Update the terraform and deploy action to work for non-liberated subdomains

2023-01-05 14:56:50 +00:00 · 2023-01-05 14:56:50 +00:00 · 4cafc0474b
commit 4cafc0474b
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@ -66,7 +66,8 @@ jobs:
        env:
          TF_VAR_cloudflare_account_id: ${{ secrets.CF_ACCOUNT_ID }}
          TF_VAR_cloudflare_api_token: ${{ secrets.CF_API_TOKEN }}
-          TF_VAR_cloudflare_zone_name: ${{ secrets.CF_ZONE_NAME }}
+          TF_VAR_cloudflare_zone_id: ${{ secrets.CF_ZONE_ID }}
+          TF_VAR_cloudflare_deploy_domain: ${{ secrets.CF_DEPLOY_DOMAIN }}
          TF_VAR_gh_username: ${{ github.actor }}
          TF_VAR_d1_id: ${{ env.d1_id }}
          TF_VAR_access_auth_domain: ${{ env.auth_domain }}
--- a/tf/main.tf
+++ b/tf/main.tf
@ -2,7 +2,11 @@ variable "cloudflare_account_id" {
  type = string
 }

-variable "cloudflare_zone_name" {
+variable "cloudflare_zone_id" {
+  type = string
+}
+
+variable "cloudflare_deploy_domain" {
  type = string
 }

@ -40,12 +44,6 @@ provider "cloudflare" {
  api_token = var.cloudflare_api_token
 }

-data "cloudflare_zone" "zone" {
-  account_id = var.cloudflare_account_id
-  name       = var.cloudflare_zone_name
-}
-
-
 resource "cloudflare_workers_kv_namespace" "wildebeest_cache" {
  account_id = var.cloudflare_account_id
  title = "wildebeest-${var.gh_username}-cache"
@ -70,7 +68,7 @@ resource "cloudflare_pages_project" "wildebeest_pages_project" {

        USER_KEY = random_password.user_key.result

-        DOMAIN = var.cloudflare_zone_name
+        DOMAIN = var.cloudflare_deploy_domain
        ACCESS_AUD = cloudflare_access_application.wildebeest_access.aud
        ACCESS_AUTH_DOMAIN = var.access_auth_domain
      }
@ -85,8 +83,8 @@ resource "cloudflare_pages_project" "wildebeest_pages_project" {
 }

 resource "cloudflare_record" "record" {
-  zone_id = data.cloudflare_zone.zone.id
-  name    = "@"
+  zone_id = var.cloudflare_zone_id
+  name    = var.cloudflare_deploy_domain
  value   = cloudflare_pages_project.wildebeest_pages_project.subdomain
  type    = "CNAME"
  ttl     = 1
@ -96,7 +94,7 @@ resource "cloudflare_record" "record" {
 resource "cloudflare_pages_domain" "domain" {
  account_id   = var.cloudflare_account_id
  project_name = "wildebeest-${var.gh_username}"
-  domain       = var.cloudflare_zone_name
+  domain       = var.cloudflare_deploy_domain

  depends_on = [
    cloudflare_pages_project.wildebeest_pages_project,
@ -107,7 +105,7 @@ resource "cloudflare_pages_domain" "domain" {
 resource "cloudflare_access_application" "wildebeest_access" {
  account_id                = var.cloudflare_account_id
  name                      = "wildebeest-${var.gh_username}"
-  domain                    = "${var.cloudflare_zone_name}/oauth/authorize"
+  domain                    = "${var.cloudflare_deploy_domain}/oauth/authorize"
  type                      = "self_hosted"
  session_duration          = "168h"
  auto_redirect_to_identity = false
@ -115,12 +113,12 @@ resource "cloudflare_access_application" "wildebeest_access" {

 resource "cloudflare_access_policy" "policy" {
  application_id = cloudflare_access_application.wildebeest_access.id
-  zone_id        = data.cloudflare_zone.zone.id
+  account_id     = var.cloudflare_account_id
  name           = "policy"
  precedence     = "1"
  decision       = "allow"

  include {
-    email = ["test@example.com"]
+    email = ["CHANGEME@example.com"]
  }
 }