geoffsee/cluster
1
0
Fork 0
mirror of https://github.com/seemueller-io/cluster.git synced 2025-09-08 22:56:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Development environment functions

Browse Source
This commit is contained in:
geoffsee
2025-08-15 18:59:05 -04:00
commit e289de2bd7
58 changed files with 11955 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
deploy/dev/configurations/.gitignore vendored Normal file
View File

@@ -0,0 +1,12 @@
*.d.ts
*.js
node_modules
cdktf.out
cdktf.log
*terraform.*.tfstate*
.gen
.terraform
tsconfig.tsbuildinfo
!jest.config.js
!setup.js
/zitadel-admin-sa.json

157
deploy/dev/configurations/README.md Normal file
View File

@@ -0,0 +1,157 @@
# zitadel-configurator
A minimal CDK for Terraform (CDKTF) TypeScript app that provisions resources in a ZITADEL instance. The included example stack configures the ZITADEL provider and creates a demo organization ("geoffs-makers-guild").
This directory is intended for local development and experimentation against a local ZITADEL instance (via Docker Compose or a local Kubernetes cluster using kind + Helm).
## Prerequisites
- Node.js >= 20.9 and npm
- CDKTF CLI (either install globally or use npx)
- Install: `npm i -g cdktf-cli@latest`
- Or run via npx: `npx cdktf --help`
- One of the following ZITADEL runtimes:
- Docker + Docker Compose (quickest)
- or Kubernetes (kind), Helm, kubectl
- Optional: OpenSSL (to generate a strong master key)
## Getting a local ZITADEL
Option A — Docker Compose (recommended to start):
- From the repository root, create `.zitadel.env` with a strong master key. Example:
```dotenv
ZITADEL_MASTERKEY=$(openssl rand -base64 32)
```
Alternatively, run `openssl rand -base64 32` and paste the result as the value of `ZITADEL_MASTERKEY`.
- Start ZITADEL and its login UI:
```bash
docker compose -f compose.zitadel.yml up -d
```
- Wait until services are healthy. The compose file will write two files to the repository root:
- `admin.pat` — a Personal Access Token (PAT) with IAM_OWNER role (use this for Terraform/ZITADEL provider authentication)
- `login-client.pat` — a PAT for the login service
- Useful URLs:
- API: http://localhost:8080
- Login UI: http://localhost:3000/ui/v2/login
Option B — Kubernetes (kind + Helm):
- Scripts are provided under `k8s/` to spin up a local cluster and install Traefik, PostgreSQL, and ZITADEL with example values.
- From this directory:
```bash
cd cluster
./install-dev-platform.sh
```
- The Helm example uses the host `pg-insecure.127.0.0.1.sslip.io` routed through Traefik, mapped to your local ports 80/443.
- To uninstall and clean up:
```bash
./uninstall-dev-platform.sh
```
## Configure and use CDKTF
- Install dependencies (inside this `zitadel-configurator` directory):
```bash
npm install
```
- Generate provider bindings (creates/updates the `.gen` folder):
```bash
npm run get
```
- Synthesize the Terraform JSON (outputs to `cdktf.out/`):
```bash
npm run synth
```
You can also run CDKTF via `npx cdktf synth`.
- Deploy the stack (interactive approval by default):
```bash
npx cdktf deployCdktf
```
- Destroy the stack when done:
```bash
npx cdktf destroy
```
## Authentication and configuration
- The example code in `main.ts` reads a dotenv file one level up: `../.zitadel.env`.
- It currently expects `ZITADEL_MASTERKEY` in that file because the Docker Compose setup uses it to initialize ZITADEL.
