4042760a16
- Terraform module for groups, SAML/OAuth2/LDAP providers, applications, and LDAP outposts - Data-driven YAML config with Terragrunt config loader - Environment: identity.unkin.net with Consul backend - Provider: goauthentik/authentik 2026.5.0 - Woodpecker CI pipelines (pre-commit, plan, apply) - Makefile with Vault AppRole and K8s auth support
57 lines
1.7 KiB
Terraform
57 lines
1.7 KiB
Terraform
variable "groups" {
|
|
type = map(object({
|
|
name = string
|
|
is_superuser = optional(bool, false)
|
|
parent = optional(string, null)
|
|
attributes = optional(map(string), {})
|
|
}))
|
|
default = {}
|
|
}
|
|
|
|
variable "providers_saml" {
|
|
type = map(object({
|
|
name = string
|
|
authorization_flow = string
|
|
acs_url = string
|
|
issuer = optional(string, null)
|
|
sp_binding = optional(string, "post")
|
|
audience = optional(string, "")
|
|
name_id_mapping = optional(string, null)
|
|
signing_kp = optional(string, null)
|
|
}))
|
|
default = {}
|
|
}
|
|
|
|
variable "providers_oauth2" {
|
|
type = map(object({
|
|
name = string
|
|
authorization_flow = string
|
|
client_type = optional(string, "confidential")
|
|
client_id = optional(string, null)
|
|
client_secret = optional(string, null)
|
|
redirect_uris = optional(list(string), [])
|
|
property_mappings = optional(list(string), [])
|
|
signing_key = optional(string, null)
|
|
access_token_validity = optional(string, "minutes=5")
|
|
}))
|
|
default = {}
|
|
}
|
|
|
|
variable "providers_ldap" {
|
|
type = map(object({
|
|
name = string
|
|
authorization_flow = string
|
|
base_dn = string
|
|
bind_flow = optional(string, null)
|
|
search_group = optional(string, null)
|
|
certificate = optional(string, null)
|
|
tls_server_name = optional(string, null)
|
|
uid_start_number = optional(number, 2000)
|
|
gid_start_number = optional(number, 4000)
|
|
search_mode = optional(string, "cached")
|
|
bind_mode = optional(string, "cached")
|
|
mfa_support = optional(bool, true)
|
|
}))
|
|
default = {}
|
|
}
|