4042760a16
- Terraform module for groups, SAML/OAuth2/LDAP providers, applications, and LDAP outposts - Data-driven YAML config with Terragrunt config loader - Environment: identity.unkin.net with Consul backend - Provider: goauthentik/authentik 2026.5.0 - Woodpecker CI pipelines (pre-commit, plan, apply) - Makefile with Vault AppRole and K8s auth support
1.0 KiB
1.0 KiB
terraform-authentik
Terraform configuration for managing the Authentik identity provider at identity.unkin.net.
Managed Resources
- Groups — roles and group hierarchy (users are invited manually)
- SAML providers — SAML application integrations
- OAuth2/OIDC providers — OAuth2 and OpenID Connect integrations
- LDAP providers — LDAP provider and outpost configuration
- Applications — application definitions linked to providers
Configuration
Resources are defined as YAML files under config/:
config/
├── groups/ # Group definitions
├── providers_saml/ # SAML provider definitions
├── providers_oauth2/ # OAuth2/OIDC provider definitions
└── providers_ldap/ # LDAP provider definitions
Usage
make plan # init + plan
make apply # init + plan + apply
make format # format all .tf and .hcl files
Authentication
Set VAULT_ROLEID for local AppRole auth, or VAULT_AUTH_METHOD=kubernetes for CI.