Initial commit
Some checks failed
CI/CD Pipeline / Code Quality & Linting (push) Has been cancelled
CI/CD Pipeline / Policy Validation (push) Has been cancelled
CI/CD Pipeline / Test Suite (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-firm-connectors) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-forms) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-hmrc) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ingestion) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-normalize-map) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ocr) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-indexer) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-reason) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rpa) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (ui-review) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (ui-review) (push) Has been cancelled
CI/CD Pipeline / Generate SBOM (push) Has been cancelled
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
CI/CD Pipeline / Notifications (push) Has been cancelled
Some checks failed
CI/CD Pipeline / Code Quality & Linting (push) Has been cancelled
CI/CD Pipeline / Policy Validation (push) Has been cancelled
CI/CD Pipeline / Test Suite (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-firm-connectors) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-forms) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-hmrc) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ingestion) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-normalize-map) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ocr) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-indexer) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-reason) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rpa) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (ui-review) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (ui-review) (push) Has been cancelled
CI/CD Pipeline / Generate SBOM (push) Has been cancelled
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
CI/CD Pipeline / Notifications (push) Has been cancelled
This commit is contained in:
harkon
109
blueprints/simple-bootstrap.yaml
Normal file
109
blueprints/simple-bootstrap.yaml
Normal file
@@ -0,0 +1,109 @@
|
||||
# Simple Authentik Bootstrap Configuration
|
||||
# This file configures the basic Authentik setup for AI Tax Agent
|
||||
|
||||
version: 1
|
||||
|
||||
metadata:
|
||||
name: AI Tax Agent Simple Bootstrap
|
||||
|
||||
entries:
|
||||
# Create admin user
|
||||
- model: authentik_core.user
|
||||
identifiers:
|
||||
username: admin
|
||||
attrs:
|
||||
name: "System Administrator"
|
||||
email: admin@local.lan
|
||||
is_active: true
|
||||
is_staff: true
|
||||
is_superuser: true
|
||||
|
||||
# Create user groups
|
||||
- model: authentik_core.group
|
||||
identifiers:
|
||||
name: "Administrators"
|
||||
attrs:
|
||||
is_superuser: true
|
||||
|
||||
- model: authentik_core.group
|
||||
identifiers:
|
||||
name: "Tax Reviewers"
|
||||
attrs:
|
||||
is_superuser: false
|
||||
|
||||
- model: authentik_core.group
|
||||
identifiers:
|
||||
name: "Accountants"
|
||||
attrs:
|
||||
is_superuser: false
|
||||
|
||||
- model: authentik_core.group
|
||||
identifiers:
|
||||
name: "Clients"
|
||||
attrs:
|
||||
is_superuser: false
|
||||
|
||||
# Create OIDC Provider for API services
|
||||
- model: authentik_providers_oauth2.oauth2provider
|
||||
identifiers:
|
||||
name: "AI Tax Agent API"
|
||||
attrs:
|
||||
client_id: "ai-tax-agent-api"
|
||||
client_secret: !Env [AUTHENTIK_API_CLIENT_SECRET, "changeme-api-secret"]
|
||||
authorization_grant_type: "authorization-code"
|
||||
client_type: "confidential"
|
||||
redirect_uris: "https://api.local/auth/callback\nhttps://review.local/auth/callback"
|
||||
sub_mode: "hashed_user_id"
|
||||
include_claims_in_id_token: true
|
||||
issuer_mode: "per_provider"
|
||||
authorization_flow:
|
||||
!Find [authentik_flows.flow, [slug, "default-authentication-flow"]]
|
||||
invalidation_flow:
|
||||
!Find [authentik_flows.flow, [slug, "default-invalidation-flow"]]
|
||||
|
||||
# Create OIDC Provider for Grafana
|
||||
- model: authentik_providers_oauth2.oauth2provider
|
||||
identifiers:
|
||||
name: "Grafana"
|
||||
attrs:
|
||||
client_id: "grafana"
|
||||
client_secret:
|
||||
!Env [AUTHENTIK_GRAFANA_CLIENT_SECRET, "changeme-grafana-secret"]
|
||||
authorization_grant_type: "authorization-code"
|
||||
client_type: "confidential"
|
||||
redirect_uris: "https://grafana.local/login/generic_oauth"
|
||||
sub_mode: "hashed_user_id"
|
||||
include_claims_in_id_token: true
|
||||
issuer_mode: "per_provider"
|
||||
authorization_flow:
|
||||
!Find [authentik_flows.flow, [slug, "default-authentication-flow"]]
|
||||
invalidation_flow:
|
||||
!Find [authentik_flows.flow, [slug, "default-invalidation-flow"]]
|
||||
|
||||
# Create Applications
|
||||
- model: authentik_core.application
|
||||
identifiers:
|
||||
name: "AI Tax Agent API"
|
||||
slug: "ai-tax-agent-api"
|
||||
attrs:
|
||||
provider:
|
||||
!Find [
|
||||
authentik_providers_oauth2.oauth2provider,
|
||||
[name, "AI Tax Agent API"],
|
||||
]
|
||||
meta_launch_url: "https://api.local"
|
||||
meta_description: "AI Tax Agent API Services"
|
||||
meta_publisher: "AI Tax Agent"
|
||||
policy_engine_mode: "any"
|
||||
|
||||
- model: authentik_core.application
|
||||
identifiers:
|
||||
name: "Grafana"
|
||||
slug: "grafana"
|
||||
attrs:
|
||||
provider:
|
||||
!Find [authentik_providers_oauth2.oauth2provider, [name, "Grafana"]]
|
||||
meta_launch_url: "https://grafana.local"
|
||||
meta_description: "Monitoring and Observability Dashboard"
|
||||
meta_publisher: "AI Tax Agent"
|
||||
policy_engine_mode: "any"
|
||||
Reference in New Issue
Block a user