unkinben 8aa2273dcf
ci/woodpecker/pr/plan Pipeline failed
ci/woodpecker/pr/pre-commit Pipeline was successful
Fix provider schema for goauthentik/authentik 2026.5.0
- group: parent → parents (list)
- saml/oauth2: add required invalidation_flow
- oauth2: remove redirect_uris (use allowed_redirect_uris via config)
- ldap: replace authorization_flow/search_group with bind_flow/unbind_flow
- Add versions.tf with required_providers block
- Remove service_connection from outpost (auto-discovered)
2026-06-28 12:04:19 +10:00
2026-06-28 11:55:26 +10:00
2026-06-28 11:55:26 +10:00
2026-06-28 11:55:26 +10:00
2026-06-28 11:55:26 +10:00
2026-06-28 11:55:26 +10:00
2026-06-28 11:55:26 +10:00
2026-06-28 11:55:26 +10:00

terraform-authentik

Terraform configuration for managing the Authentik identity provider at identity.unkin.net.

Managed Resources

  • Groups — roles and group hierarchy (users are invited manually)
  • SAML providers — SAML application integrations
  • OAuth2/OIDC providers — OAuth2 and OpenID Connect integrations
  • LDAP providers — LDAP provider and outpost configuration
  • Applications — application definitions linked to providers

Configuration

Resources are defined as YAML files under config/:

config/
├── groups/              # Group definitions
├── providers_saml/      # SAML provider definitions
├── providers_oauth2/    # OAuth2/OIDC provider definitions
└── providers_ldap/      # LDAP provider definitions

Usage

make plan     # init + plan
make apply    # init + plan + apply
make format   # format all .tf and .hcl files

Authentication

Set VAULT_ROLEID for local AppRole auth, or VAULT_AUTH_METHOD=kubernetes for CI.

S
Description
Terraform configuration for managing Authentik identity provider
Readme 37 KiB