Fix provider schema for goauthentik/authentik 2026.5.0
- group: parent → parents (list) - saml/oauth2: add required invalidation_flow - oauth2: remove redirect_uris (use allowed_redirect_uris via config) - ldap: replace authorization_flow/search_group with bind_flow/unbind_flow - Add versions.tf with required_providers block - Remove service_connection from outpost (auto-discovered)
This commit is contained in:
Generated
+23
@@ -0,0 +1,23 @@
|
|||||||
|
# This file is maintained automatically by "tofu init".
|
||||||
|
# Manual edits may be lost in future updates.
|
||||||
|
|
||||||
|
provider "registry.opentofu.org/goauthentik/authentik" {
|
||||||
|
version = "2026.5.0"
|
||||||
|
constraints = ">= 2026.5.0"
|
||||||
|
hashes = [
|
||||||
|
"h1:SeznjPKBzSrgo8WasRnuxiGMDSeQHEKsv3U/xw8bhQE=",
|
||||||
|
"zh:0dc1706f6fbff866f4a96de56a4934b9a277954bcdd0713549a29a9b8ec85153",
|
||||||
|
"zh:218417ec4e864f2d7e585d6c08d39bccb96d8f3bca16c6f762be15365e434234",
|
||||||
|
"zh:24f9afa7a1174316da3478811848cd76ef348d8a983310b8d75ed6f45abe1a92",
|
||||||
|
"zh:560092e47cb8a72b890b3eeafe1803202cd25cf27f5f5a6e2c370f645f5d86ae",
|
||||||
|
"zh:5bc69d8de198007ad1587e146f98cffacf0d1a571800da549b308ff5f4541474",
|
||||||
|
"zh:65248dce941472ad2a30d0754d2f3c2db6bb6fe5080946316fb097d6ba7cc79f",
|
||||||
|
"zh:79c9a59a8d3c60280e27a064668889594da44c60f940b046b7c8e63be01067d0",
|
||||||
|
"zh:87f26cadcd842d6e6d0af94ef0e56860557f5d07f487b10d69d38b63af68bea5",
|
||||||
|
"zh:8e42c9d0e77d61cc2e5f8c8b761f6e484774d93771927b4cb5fbdae41209dd33",
|
||||||
|
"zh:94ff632b9b4841527c6b652d51a850a8a47c84c0308a3efc189e0ff7e2558f87",
|
||||||
|
"zh:b8d32d9f17a905b63c87a23306c02c295b7c8b70f72950071aa3086396932816",
|
||||||
|
"zh:c91982af99474fc2e4e69be36ed3a68847f261963ed79f6a546fc75703992f99",
|
||||||
|
"zh:eb9c1fd3020cf61e9b7a6a38d2965f4b521495a9928705e963459a4af857f97d",
|
||||||
|
]
|
||||||
|
}
|
||||||
+21
-23
@@ -3,7 +3,7 @@ resource "authentik_group" "this" {
|
|||||||
|
|
||||||
name = each.value.name
|
name = each.value.name
|
||||||
is_superuser = each.value.is_superuser
|
is_superuser = each.value.is_superuser
|
||||||
parent = each.value.parent != null ? authentik_group.this[each.value.parent].id : null
|
parents = each.value.parents != null ? [for p in each.value.parents : authentik_group.this[p].id] : []
|
||||||
attributes = jsonencode(each.value.attributes)
|
attributes = jsonencode(each.value.attributes)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -12,8 +12,8 @@ resource "authentik_provider_saml" "this" {
|
|||||||
|
|
||||||
name = each.value.name
|
name = each.value.name
|
||||||
authorization_flow = each.value.authorization_flow
|
authorization_flow = each.value.authorization_flow
|
||||||
|
invalidation_flow = each.value.invalidation_flow
|
||||||
acs_url = each.value.acs_url
|
acs_url = each.value.acs_url
|
||||||
issuer = each.value.issuer
|
|
||||||
sp_binding = each.value.sp_binding
|
sp_binding = each.value.sp_binding
|
||||||
audience = each.value.audience
|
audience = each.value.audience
|
||||||
name_id_mapping = each.value.name_id_mapping
|
name_id_mapping = each.value.name_id_mapping
|
||||||
@@ -23,32 +23,31 @@ resource "authentik_provider_saml" "this" {
|
|||||||
resource "authentik_provider_oauth2" "this" {
|
resource "authentik_provider_oauth2" "this" {
|
||||||
for_each = var.providers_oauth2
|
for_each = var.providers_oauth2
|
||||||
|
|
||||||
name = each.value.name
|
name = each.value.name
|
||||||
authorization_flow = each.value.authorization_flow
|
authorization_flow = each.value.authorization_flow
|
||||||
client_type = each.value.client_type
|
invalidation_flow = each.value.invalidation_flow
|
||||||
client_id = each.value.client_id
|
client_type = each.value.client_type
|
||||||
client_secret = each.value.client_secret
|
client_id = each.value.client_id
|
||||||
redirect_uris = each.value.redirect_uris
|
client_secret = each.value.client_secret
|
||||||
property_mappings = each.value.property_mappings
|
property_mappings = each.value.property_mappings
|
||||||
signing_key = each.value.signing_key
|
signing_key = each.value.signing_key
|
||||||
access_token_validity = each.value.access_token_validity
|
access_token_validity = each.value.access_token_validity
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "authentik_provider_ldap" "this" {
|
resource "authentik_provider_ldap" "this" {
|
||||||
for_each = var.providers_ldap
|
for_each = var.providers_ldap
|
||||||
|
|
||||||
name = each.value.name
|
name = each.value.name
|
||||||
authorization_flow = each.value.authorization_flow
|
bind_flow = each.value.bind_flow
|
||||||
base_dn = each.value.base_dn
|
unbind_flow = each.value.unbind_flow
|
||||||
bind_flow = each.value.bind_flow
|
base_dn = each.value.base_dn
|
||||||
