||||
|
|
||||||
|
- model: authentik_core.group
|
||||||
|
state: present
|
||||||
|
identifiers:
|
||||||
|
name: "Accountants"
|
||||||
|
attrs:
|
||||||
|
is_superuser: false
|
||||||
|
|
||||||
|
- model: authentik_core.group
|
||||||
|
state: present
|
||||||
|
identifiers:
|
||||||
|
name: "Clients"
|
||||||
|
attrs:
|
||||||
|
is_superuser: false
|
||||||
|
|
||||||
|
# --- Admin user ------------------------------------------------------------
|
||||||
|
- model: authentik_core.user
|
||||||
|
state: present
|
||||||
|
identifiers:
|
||||||
|
username: admin
|
||||||
|
attrs:
|
||||||
|
name: "System Administrator"
|
||||||
|
email: admin@app.harkon.co.uk
|
||||||
|
is_active: true
|
||||||
|
is_staff: true
|
||||||
|
is_superuser: true
|
||||||
|
groups:
|
||||||
|
- !Find [authentik_core.group, [name, "Administrators"]]
|
||||||
|
|
||||||
|
# --- Scope mappings (find existing ones and get stable IDs) -----------------
|
||||||
|
- id: scope_openid
|
||||||
|
model: authentik_providers_oauth2.scopemapping
|
||||||
|
identifiers:
|
||||||
|
scope_name: openid
|
||||||
|
|
||||||
|
- id: scope_profile
|
||||||
|
model: authentik_providers_oauth2.scopemapping
|
||||||
|
identifiers:
|
||||||
|
scope_name: profile
|
||||||
|
|
||||||
|
- id: scope_email
|
||||||
|
model: authentik_providers_oauth2.scopemapping
|
||||||
|
identifiers:
|
||||||
|
scope_name: email
|
||||||
|
|
||||||
|
- id: scope_groups
|
||||||
|
model: authentik_providers_oauth2.scopemapping
|
||||||
|
identifiers:
|
||||||
|
scope_name: groups
|
||||||
|
|
||||||
|
- id: scope_offline
|
||||||
|
model: authentik_providers_oauth2.scopemapping
|
||||||
|
identifiers:
|
||||||
|
scope_name: offline_access
|
||||||
|
|
||||||
|
# Helper finders
|
||||||
|
- id: default_signing_key
|
||||||
|
model: authentik_crypto.certificatekeypair
|
||||||
|
state: present
|
||||||
|
identifiers:
|
||||||
|
name: "authentik Self-signed Certificate"
|
||||||
|
|
||||||
|
- id: default_authz_flow
|
||||||
|
model: authentik_flows.flow
|
||||||
|
state: present
|
||||||
|
identifiers:
|
||||||
|
slug: "default-authentication-flow"
|
||||||
|
|
||||||
|
- id: default_inval_flow
|
||||||
|
model: authentik_flows.flow
|
||||||
|
state: present
|
||||||
|
identifiers:
|
||||||
|
slug: "default-invalidation-flow"
|
||||||
|
|
||||||
# --- AI Tax Agent API (Production) -----------------------------------------
|
# --- AI Tax Agent API (Production) -----------------------------------------
|
||||||
- model: authentik_providers_oauth2.oauth2provider
|
- model: authentik_providers_oauth2.oauth2provider
|
||||||
state: present
|
state: present
|
||||||
|
|||||||
Reference in New Issue
Block a user