Fix provider schema for goauthentik/authentik 2026.5.0
ci/woodpecker/pr/plan Pipeline failed
ci/woodpecker/pr/pre-commit Pipeline was successful

- group: parent → parents (list)
- saml/oauth2: add required invalidation_flow
- oauth2: remove redirect_uris (use allowed_redirect_uris via config)
- ldap: replace authorization_flow/search_group with bind_flow/unbind_flow
- Add versions.tf with required_providers block
- Remove service_connection from outpost (auto-discovered)
This commit is contained in:
2026-06-28 12:04:19 +10:00
parent 4042760a16
commit 8aa2273dcf
4 changed files with 78 additions and 49 deletions
+21 -23
View File
@@ -3,7 +3,7 @@ resource "authentik_group" "this" {
name = each.value.name
is_superuser = each.value.is_superuser
parent = each.value.parent != null ? authentik_group.this[each.value.parent].id : null
parents = each.value.parents != null ? [for p in each.value.parents : authentik_group.this[p].id] : []
attributes = jsonencode(each.value.attributes)
}
@@ -12,8 +12,8 @@ resource "authentik_provider_saml" "this" {
name = each.value.name
authorization_flow = each.value.authorization_flow
invalidation_flow = each.value.invalidation_flow
acs_url = each.value.acs_url
issuer = each.value.issuer
sp_binding = each.value.sp_binding
audience = each.value.audience
name_id_mapping = each.value.name_id_mapping
@@ -23,32 +23,31 @@ resource "authentik_provider_saml" "this" {
resource "authentik_provider_oauth2" "this" {
for_each = var.providers_oauth2
name = each.value.name
authorization_flow = each.value.authorization_flow
client_type = each.value.client_type
client_id = each.value.client_id
client_secret = each.value.client_secret
redirect_uris = each.value.redirect_uris
property_mappings = each.value.property_mappings
signing_key = each.value.signing_key
name = each.value.name
authorization_flow = each.value.authorization_flow
invalidation_flow = each.value.invalidation_flow
client_type = each.value.client_type
client_id = each.value.client_id
client_secret = each.value.client_secret
property_mappings = each.value.property_mappings
signing_key = each.value.signing_key
access_token_validity = each.value.access_token_validity
}
resource "authentik_provider_ldap" "this" {
for_each = var.providers_ldap
name = each.value.name
authorization_flow = each.value.authorization_flow
base_dn = each.value.base_dn
bind_flow = each.value.bind_flow
search_group = each.value.search_group
certificate = each.value.certificate
tls_server_name = each.value.tls_server_name
uid_start_number = each.value.uid_start_number
gid_start_number = each.value.gid_start_number
search_mode = each.value.search_mode
bind_mode = each.value.bind_mode
mfa_support = each.value.mfa_support
name = each.value.name
bind_flow = each.value.bind_flow
unbind_flow = each.value.unbind_flow
base_dn = each.value.base_dn
certificate = each.value.certificate
tls_server_name = each.value.tls_server_name
uid_start_number = each.value.uid_start_number
gid_start_number = each.value.gid_start_number
search_mode = each.value.search_mode
bind_mode = each.value.bind_mode
mfa_support = each.value.mfa_support
}
resource "authentik_application" "saml" {
@@ -81,5 +80,4 @@ resource "authentik_outpost" "ldap" {
name = "${each.key}-outpost"
type = "ldap"
protocol_providers = [authentik_provider_ldap.this[each.key].id]
service_connection = "local"
}