Added authentik terraform

terraform/authentik/modules/oauth-provider/main.tf

@@ -0,0 +1,59 @@
+terraform {
+  required_providers {
+    authentik = {
+      source  = "goauthentik/authentik"
+      version = ">= 2023.10.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3.5.0"
+    }
+  }
+}
+
+resource "random_password" "client_secret" {
+  count   = var.client_secret == null ? 1 : 0
+  length  = 40
+  special = true
+}
+
+resource "authentik_provider_oauth2" "provider" {
+  name                       = var.name
+  client_id                  = var.client_id != null ? var.client_id : random_id.client_id[0].hex
+  client_secret              = var.client_secret != null ? var.client_secret : random_password.client_secret[0].result
+  client_type                = var.client_type
+  authorization_flow         = var.authorization_flow
+  invalidation_flow          = var.invalidation_flow
+  include_claims_in_id_token = var.include_claims_in_id_token
+  
+  property_mappings         = var.property_mappings
+}
+
+resource "random_id" "client_id" {
+  count       = var.client_id == null ? 1 : 0
+  byte_length = 20
+}
+
+resource "authentik_application" "app" {
+  name                = var.app_name
+  slug                = var.app_slug
+  protocol_provider   = authentik_provider_oauth2.provider.id
+  group              = var.app_group
+  policy_engine_mode = var.policy_engine_mode
+  meta_description   = var.meta_description
+  meta_launch_url    = var.meta_launch_url
+  meta_icon          = var.meta_icon
+}
+
+resource "authentik_policy_binding" "app_access" {
+  for_each = var.access_policies
+
+  target = authentik_application.app.id
+  policy = each.value.policy_id
+  order  = each.value.order
+  
+  enabled    = lookup(each.value, "enabled", true)
+  timeout    = lookup(each.value, "timeout", 30)
+  negate     = lookup(each.value, "negate", false)
+  failure_result = lookup(each.value, "failure_result", true)
+}