- The ZITADEL Terraform provider requires a token for API access (PAT or service account), not the master key.
- When you start ZITADEL via Docker Compose in this repo, an admin PAT is written to `../admin.pat` (repository root). Use that for provider authentication.
- If you want to use the PAT with the current example, update `main.ts` to read the PAT and pass it to the provider's `token` field. For example:
```ts
import { readFileSync } from "node:fs";
const adminPat = readFileSync("../admin.pat", "utf8").trim();
new ZitadelProvider(this, "zitadel", {
domain: "http://localhost:8080", // for Docker Compose
token: adminPat,
});
```
- For the Kubernetes example, the domain in `main.ts` is set to `https://pg-insecure.127.0.0.1.sslip.io`. Keep that if you are using the kind + Traefik + Helm setup; otherwise change it to your environment.
## Commands reference
- `npm run get` — generates provider bindings from `cdktf.json` (`.gen/` folder).
- `npm run build` — type-checks and compiles TypeScript to JavaScript.
- `npm run synth` — synthesizes Terraform JSON to `cdktf.out/`.
- `npx cdktf deployCdktf` — deploys the synthesized stack.
- `npx cdktf destroy` — destroys the deployed resources.
- `npm test` — runs Jest (with `cdktf.Testing.setupJest`), useful for unit testing constructs.
## Directory layout
- `main.ts` — CDKTF app entrypoint. Defines a `TerraformStack` that configures the ZITADEL provider and creates a demo Org.
- `.gen/` — auto-generated provider constructs (created by `cdktf get`).
- `cdktf.json` — CDKTF project configuration (`app` is `npx ts-node main.ts`).
- `k8s/` — helper scripts to run a local K8s cluster and install ZITADEL with Helm.
## Troubleshooting
### Common Issues and Solutions
#### TLS Certificate Errors with Kubernetes Setup
If you encounter "x509: certificate signed by unknown authority" or "issuer does not match" errors:
1. **Install cert-manager** (if not already installed):
```bash
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.3/cert-manager.yaml
kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=cert-manager -n cert-manager --timeout=300s
```
2. **Create a self-signed certificate** for the local domain:
```bash
# Create the certificate manually
openssl req -x509 -newkey rsa:4096 -keyout tls.key -out tls.crt -days 365 -nodes -subj "/CN=machine.127.0.0.1.sslip.io"
# Create Kubernetes TLS secret
kubectl create secret tls zitadel-tls --cert=tls.crt --key=tls.key
```
3. **Update main.ts configuration** - Remove `insecure: true` flag and use proper JWT authentication:
```typescript
const provider = new ZitadelProvider(this, "zitadel", {
domain: "machine.127.0.0.1.sslip.io",
jwtProfileJson: JSON.stringify(JSON.parse(readFileSync(path.resolve("zitadel-admin-sa.json").toString(), 'utf-8'))),
// Remove: insecure: true, // This causes issuer mismatch errors
});
```
#### Other Common Issues
- Provider bindings missing (`.gen/providers/zitadel/...`): run `npm run get`.
- Auth errors on deployCdktf: ensure you are using a valid service account JSON or PAT, not the master key.
- `machine.127.0.0.1.sslip.io` does not resolve: use the Docker Compose setup and set provider domain to `http://localhost:8080`, or ensure your kind+Traefik install is running and ports 80/443 are mapped.
- Node version errors: ensure Node >= 20.9 as specified in `package.json`.
## Security
Do not commit secrets. Keep `.zitadel.env`, `admin.pat`, and other credentials out of version control.
## License
MPL-2.0

