Fix perpetual redirect_uri drift on oauth2 providers
authentik_provider_oauth2.allowed_redirect_uris is list(map(string)) and the API always stores a redirect_uri_type key on each entry. The module only set matching_mode and url, so every plan showed the Grafana provider being updated in-place (state map had 3 keys, config map had 2) and never converged. Add redirect_uri_type to the redirect_uris object, defaulting to "authorization". `terragrunt plan` now reports no changes.
This commit is contained in:
@@ -40,9 +40,12 @@ variable "providers_oauth2" {
|
|||||||
# Managed identifiers of scope property mappings (e.g.
|
# Managed identifiers of scope property mappings (e.g.
|
||||||
# goauthentik.io/providers/oauth2/scope-openid). Resolved to ids.
|
# goauthentik.io/providers/oauth2/scope-openid). Resolved to ids.
|
||||||
scope_mappings = optional(list(string), [])
|
scope_mappings = optional(list(string), [])
|
||||||
|
# allowed_redirect_uris is list(map(string)); the API always stores a
|
||||||
|
# redirect_uri_type key, so it must be set here or every plan drifts.
|
||||||
redirect_uris = optional(list(object({
|
redirect_uris = optional(list(object({
|
||||||
matching_mode = optional(string, "strict")
|
matching_mode = optional(string, "strict")
|
||||||
url = string
|
url = string
|
||||||
|
redirect_uri_type = optional(string, "authorization")
|
||||||
})), [])
|
})), [])
|
||||||
signing_key = optional(string, null)
|
signing_key = optional(string, null)
|
||||||
access_token_validity = optional(string, "minutes=10")
|
access_token_validity = optional(string, "minutes=10")
|
||||||
|
|||||||
Reference in New Issue
Block a user