ab/homelab
1
0
Fork 1
Code Pull Requests Actions Packages Wiki Activity

Added authentik terraform

Browse Source
This commit is contained in:
AB
2025-09-15 21:42:01 +03:00
parent 9b7f953bd3
commit 00cbd8830b
13 changed files with 971 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
terraform/authentik/variables.tf Normal file
View File

@@ -0,0 +1,137 @@
variable "oauth_applications" {
description = "Map of OAuth2/OpenID applications"
type = map(object({
name = string
slug = string
group = optional(string, "")
policy_engine_mode = optional(string, "all")
meta_description = optional(string, "")
meta_launch_url = optional(string, "")
meta_icon = optional(string, "")
redirect_uris = list(string)
client_type = optional(string, "confidential")
client_id = optional(string, null)
include_claims_in_id_token = optional(bool, true)
access_code_validity = optional(string, "minutes=1")
access_token_validity = optional(string, "minutes=5")
refresh_token_validity = optional(string, "days=30")
property_mappings = optional(list(string), [])
authorization_flow = optional(string, null)
signing_key = optional(string, null)
outpost = optional(string, null)
}))
default = {}
}
variable "proxy_applications" {
description = "Map of Proxy applications"
type = map(object({
name = string
slug = string
group = optional(string, "")
policy_engine_mode = optional(string, "all")
meta_description = optional(string, "")
meta_launch_url = optional(string, "")
meta_icon = optional(string, "")
external_host = string
internal_host = optional(string, "")
internal_host_ssl_validation = optional(bool, true)
mode = optional(string, "proxy")
intercept_header_auth = optional(bool, false)
basic_auth_enabled = optional(bool, false)
basic_auth_username_attribute = optional(string, "")
basic_auth_password_attribute = optional(string, "")
cookie_domain = optional(string, "")
authorization_flow = optional(string, null)
skip_path_regex = optional(string, "")
outpost = optional(string, null)
}))
default = {}
}
variable "outposts" {
description = "Map of Outposts (only proxy type supported)"
type = map(object({
name = string
config = optional(map(any), {})
}))
default = {}
}
variable "flows" {
description = "Map of authentication flows"
type = map(object({
name = string
title = string
slug = string
designation = string
policy_engine_mode = optional(string, "all")
compatibility_mode = optional(bool, false)
layout = optional(string, "stacked")
denied_action = optional(string, "message_continue")
}))
default = {}
}
variable "groups" {
description = "Map of user groups"
type = map(object({
name = string
is_superuser = optional(bool, false)
parent = optional(string, null)
attributes = optional(map(any), {})
}))
default = {}
}
variable "certificates" {
description = "Map of certificates for HTTPS"
type = map(object({
name = string
certificate_data = string
key_data = string
managed = optional(string, null)
}))
default = {}
}
variable "property_mappings" {
description = "Custom property mappings for SAML/OAuth"
type = map(object({
name = string
expression = string
saml_name = optional(string, null)
oidc_scope = optional(string, null)
}))
default = {}
}
variable "default_authorization_flow" {
description = "Default authorization flow slug"
type = string
default = "default-provider-authorization-implicit-consent"
}
variable "default_authentication_flow" {
description = "Default authentication flow slug"
type = string
default = "default-authentication-flow"
}
variable "default_invalidation_flow" {
description = "Default invalidation flow slug"
type = string
default = "default-provider-invalidation-flow"
}
variable "tags" {
description = "Tags to apply to all resources"
type = map(string)
default = {}
}
variable "authentik_url" {
description = "Authentik URL"
type = string
}