244
deploy/dev/configurations/TESTING.md Normal file
View File

@@ -0,0 +1,244 @@
# Testing Guide for Zitadel Configurator
This document explains the testing approach and methodology used in the Zitadel Configurator project, which uses CDKTF (Cloud Development Kit for Terraform) to manage Zitadel infrastructure.
## Overview
The project uses **unit testing** with Jest to test Infrastructure as Code (IaC) definitions. Tests verify that the synthesized Terraform configuration contains the expected resources and properties without creating actual cloud resources.
## Testing Framework
### Core Technologies
- **Jest**: JavaScript testing framework
- **ts-jest**: TypeScript support for Jest
- **CDKTF Testing**: Built-in testing utilities for CDKTF applications
- **TypeScript**: Primary language for both implementation and tests
### Configuration Files
- `jest.config.js`: Jest configuration with TypeScript support
- `setup.js`: CDKTF-specific Jest setup that enables testing matchers
- `package.json`: Test scripts and dependencies
## Test Structure
### Directory Organization
```
zitadel-configurator/
├── __tests__/ # Test files directory
│ └── main.test.ts # Main test suite
├── main.ts # Implementation to be tested
├── jest.config.js # Jest configuration
└── setup.js # CDKTF Jest setup
```
### Test File Naming
- Tests are located in the `__tests__/` directory
- Test files follow the pattern: `*.test.ts`
- Alternative patterns supported: `*.spec.ts`
## Running Tests
### Available Commands
```bash
# Run all tests once
npm test
# Run tests in watch mode (auto-rerun on file changes)
npm run test:watch
```
### Test Output
Tests provide clear feedback about:
- Resource creation verification
- Property validation
- Synthesized Terraform configuration structure
## Testing Approach
### Unit Testing Philosophy
The project follows a **unit testing** approach where:
- Tests validate the synthesized Terraform configuration
- No actual cloud resources are created during testing
- Fast execution with immediate feedback
- Focus on infrastructure definition correctness
### Test Categories
#### 1. Resource Existence Tests
Verify that expected resources are created in the Terraform configuration:
```typescript
it("should create an organization resource", () => {
const app = Testing.app();
const stack = new ZitadelStack(app, "test-stack");
// Test that the stack contains an Org resource
expect(Testing.synth(stack)).toHaveResource(Org);
});
```
#### 2. Resource Property Tests
Validate that resources have the correct properties:
```typescript
it("should create organization with name 'makers'", () => {
const app = Testing.app();
const stack = new ZitadelStack(app, "test-stack");
// Test the synthesized terraform to ensure it contains the expected resource properties
expect(Testing.synth(stack)).toHaveResourceWithProperties(Org, {
name: "makers"
});
});
```
#### 3. Public Interface Tests
Verify that the stack exposes the expected outputs:
```typescript
it("should create organization with name 'makers'", () => {
const app = Testing.app();
const stack = new ZitadelStack(app, "test-stack");
// Verify the organization was created and stored
expect(stack.createdOrg).toBeDefined();
});
```
## CDKTF Testing Utilities
### Key Testing Methods
#### `Testing.app()`
Creates a CDKTF app instance for testing purposes.
#### `Testing.synth(stack)`
Synthesizes the stack into Terraform JSON configuration for testing.
#### `toHaveResource(ResourceClass)`
Custom Jest matcher that checks if the synthesized configuration contains a specific resource type.
#### `toHaveResourceWithProperties(ResourceClass, properties)`
Custom Jest matcher that validates both resource existence and specific property values.
