Fix provider schema for goauthentik/authentik 2026.5.0
ci/woodpecker/pr/plan Pipeline failed
ci/woodpecker/pr/pre-commit Pipeline was successful

- group: parent → parents (list)
- saml/oauth2: add required invalidation_flow
- oauth2: remove redirect_uris (use allowed_redirect_uris via config)
- ldap: replace authorization_flow/search_group with bind_flow/unbind_flow
- Add versions.tf with required_providers block
- Remove service_connection from outpost (auto-discovered)
This commit is contained in:
2026-06-28 12:04:19 +10:00
parent 4042760a16
commit 8aa2273dcf
4 changed files with 78 additions and 49 deletions
+25 -26
View File
@@ -1,9 +1,9 @@
variable "groups" {
type = map(object({
name = string
name = string
is_superuser = optional(bool, false)
parent = optional(string, null)
attributes = optional(map(string), {})
parents = optional(list(string), null)
attributes = optional(map(string), {})
}))
default = {}
}
@@ -12,9 +12,9 @@ variable "providers_saml" {
type = map(object({
name = string
authorization_flow = string
invalidation_flow = string
acs_url = string
issuer = optional(string, null)
sp_binding = optional(string, "post")
sp_binding = optional(string, "redirect")
audience = optional(string, "")
name_id_mapping = optional(string, null)
signing_kp = optional(string, null)
@@ -24,33 +24,32 @@ variable "providers_saml" {
variable "providers_oauth2" {
type = map(object({
name = string
authorization_flow = string
client_type = optional(string, "confidential")
client_id = optional(string, null)
client_secret = optional(string, null)
redirect_uris = optional(list(string), [])
property_mappings = optional(list(string), [])
signing_key = optional(string, null)
access_token_validity = optional(string, "minutes=5")
name = string
authorization_flow = string
invalidation_flow = string
client_type = optional(string, "confidential")
client_id = string
client_secret = optional(string, null)
property_mappings = optional(list(string), [])
signing_key = optional(string, null)
access_token_validity = optional(string, "minutes=10")
}))
default = {}
}
variable "providers_ldap" {
type = map(object({
name = string
authorization_flow = string
base_dn = string
bind_flow = optional(string, null)
search_group = optional(string, null)
certificate = optional(string, null)
tls_server_name = optional(string, null)
uid_start_number = optional(number, 2000)
gid_start_number = optional(number, 4000)
search_mode = optional(string, "cached")
bind_mode = optional(string, "cached")
mfa_support = optional(bool, true)
name = string
bind_flow = string
unbind_flow = string
base_dn = string
certificate = optional(string, null)
tls_server_name = optional(string, null)
uid_start_number = optional(number, 2000)
gid_start_number = optional(number, 4000)
search_mode = optional(string, "direct")
bind_mode = optional(string, "direct")
mfa_support = optional(bool, true)
}))
default = {}
}