forked from catalin/fukuops
59 lines
1.8 KiB
HCL
59 lines
1.8 KiB
HCL
terraform {
|
|
required_version = ">= 1.6"
|
|
required_providers {
|
|
authentik = {
|
|
source = "goauthentik/authentik"
|
|
version = "2024.8.2"
|
|
}
|
|
}
|
|
}
|
|
|
|
data "authentik_flow" "default-authorization-flow" {
|
|
slug = "default-provider-authorization-implicit-consent"
|
|
}
|
|
|
|
data "authentik_flow" "default-authentication-flow" {
|
|
slug = "default-authentication-flow"
|
|
}
|
|
|
|
|
|
data "authentik_property_mapping_provider_scope" "default-scopes" {
|
|
managed_list = [
|
|
"goauthentik.io/providers/oauth2/scope-email",
|
|
"goauthentik.io/providers/oauth2/scope-openid",
|
|
"goauthentik.io/providers/oauth2/scope-profile",
|
|
"goauthentik.io/providers/oauth2/scope-offline_access",
|
|
]
|
|
}
|
|
|
|
|
|
resource "authentik_provider_oauth2" "provider_oidc" {
|
|
name = var.app_name
|
|
client_id = var.client_id
|
|
client_secret = var.client_secret
|
|
authorization_flow = data.authentik_flow.default-authorization-flow.id
|
|
authentication_flow = data.authentik_flow.default-authentication-flow.id
|
|
redirect_uris = var.redirect_uris
|
|
property_mappings = data.authentik_property_mapping_provider_scope.default-scopes.ids
|
|
sub_mode = var.sub_mode
|
|
signing_key = var.oidc_signing_key
|
|
}
|
|
|
|
|
|
resource "authentik_application" "app" {
|
|
name = var.app_name
|
|
slug = var.app_slug
|
|
protocol_provider = authentik_provider_oauth2.provider_oidc.id
|
|
open_in_new_tab = var.open_in_new_tab
|
|
meta_icon = var.app_icon
|
|
meta_description = var.app_description
|
|
meta_publisher = var.app_publisher
|
|
meta_launch_url = var.app_url
|
|
}
|
|
|
|
resource "authentik_policy_binding" "app_access" {
|
|
target = authentik_application.app.uuid
|
|
group = var.app_access_group_id
|
|
order = 0
|
|
count = var.app_access_group_id != "" ? 1 : 0 # only add it if the group's name exists
|
|
}
|