### Setup Requirements
The `setup.js` file is crucial as it:
```javascript
const cdktf = require("cdktf");
cdktf.Testing.setupJest();
```
This enables CDKTF-specific Jest matchers and testing utilities.
## Best Practices
### 1. Test Structure
- Use descriptive test suite names (`describe` blocks)
- Write clear, specific test case descriptions
- Group related tests logically
### 2. Test Isolation
- Each test creates its own app and stack instance
- Tests are independent and don't share state
- Use fresh instances for each test case
### 3. Comprehensive Coverage
- Test resource creation
- Validate resource properties
- Verify public interfaces and outputs
- Test different configuration scenarios
### 4. Meaningful Assertions
- Test both existence and correctness
- Use specific matchers for clear error messages
- Validate the actual synthesized configuration
## Example Test Implementation
```typescript
import "cdktf/lib/testing/adapters/jest"; // Load types for expect matchers
import { Testing } from "cdktf";
import { ZitadelStack } from "../main";
import { Org } from "../.gen/providers/zitadel/org";
describe("Zitadel Configurator", () => {
describe("Unit testing using assertions", () => {
it("should create an organization resource", () => {
const app = Testing.app();
const stack = new ZitadelStack(app, "test-stack");
// Test that the stack contains an Org resource
expect(Testing.synth(stack)).toHaveResource(Org);
});
it("should create organization with name 'makers'", () => {
const app = Testing.app();
const stack = new ZitadelStack(app, "test-stack");
// Verify the organization was created and stored
expect(stack.createdOrg).toBeDefined();
// Test the synthesized terraform to ensure it contains the expected resource properties
expect(Testing.synth(stack)).toHaveResourceWithProperties(Org, {
name: "makers"
});
});
});
});
```
## Benefits of This Testing Approach
### 1. Fast Feedback
- Tests run quickly without cloud API calls
- Immediate validation of infrastructure definitions
- Suitable for continuous integration
### 2. Cost-Effective
- No cloud resources created during testing
- No API rate limits or costs
- Safe for frequent execution
### 3. Reliable
- Tests are deterministic and repeatable
- No dependency on external services during testing
- Consistent results across different environments
### 4. Development-Friendly
- Supports test-driven development (TDD)
- Watch mode for rapid iteration
- Clear error messages for debugging
## Extending Tests
### Adding New Test Cases
When adding new resources or modifying existing ones:
1. **Test Resource Creation**: Verify the new resource type exists
2. **Test Properties**: Validate all important configuration properties
3. **Test Relationships**: Verify resource dependencies and references
4. **Test Public Interface**: Ensure any exposed outputs are accessible
### Advanced Testing Scenarios
Consider adding tests for:
- Error conditions and validation
- Different configuration environments
- Resource dependencies and relationships
- Complex property calculations
## Troubleshooting
### Common Issues
#### Missing CDKTF Setup
If you see errors about missing matchers, ensure `setup.js` is properly configured in `jest.config.js`.
#### TypeScript Compilation Errors
Ensure all necessary type definitions are imported:
```typescript
import "cdktf/lib/testing/adapters/jest"; // Load types for expect matchers
```
#### Resource Import Issues
Verify that generated provider resources are properly imported:
```typescript
import { Org } from "../.gen/providers/zitadel/org";
```
This testing approach ensures robust, reliable infrastructure definitions while maintaining development velocity and cost-effectiveness.

