Files
terraform-authentik/README.md
T
unkinben 4042760a16
ci/woodpecker/pr/plan Pipeline failed
ci/woodpecker/pr/pre-commit Pipeline failed
Initial scaffold
- Terraform module for groups, SAML/OAuth2/LDAP providers, applications, and LDAP outposts
- Data-driven YAML config with Terragrunt config loader
- Environment: identity.unkin.net with Consul backend
- Provider: goauthentik/authentik 2026.5.0
- Woodpecker CI pipelines (pre-commit, plan, apply)
- Makefile with Vault AppRole and K8s auth support
2026-06-28 11:55:26 +10:00

36 lines
1.0 KiB
Markdown

# terraform-authentik
Terraform configuration for managing the Authentik identity provider at identity.unkin.net.
## Managed Resources
- **Groups** — roles and group hierarchy (users are invited manually)
- **SAML providers** — SAML application integrations
- **OAuth2/OIDC providers** — OAuth2 and OpenID Connect integrations
- **LDAP providers** — LDAP provider and outpost configuration
- **Applications** — application definitions linked to providers
## Configuration
Resources are defined as YAML files under `config/`:
```
config/
├── groups/ # Group definitions
├── providers_saml/ # SAML provider definitions
├── providers_oauth2/ # OAuth2/OIDC provider definitions
└── providers_ldap/ # LDAP provider definitions
```
## Usage
```sh
make plan # init + plan
make apply # init + plan + apply
make format # format all .tf and .hcl files
```
### Authentication
Set `VAULT_ROLEID` for local AppRole auth, or `VAULT_AUTH_METHOD=kubernetes` for CI.