variable "groups" { type = map(object({ name = string is_superuser = optional(bool, false) parent = optional(string, null) attributes = optional(map(string), {}) })) default = {} } variable "providers_saml" { type = map(object({ name = string authorization_flow = string acs_url = string issuer = optional(string, null) sp_binding = optional(string, "post") audience = optional(string, "") name_id_mapping = optional(string, null) signing_kp = optional(string, null) })) default = {} } variable "providers_oauth2" { type = map(object({ name = string authorization_flow = string client_type = optional(string, "confidential") client_id = optional(string, null) client_secret = optional(string, null) redirect_uris = optional(list(string), []) property_mappings = optional(list(string), []) signing_key = optional(string, null) access_token_validity = optional(string, "minutes=5") })) default = {} } variable "providers_ldap" { type = map(object({ name = string authorization_flow = string base_dn = string bind_flow = optional(string, null) search_group = optional(string, null) certificate = optional(string, null) tls_server_name = optional(string, null) uid_start_number = optional(number, 2000) gid_start_number = optional(number, 4000) search_mode = optional(string, "cached") bind_mode = optional(string, "cached") mfa_support = optional(bool, true) })) default = {} }