194
deploy/dev/configurations/__tests__/main.test.ts Normal file
View File

@@ -0,0 +1,194 @@
// Copyright (c) HashiCorp, Inc
// SPDX-License-Identifier: MPL-2.0
import "cdktf/lib/testing/adapters/jest"; // Load types for expect matchers
import { Testing } from "cdktf";
import { ZitadelStack } from "../main";
import { Org } from "../.gen/providers/zitadel/org";
import { Project } from "../.gen/providers/zitadel/project";
import { ApplicationOidc } from "../.gen/providers/zitadel/application-oidc";
import { HumanUser } from "../.gen/providers/zitadel/human-user";
describe("Zitadel Configurator", () => {
describe("Unit testing using assertions", () => {
it("should create an organization resource", () => {
const app = Testing.app();
const stack = new ZitadelStack(app, "test-stack");
// Test that the stack contains an Org resource
expect(Testing.synth(stack)).toHaveResource(Org);
});
it("should create organization with name 'makers'", () => {
const app = Testing.app();
const stack = new ZitadelStack(app, "test-stack");
// Verify the organization was created and stored
expect(stack.createdOrg).toBeDefined();
// Test the synthesized terraform to ensure it contains the expected resource properties
expect(Testing.synth(stack)).toHaveResourceWithProperties(Org, {
name: "makers"
});
});
it("should create a project for the organization", () => {
const app = Testing.app();
const stack = new ZitadelStack(app, "test-stack");
// Test that the stack contains a Project resource
expect(Testing.synth(stack)).toHaveResource(Project);
// Verify the project was created and stored
expect(stack.createdProject).toBeDefined();
// Test the synthesized terraform to ensure it contains the expected resource properties
expect(Testing.synth(stack)).toHaveResourceWithProperties(Project, {
name: "makers-project"
});
});
it("should create an OIDC application for the project", () => {
const app = Testing.app();
const stack = new ZitadelStack(app, "test-stack");
// Test that the stack contains an ApplicationOidc resource
expect(Testing.synth(stack)).toHaveResource(ApplicationOidc);
// Verify the application was created and stored
expect(stack.createdApp).toBeDefined();
// Test the synthesized terraform to ensure it contains the expected resource properties
expect(Testing.synth(stack)).toHaveResourceWithProperties(ApplicationOidc, {
name: "makers-app"
});
});
it("should expose clientId and clientSecret from the created app", () => {
const app = Testing.app();
const stack = new ZitadelStack(app, "test-stack");
// Verify that the created app has clientId and clientSecret properties available
expect(stack.createdApp).toBeDefined();
expect(stack.createdApp.clientId).toBeDefined();
expect(stack.createdApp.clientSecret).toBeDefined();
});
it("should create a user in the organization", () => {
const app = Testing.app();
const stack = new ZitadelStack(app, "test-stack");
// Test that the stack contains a HumanUser resource
expect(Testing.synth(stack)).toHaveResource(HumanUser);
// Verify the user was created and stored
expect(stack.createdUser).toBeDefined();
