variable "groups" { type = map(object({ name = string is_superuser = optional(bool, false) parents = optional(list(string), null) attributes = optional(map(string), {}) })) default = {} } variable "providers_saml" { type = map(object({ name = string authorization_flow = string invalidation_flow = string acs_url = string sp_binding = optional(string, "redirect") audience = optional(string, "") name_id_mapping = optional(string, null) signing_kp = optional(string, null) })) default = {} } variable "providers_oauth2" { type = map(object({ name = string authorization_flow = string invalidation_flow = string client_type = optional(string, "confidential") client_id = string client_secret = optional(string, null) property_mappings = optional(list(string), []) signing_key = optional(string, null) access_token_validity = optional(string, "minutes=10") })) default = {} } variable "providers_ldap" { type = map(object({ name = string bind_flow = string unbind_flow = string base_dn = string certificate = optional(string, null) tls_server_name = optional(string, null) uid_start_number = optional(number, 2000) gid_start_number = optional(number, 4000) search_mode = optional(string, "direct") bind_mode = optional(string, "direct") mfa_support = optional(bool, true) })) default = {} }