inject ACCESS_AUD and ACCESS_AUTH_DOMAIN Pages app

.github/workflows/deploy.yml

@@ -11,6 +11,10 @@ jobs:
       - uses: actions/checkout@v2
       - uses: hashicorp/setup-terraform@v2
 
+      - name: Install package
+        run: |
+          sudo apt-get -y install jq
+
       - name: Setup node.js
         uses: actions/setup-node@v3
         with:
@@ -45,6 +49,12 @@ jobs:
         env:
           CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
 
+      - name: retrieve Zero Trust organization
+        run: |
+            auth_domain=$(curl https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/access/organizations \
+                -H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' | jq -r '.result.auth_domain')
+            printf "auth_domain=$auth_domain" >> $GITHUB_ENV
+
       - name: Init
         run: terraform init
         working-directory: ./tf
@@ -59,6 +69,7 @@ jobs:
           TF_VAR_cloudflare_zone_name: ${{ secrets.CF_ZONE_NAME }}
           TF_VAR_gh_username: ${{ github.actor }}
           TF_VAR_d1_id: ${{ env.d1_id }}
+          TF_VAR_access_auth_domain: ${{ env.auth_domain }}
 
       - name: Publish
         uses: cloudflare/wrangler-action@2.0.0

tf/main.tf

@@ -18,6 +18,10 @@ variable "d1_id" {
   type = string
 }
 
+variable "access_auth_domain" {
+  type = string
+}
+
 terraform {
   required_providers {
     cloudflare = {
@@ -65,6 +69,8 @@ resource "cloudflare_pages_project" "wildebeest_pages_project" {
         CF_API_TOKEN  = ""
 
         USER_KEY = random_password.user_key.result
+        ACCESS_AUD = cloudflare_access_application.wildebeest_access.aud
+        ACCESS_AUTH_DOMAIN = var.access_auth_domain
       }
       kv_namespaces = {
         KV_CACHE = cloudflare_workers_kv_namespace.wildebeest_cache.id
@@ -111,7 +117,3 @@ resource "cloudflare_access_policy" "policy" {
     email = ["test@example.com"]
   }
 }
-
-/* output "access_aud" { */
-/*   value = cloudflare_access_application.wildebeest_access.aud */
-/* } */