4042760a16
- Terraform module for groups, SAML/OAuth2/LDAP providers, applications, and LDAP outposts - Data-driven YAML config with Terragrunt config loader - Environment: identity.unkin.net with Consul backend - Provider: goauthentik/authentik 2026.5.0 - Woodpecker CI pipelines (pre-commit, plan, apply) - Makefile with Vault AppRole and K8s auth support
36 lines
1.0 KiB
Markdown
36 lines
1.0 KiB
Markdown
# terraform-authentik
|
|
|
|
Terraform configuration for managing the Authentik identity provider at identity.unkin.net.
|
|
|
|
## Managed Resources
|
|
|
|
- **Groups** — roles and group hierarchy (users are invited manually)
|
|
- **SAML providers** — SAML application integrations
|
|
- **OAuth2/OIDC providers** — OAuth2 and OpenID Connect integrations
|
|
- **LDAP providers** — LDAP provider and outpost configuration
|
|
- **Applications** — application definitions linked to providers
|
|
|
|
## Configuration
|
|
|
|
Resources are defined as YAML files under `config/`:
|
|
|
|
```
|
|
config/
|
|
├── groups/ # Group definitions
|
|
├── providers_saml/ # SAML provider definitions
|
|
├── providers_oauth2/ # OAuth2/OIDC provider definitions
|
|
└── providers_ldap/ # LDAP provider definitions
|
|
```
|
|
|
|
## Usage
|
|
|
|
```sh
|
|
make plan # init + plan
|
|
make apply # init + plan + apply
|
|
make format # format all .tf and .hcl files
|
|
```
|
|
|
|
### Authentication
|
|
|
|
Set `VAULT_ROLEID` for local AppRole auth, or `VAULT_AUTH_METHOD=kubernetes` for CI.
|