150 lines
3.3 KiB
HCL
150 lines
3.3 KiB
HCL
variable "name" {
|
|
description = "Name of the OAuth2 provider"
|
|
type = string
|
|
}
|
|
|
|
variable "app_name" {
|
|
description = "Name of the application"
|
|
type = string
|
|
}
|
|
|
|
variable "app_slug" {
|
|
description = "Slug of the application"
|
|
type = string
|
|
}
|
|
|
|
variable "app_group" {
|
|
description = "Group for the application"
|
|
type = string
|
|
default = ""
|
|
}
|
|
|
|
variable "client_id" {
|
|
description = "OAuth2 Client ID"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "client_secret" {
|
|
description = "OAuth2 Client Secret"
|
|
type = string
|
|
default = null
|
|
sensitive = true
|
|
}
|
|
|
|
variable "client_type" {
|
|
description = "OAuth2 Client type (confidential or public)"
|
|
type = string
|
|
default = "confidential"
|
|
|
|
validation {
|
|
condition = contains(["confidential", "public"], var.client_type)
|
|
error_message = "Client type must be either 'confidential' or 'public'."
|
|
}
|
|
}
|
|
|
|
variable "authorization_flow" {
|
|
description = "Authorization flow UUID"
|
|
type = string
|
|
}
|
|
|
|
variable "invalidation_flow" {
|
|
description = "Invalidation flow UUID"
|
|
type = string
|
|
}
|
|
|
|
variable "redirect_uris" {
|
|
description = "List of allowed redirect URIs"
|
|
type = list(string)
|
|
default = []
|
|
}
|
|
|
|
variable "access_code_validity" {
|
|
description = "Access code validity duration"
|
|
type = string
|
|
default = "minutes=1"
|
|
}
|
|
|
|
variable "access_token_validity" {
|
|
description = "Access token validity duration"
|
|
type = string
|
|
default = "minutes=5"
|
|
}
|
|
|
|
variable "refresh_token_validity" {
|
|
description = "Refresh token validity duration"
|
|
type = string
|
|
default = "days=30"
|
|
}
|
|
|
|
variable "include_claims_in_id_token" {
|
|
description = "Include claims in ID token"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "signing_key" {
|
|
description = "Signing key UUID"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "property_mappings" {
|
|
description = "List of property mapping UUIDs"
|
|
type = list(string)
|
|
default = []
|
|
}
|
|
|
|
variable "policy_engine_mode" {
|
|
description = "Policy engine mode"
|
|
type = string
|
|
default = "all"
|
|
|
|
validation {
|
|
condition = contains(["all", "any"], var.policy_engine_mode)
|
|
error_message = "Policy engine mode must be either 'all' or 'any'."
|
|
}
|
|
}
|
|
|
|
variable "meta_description" {
|
|
description = "Application meta description"
|
|
type = string
|
|
default = ""
|
|
}
|
|
|
|
variable "meta_launch_url" {
|
|
description = "Application launch URL"
|
|
type = string
|
|
default = ""
|
|
}
|
|
|
|
variable "meta_icon" {
|
|
description = "Application icon URL"
|
|
type = string
|
|
default = ""
|
|
}
|
|
|
|
variable "access_policies" {
|
|
description = "Access policies for the application"
|
|
type = map(object({
|
|
policy_id = string
|
|
order = number
|
|
enabled = optional(bool, true)
|
|
timeout = optional(number, 30)
|
|
negate = optional(bool, false)
|
|
failure_result = optional(bool, true)
|
|
}))
|
|
default = {}
|
|
}
|
|
|
|
variable "access_groups" {
|
|
description = "List of group IDs that have access to the application"
|
|
type = list(string)
|
|
default = []
|
|
}
|
|
|
|
variable "scope_mappings" {
|
|
description = "List of scope mappings for the OAuth provider"
|
|
type = list(string)
|
|
default = ["openid", "profile", "email"]
|
|
} |