137 lines
4.0 KiB
Terraform
137 lines
4.0 KiB
Terraform
|
variable "oauth_applications" {
|
||
|
description = "Map of OAuth2/OpenID applications"
|
||
|
type = map(object({
|
||
|
name = string
|
||
|
slug = string
|
||
|
group = optional(string, "")
|
||
|
policy_engine_mode = optional(string, "all")
|
||
|
meta_description = optional(string, "")
|
||
|
meta_launch_url = optional(string, "")
|
||
|
meta_icon = optional(string, "")
|
||
|
redirect_uris = list(string)
|
||
|
client_type = optional(string, "confidential")
|
||
|
client_id = optional(string, null)
|
||
|
include_claims_in_id_token = optional(bool, true)
|
||
|
access_code_validity = optional(string, "minutes=1")
|
||
|
access_token_validity = optional(string, "minutes=5")
|
||
|
refresh_token_validity = optional(string, "days=30")
|
||
|
property_mappings = optional(list(string), [])
|
||
|
authorization_flow = optional(string, null)
|
||
|
signing_key = optional(string, null)
|
||
|
outpost = optional(string, null)
|
||
|
}))
|
||
|
default = {}
|
||
|
}
|
||
|
|
||
|
variable "proxy_applications" {
|
||
|
description = "Map of Proxy applications"
|
||
|
type = map(object({
|
||
|
name = string
|
||
|
slug = string
|
||
|
group = optional(string, "")
|
||
|
policy_engine_mode = optional(string, "all")
|
||
|
meta_description = optional(string, "")
|
||
|
meta_launch_url = optional(string, "")
|
||
|
meta_icon = optional(string, "")
|
||
|
external_host = string
|
||
|
internal_host = optional(string, "")
|
||
|
internal_host_ssl_validation = optional(bool, true)
|
||
|
mode = optional(string, "proxy")
|
||
|
intercept_header_auth = optional(bool, false)
|
||
|
basic_auth_enabled = optional(bool, false)
|
||
|
basic_auth_username_attribute = optional(string, "")
|
||
|
basic_auth_password_attribute = optional(string, "")
|
||
|
cookie_domain = optional(string, "")
|
||
|
authorization_flow = optional(string, null)
|
||
|
skip_path_regex = optional(string, "")
|
||
|
outpost = optional(string, null)
|
||
|
}))
|
||
|
default = {}
|
||
|
}
|
||
|
|
||
|
variable "outposts" {
|
||
|
description = "Map of Outposts (only proxy type supported)"
|
||
|
type = map(object({
|
||
|
name = string
|
||
|
config = optional(map(any), {})
|
||
|
}))
|
||
|
default = {}
|
||
|
}
|
||
|
|
||
|
variable "flows" {
|
||
|
description = "Map of authentication flows"
|
||
|
type = map(object({
|
||
|
name = string
|
||
|
title = string
|
||
|
slug = string
|
||
|
designation = string
|
||
|
policy_engine_mode = optional(string, "all")
|
||
|
compatibility_mode = optional(bool, false)
|
||
|
layout = optional(string, "stacked")
|
||
|
denied_action = optional(string, "message_continue")
|
||
|
}))
|
||
|
default = {}
|
||
|
}
|
||
|
|
||
|
variable "groups" {
|
||
|
description = "Map of user groups"
|
||
|
type = map(object({
|
||
|
name = string
|
||
|
is_superuser = optional(bool, false)
|
||
|
parent = optional(string, null)
|
||
|
attributes = optional(map(any), {})
|
||
|
}))
|
||
|
default = {}
|
||
|
}
|
||
|
|
||
|
variable "certificates" {
|
||
|
description = "Map of certificates for HTTPS"
|
||
|
type = map(object({
|
||
|
name = string
|
||
|
certificate_data = string
|
||
|
key_data = string
|
||
|
managed = optional(string, null)
|
||
|
}))
|
||
|
default = {}
|
||
|
}
|
||
|
|
||
|
variable "property_mappings" {
|
||
|
description = "Custom property mappings for SAML/OAuth"
|
||
|
type = map(object({
|
||
|
name = string
|
||
|
expression = string
|
||
|
saml_name = optional(string, null)
|
||
|
oidc_scope = optional(string, null)
|
||
|
}))
|
||
|
default = {}
|
||
|
}
|
||
|
|
||
|
|
||
|
variable "default_authorization_flow" {
|
||
|
description = "Default authorization flow slug"
|
||
|
type = string
|
||
|
default = "default-provider-authorization-implicit-consent"
|
||
|
}
|
||
|
|
||
|
variable "default_authentication_flow" {
|
||
|
description = "Default authentication flow slug"
|
||
|
type = string
|
||
|
default = "default-authentication-flow"
|
||
|
}
|
||
|
|
||
|
variable "default_invalidation_flow" {
|
||
|
description = "Default invalidation flow slug"
|
||
|
type = string
|
||
|
default = "default-provider-invalidation-flow"
|
||
|
}
|
||
|
|
||
|
variable "tags" {
|
||
|
description = "Tags to apply to all resources"
|
||
|
type = map(string)
|
||
|
default = {}
|
||
|
}
|
||
|
|
||
|
variable "authentik_url" {
|
||
|
description = "Authentik URL"
|
||
|
type = string
|
||
|
}
|