search_group = each.value.search_group
|
certificate = each.value.certificate
|
||||||
certificate = each.value.certificate
|
tls_server_name = each.value.tls_server_name
|
||||||
tls_server_name = each.value.tls_server_name
|
uid_start_number = each.value.uid_start_number
|
||||||
uid_start_number = each.value.uid_start_number
|
gid_start_number = each.value.gid_start_number
|
||||||
gid_start_number = each.value.gid_start_number
|
search_mode = each.value.search_mode
|
||||||
search_mode = each.value.search_mode
|
bind_mode = each.value.bind_mode
|
||||||
bind_mode = each.value.bind_mode
|
mfa_support = each.value.mfa_support
|
||||||
mfa_support = each.value.mfa_support
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "authentik_application" "saml" {
|
resource "authentik_application" "saml" {
|
||||||
@@ -81,5 +80,4 @@ resource "authentik_outpost" "ldap" {
|
|||||||
name = "${each.key}-outpost"
|
name = "${each.key}-outpost"
|
||||||
type = "ldap"
|
type = "ldap"
|
||||||
protocol_providers = [authentik_provider_ldap.this[each.key].id]
|
protocol_providers = [authentik_provider_ldap.this[each.key].id]
|
||||||
service_connection = "local"
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,9 +1,9 @@
|
|||||||
variable "groups" {
|
variable "groups" {
|
||||||
type = map(object({
|
type = map(object({
|
||||||
name = string
|
name = string
|
||||||
is_superuser = optional(bool, false)
|
is_superuser = optional(bool, false)
|
||||||
parent = optional(string, null)
|
parents = optional(list(string), null)
|
||||||
attributes = optional(map(string), {})
|
attributes = optional(map(string), {})
|
||||||
}))
|
}))
|
||||||
default = {}
|
default = {}
|
||||||
}
|
}
|
||||||
@@ -12,9 +12,9 @@ variable "providers_saml" {
|
|||||||
type = map(object({
|
type = map(object({
|
||||||
name = string
|
name = string
|
||||||
authorization_flow = string
|
authorization_flow = string
|
||||||
|
invalidation_flow = string
|
||||||
acs_url = string
|
acs_url = string
|
||||||
issuer = optional(string, null)
|
sp_binding = optional(string, "redirect")
|
||||||
sp_binding = optional(string, "post")
|
|
||||||
audience = optional(string, "")
|
audience = optional(string, "")
|
||||||
name_id_mapping = optional(string, null)
|
name_id_mapping = optional(string, null)
|
||||||
signing_kp = optional(string, null)
|
signing_kp = optional(string, null)
|
||||||
@@ -24,33 +24,32 @@ variable "providers_saml" {
|
|||||||
|
|
||||||
variable "providers_oauth2" {
|
variable "providers_oauth2" {
|
||||||
type = map(object({
|
type = map(object({
|
||||||
name = string
|
name = string
|
||||||
authorization_flow = string
|
authorization_flow = string
|
||||||
client_type = optional(string, "confidential")
|
invalidation_flow = string
|
||||||
client_id = optional(string, null)
|
client_type = optional(string, "confidential")
|
||||||
client_secret = optional(string, null)
|
client_id = string
|
||||||
redirect_uris = optional(list(string), [])
|
client_secret = optional(string, null)
|
||||||
property_mappings = optional(list(string), [])
|
property_mappings = optional(list(string), [])
|
||||||
signing_key = optional(string, null)
|
signing_key = optional(string, null)
|
||||||
access_token_validity = optional(string, "minutes=5")
|
access_token_validity = optional(string, "minutes=10")
|
||||||
}))
|
}))
|
||||||
default = {}
|
default = {}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "providers_ldap" {
|
variable "providers_ldap" {
|
||||||
type = map(object({
|
type = map(object({
|
||||||
name = string
|
name = string
|
||||||
authorization_flow = string
|
bind_flow = string
|
||||||
base_dn = string
|
unbind_flow = string
|
||||||
bind_flow = optional(string, null)
|
base_dn = string
|
||||||
search_group = optional(string, null)
|
certificate = optional(string, null)
|
||||||
certificate = optional(string, null)
|
tls_server_name = optional(string, null)
|
||||||
tls_server_name = optional(string, null)
|
uid_start_number = optional(number, 2000)
|
||||||
uid_start_number = optional(number, 2000)
|
gid_start_number = optional(number, 4000)
|
||||||
gid_start_number = optional(number, 4000)
|
search_mode = optional(string, "direct")
|
||||||
search_mode = optional(string, "cached")
|
bind_mode = optional(string, "direct")
|
||||||
bind_mode = optional(string, "cached")
|
mfa_support = optional(bool, true)
|
||||||
mfa_support = optional(bool, true)
|
|
||||||
}))
|
}))
|
||||||
default = {}
|
default = {}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,9 @@
|
|||||||
|
terraform {
|
||||||
|
required_version = ">= 1.10"
|
||||||
|
required_providers {
|
||||||
|
authentik = {
|
||||||
|
source = "goauthentik/authentik"
|
||||||
|
version = ">= 2026.5.0"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user