Files
terraform-authentik/README.md
T
unkinben 4042760a16
ci/woodpecker/pr/plan Pipeline failed
ci/woodpecker/pr/pre-commit Pipeline failed
Initial scaffold
- Terraform module for groups, SAML/OAuth2/LDAP providers, applications, and LDAP outposts
- Data-driven YAML config with Terragrunt config loader
- Environment: identity.unkin.net with Consul backend
- Provider: goauthentik/authentik 2026.5.0
- Woodpecker CI pipelines (pre-commit, plan, apply)
- Makefile with Vault AppRole and K8s auth support
2026-06-28 11:55:26 +10:00

1.0 KiB

terraform-authentik

Terraform configuration for managing the Authentik identity provider at identity.unkin.net.

Managed Resources

  • Groups — roles and group hierarchy (users are invited manually)
  • SAML providers — SAML application integrations
  • OAuth2/OIDC providers — OAuth2 and OpenID Connect integrations
  • LDAP providers — LDAP provider and outpost configuration
  • Applications — application definitions linked to providers

Configuration

Resources are defined as YAML files under config/:

config/
├── groups/              # Group definitions
├── providers_saml/      # SAML provider definitions
├── providers_oauth2/    # OAuth2/OIDC provider definitions
└── providers_ldap/      # LDAP provider definitions

Usage

make plan     # init + plan
make apply    # init + plan + apply
make format   # format all .tf and .hcl files

Authentication

Set VAULT_ROLEID for local AppRole auth, or VAULT_AUTH_METHOD=kubernetes for CI.