// Test the synthesized terraform to ensure it contains the expected resource properties
expect(Testing.synth(stack)).toHaveResourceWithProperties(HumanUser, {
user_name: "makers-user"
});
});
it("should expose user credentials from the created user", () => {
const app = Testing.app();
const stack = new ZitadelStack(app, "test-stack");
// Verify that the created user has credential properties available
expect(stack.createdUser).toBeDefined();
expect(stack.createdUser.loginNames).toBeDefined();
expect(stack.createdUser.preferredLoginName).toBeDefined();
expect(stack.createdUser.state).toBeDefined();
});
it("should create OIDC application with correct organization context", () => {
const app = Testing.app();
const stack = new ZitadelStack(app, "test-stack");
// Test the synthesized terraform to ensure the OIDC application has orgId properly set
// This ensures the application can find the project within the correct organization
expect(Testing.synth(stack)).toHaveResourceWithProperties(ApplicationOidc, {
name: "makers-app",
org_id: "${zitadel_org.org.id}"
});
});
});
// // All Unit tests test the synthesised terraform code, it does not create real-world resources
// describe("Unit testing using assertions", () => {
// it("should contain a resource", () => {
// // import { Image,Container } from "./.gen/providers/docker"
// expect(
// Testing.synthScope((scope) => {
// new MyApplicationsAbstraction(scope, "my-app", {});
// })
// ).toHaveResource(Container);
// expect(
// Testing.synthScope((scope) => {
// new MyApplicationsAbstraction(scope, "my-app", {});
// })
// ).toHaveResourceWithProperties(Image, { name: "ubuntu:latest" });
// });
// });
// describe("Unit testing using snapshots", () => {
// it("Tests the snapshot", () => {
// const app = Testing.app();
// const stack = new TerraformStack(app, "test");
// new TestProvider(stack, "provider", {
// accessKey: "1",
// });
// new TestResource(stack, "test", {
// name: "my-resource",
// });
// expect(Testing.synth(stack)).toMatchSnapshot();
// });
// it("Tests a combination of resources", () => {
// expect(
// Testing.synthScope((stack) => {
// new TestDataSource(stack, "test-data-source", {
// name: "foo",
// });
// new TestResource(stack, "test-resource", {
// name: "bar",
// });
// })
// ).toMatchInlineSnapshot();
// });
// });
// describe("Checking validity", () => {
// it("check if the produced terraform configuration is valid", () => {
// const app = Testing.app();
// const stack = new TerraformStack(app, "test");
// new TestDataSource(stack, "test-data-source", {
// name: "foo",
// });
// new TestResource(stack, "test-resource", {
// name: "bar",
// });
// expect(Testing.fullSynth(app)).toBeValidTerraform();
// });
// it("check if this can be planned", () => {
// const app = Testing.app();
// const stack = new TerraformStack(app, "test");
// new TestDataSource(stack, "test-data-source", {
// name: "foo",
// });
// new TestResource(stack, "test-resource", {
// name: "bar",
// });
// expect(Testing.fullSynth(app)).toPlanSuccessfully();
// });
// });
});

13
deploy/dev/configurations/cdktf.json Normal file
View File

@@ -0,0 +1,13 @@
{
"language": "typescript",
"app": "npx ts-node main.ts",
"projectId": "zitadel-configurations",
"sendCrashReports": "false",
"terraformProviders": [
"zitadel/zitadel@~> 1.0"
],
"terraformModules": [],
"context": {
}
}

187
deploy/dev/configurations/jest.config.js Normal file
View File

@@ -0,0 +1,187 @@
/** @type {import('ts-jest/dist/types').InitialOptionsTsJest} */
/*
* For a detailed explanation regarding each configuration property, visit:
* https://jestjs.io/docs/configuration
*/
module.exports = {
// All imported modules in your tests should be mocked automatically
// automock: false,
// Stop running tests after `n` failures
// bail: 0,
// The directory where Jest should store its cached dependency information
// cacheDirectory: "/private/var/folders/z_/v03l33d55fb57nrr3b1q03ch0000gq/T/jest_dz",
// Automatically clear mock calls and instances between every test
clearMocks: true,
// Indicates whether the coverage information should be collected while executing the test
// collectCoverage: false,
// An array of glob patterns indicating a set of files for which coverage information should be collected
// collectCoverageFrom: undefined,
// The directory where Jest should output its coverage files
// coverageDirectory: undefined,
// An array of regexp pattern strings used to skip coverage collection
// coveragePathIgnorePatterns: [
// "/node_modules/"
// ],
// Indicates which provider should be used to instrument code for coverage
coverageProvider: "v8",
// A list of reporter names that Jest uses when writing coverage reports
// coverageReporters: [
// "json",
// "text",
// "lcov",
// "clover"
// ],
// An object that configures minimum threshold enforcement for coverage results
// coverageThreshold: undefined,
// A path to a custom dependency extractor
// dependencyExtractor: undefined,
// Make calling deprecated APIs throw helpful error messages
// errorOnDeprecated: false,
// Force coverage collection from ignored files using an array of glob patterns
// forceCoverageMatch: [],
// A path to a module which exports an async function that is triggered once before all test suites
// globalSetup: undefined,
// A path to a module which exports an async function that is triggered once after all test suites
// globalTeardown: undefined,
// A set of global variables that need to be available in all test environments
// globals: {},
// The maximum amount of workers used to run your tests. Can be specified as % or a number. E.g. maxWorkers: 10% will use 10% of your CPU amount + 1 as the maximum worker number. maxWorkers: 2 will use a maximum of 2 workers.
// maxWorkers: "50%",
// An array of directory names to be searched recursively up from the requiring module's location
// moduleDirectories: [
// "node_modules"
// ],
// An array of file extensions your modules use
moduleFileExtensions: ["ts", "js", "json", "node"],
// A map from regular expressions to module names or to arrays of module names that allow to stub out resources with a single module
// moduleNameMapper: {},
// An array of regexp pattern strings, matched against all module paths before considered 'visible' to the module loader
// modulePathIgnorePatterns: [],
// Activates notifications for test results
// notify: false,
// An enum that specifies notification mode. Requires { notify: true }
// notifyMode: "failure-change",
// A preset that is used as a base for Jest's configuration
preset: "ts-jest",
// Run tests from one or more projects
// projects: undefined,
// Use this configuration option to add custom reporters to Jest
// reporters: undefined,
// Automatically reset mock state between every test
// resetMocks: false,
// Reset the module registry before running each individual test
// resetModules: false,
// A path to a custom resolver
// resolver: undefined,
// Automatically restore mock state between every test
// restoreMocks: false,
// The root directory that Jest should scan for tests and modules within
// rootDir: undefined,
// A list of paths to directories that Jest should use to search for files in
// roots: [
// "<rootDir>"
// ],
// Allows you to use a custom runner instead of Jest's default test runner
// runner: "jest-runner",
// The paths to modules that run some code to configure or set up the testing environment before each test
// setupFiles: [],
// A list of paths to modules that run some code to configure or set up the testing framework before each test
setupFilesAfterEnv: ["<rootDir>/setup.js"],
// The number of seconds after which a test is considered as slow and reported as such in the results.
// slowTestThreshold: 5,
// A list of paths to snapshot serializer modules Jest should use for snapshot testing
// snapshotSerializers: [],
// The test environment that will be used for testing
testEnvironment: "node",
// Options that will be passed to the testEnvironment
// testEnvironmentOptions: {},
// Adds a location field to test results
// testLocationInResults: false,
// The glob patterns Jest uses to detect test files
testMatch: [
"**/__tests__/**/*.ts",
"**/?(*.)+(spec|test).ts"
],
// An array of regexp pattern strings that are matched against all test paths, matched tests are skipped
testPathIgnorePatterns: ["/node_modules/", ".d.ts", ".js"],
// The regexp pattern or array of patterns that Jest uses to detect test files
// testRegex: [],
// This option allows the use of a custom results processor
// testResultsProcessor: undefined,
// This option allows use of a custom test runner
// testRunner: "jest-circus/runner",
// This option sets the URL for the jsdom environment. It is reflected in properties such as location.href
// testURL: "http://localhost",
// Setting this value to "fake" allows the use of fake timers for functions such as "setTimeout"
// timers: "real",
// A map from regular expressions to paths to transformers
// transform: undefined,
// An array of regexp pattern strings that are matched against all source file paths, matched files will skip transformation
// transformIgnorePatterns: [
// "/node_modules/",
// "\\.pnp\\.[^\\/]+$"
// ],
// An array of regexp pattern strings that are matched against all modules before the module loader will automatically return a mock for them
// unmockedModulePathPatterns: undefined,
// Indicates whether each individual test should be reported during the run
// verbose: undefined,
// An array of regexp patterns that are matched against all source file paths before re-running tests in watch mode
// watchPathIgnorePatterns: [],
// Whether to use watchman for file crawling
// watchman: true,
};

128
deploy/dev/configurations/main.ts Normal file
View File

@@ -0,0 +1,128 @@
import {Construct} from "constructs";
import {App, TerraformOutput, TerraformStack} from "cdktf";
import {Org} from "./.gen/providers/zitadel/org";
import {Project} from "./.gen/providers/zitadel/project";
import {ApplicationOidc} from "./.gen/providers/zitadel/application-oidc";
import {HumanUser} from "./.gen/providers/zitadel/human-user";
import {ZitadelProvider} from "./.gen/providers/zitadel/provider";
import * as path from "node:path";
import {readFileSync} from "fs";
export class ZitadelStack extends TerraformStack {
public readonly createdOrg: Org;
public readonly createdProject: Project;
public readonly createdApp: ApplicationOidc;
public readonly createdUser: HumanUser;
constructor(scope: Construct, id: string) {
super(scope, id);
const provider = new ZitadelProvider(this, "zitadel", {
domain: "machine.127.0.0.1.sslip.io", // your instance URL
jwtProfileJson: JSON.stringify(JSON.parse(readFileSync(path.resolve("zitadel-admin-sa.json").toString(), 'utf-8'))),
});
this.createdOrg = new Org(this, "org", {
name: "makers",
provider: provider,
});
this.createdProject = new Project(this, "project", {
name: "makers-project",
orgId: this.createdOrg.id,
provider: provider,
});
this.createdApp = new ApplicationOidc(this, "app", {
name: "makers-app",
projectId: this.createdProject.id,
orgId: this.createdOrg.id,
grantTypes: ["OIDC_GRANT_TYPE_AUTHORIZATION_CODE"],
redirectUris: ["http://localhost:3000/callback"],
responseTypes: ["OIDC_RESPONSE_TYPE_CODE"],
provider: provider,
dependsOn: [this.createdProject],
});
this.createdUser = new HumanUser(this, "user", {
userName: "makers-user",
email: "makers-user@example.com",
firstName: "Makers",
lastName: "User",
displayName: "Makers User",
orgId: this.createdOrg.id,
initialPassword: "TempPassword123!",
isEmailVerified: true,
provider: provider,
});
new TerraformOutput(this, "client_id", {
value: this.createdApp.clientId,
description: "The client ID of the OIDC application",
sensitive: true,
});
new TerraformOutput(this, "client_secret", {
value: this.createdApp.clientSecret,
description: "The client secret of the OIDC application",
sensitive: true,
});
new TerraformOutput(this, "user_login_names", {
value: this.createdUser.loginNames,
description: "The login names of the created user",
sensitive: true,
});
new TerraformOutput(this, "user_password", {
value: this.createdUser.initialPassword,
description: "The password of the created user",
sensitive: true,
});
new TerraformOutput(this, "user_preferred_login_name", {
value: this.createdUser.preferredLoginName,
description: "The preferred login name of the created user",
sensitive: true,
});
new TerraformOutput(this, "user_state", {
value: this.createdUser.state,
description: "The state of the created user",
sensitive: true,
});
new TerraformOutput(this, "created_org", {
value: {
id: this.createdOrg.id
},
description: "The client ID of the OIDC application",
sensitive: true,
});
new TerraformOutput(this, "created_project", {
value: {
id: this.createdProject.id,
name: this.createdProject.name,
},
description: "The client ID of the OIDC application",
sensitive: true,
});
}
}
const app = new App();
new ZitadelStack(app, "zitadel-dev");
app.synth();

34
deploy/dev/configurations/package.json Normal file
View File

@@ -0,0 +1,34 @@
{
"name": "zitadel-dev",
"version": "1.0.0",
"main": "main.js",
"types": "main.ts",
"license": "MPL-2.0",
"private": true,
"scripts": {
"get": "cdktf get",
"synth": "cdktf synth",
"deploy": "cdktf deploy --auto-approve",
"test": "jest",
"test:watch": "jest --watch",
"upgrade": "npm i cdktf@latest cdktf-cli@latest",
"upgrade:next": "npm i cdktf@next cdktf-cli@next",
"destroy": "cdktf destroy --auto-approve"
},
"engines": {
"node": ">=20.9"
},
"dependencies": {
"cdktf": "^0.21.0",
"constructs": "^10.4.2"
},
"devDependencies": {
"@types/jest": "^30.0.0",
"@types/node": "^24.2.0",
"jest": "^30.0.5",
"ts-jest": "^29.4.1",
"ts-node": "^10.9.2",
"typescript": "^5.9.2",
"dotenv": "^17.2.1"
}
}

2
deploy/dev/configurations/setup.js Normal file
View File

@@ -0,0 +1,2 @@
const cdktf = require("cdktf");
cdktf.Testing.setupJest();

37
deploy/dev/configurations/tsconfig.json Normal file
View File

@@ -0,0 +1,37 @@
{
"compilerOptions": {
"alwaysStrict": true,
"declaration": true,
"experimentalDecorators": true,
"inlineSourceMap": true,
"inlineSources": true,
"lib": [
"es2018"
],
"module": "CommonJS",
"noEmitOnError": true,
"noFallthroughCasesInSwitch": true,
"noImplicitAny": true,
"noImplicitReturns": true,
"noImplicitThis": true,
"noUnusedLocals": true,
"noUnusedParameters": true,
"resolveJsonModule": true,
"strict": true,
"strictNullChecks": true,
"strictPropertyInitialization": true,
"stripInternal": true,
"target": "ES2018",
"incremental": true,
"skipLibCheck": true
},
"include": [
"**/*.ts",
".gen/**/**.ts",
"main.ts"
],
"exclude": [
"node_modules",
"cdktf.out"
]
}