50 lines
1.6 KiB
HCL
50 lines
1.6 KiB
HCL
terraform {
|
|
required_version = ">= 1.6"
|
|
required_providers {
|
|
authentik = {
|
|
source = "goauthentik/authentik"
|
|
version = "2025.8.1"
|
|
}
|
|
}
|
|
}
|
|
|
|
data "authentik_flow" "default-authorization-flow" {
|
|
slug = "default-provider-authorization-implicit-consent"
|
|
}
|
|
|
|
data "authentik_flow" "default-authentication-flow" {
|
|
slug = "default-authentication-flow"
|
|
}
|
|
|
|
data "authentik_flow" "default-provider-invalidation-flow" {
|
|
slug = "default-provider-invalidation-flow "
|
|
}
|
|
|
|
resource "authentik_provider_proxy" "provider_proxy" {
|
|
authorization_flow = data.authentik_flow.default-authorization-flow.id
|
|
authentication_flow = data.authentik_flow.default-authentication-flow.id
|
|
external_host = var.app_url
|
|
internal_host = var.internal_host
|
|
name = var.app_name
|
|
internal_host_ssl_validation = var.internal_host_ssl_validation
|
|
invalidation_flow = data.authentik_flow.default-provider-invalidation-flow.id
|
|
}
|
|
|
|
|
|
resource "authentik_application" "app" {
|
|
name = var.app_name
|
|
slug = var.app_slug
|
|
protocol_provider = authentik_provider_proxy.provider_proxy.id
|
|
open_in_new_tab = var.open_in_new_tab
|
|
meta_icon = var.app_icon
|
|
meta_description = var.app_description
|
|
meta_publisher = var.app_publisher
|
|
meta_launch_url = var.app_url
|
|
}
|
|
|
|
resource "authentik_policy_binding" "app_access" {
|
|
target = authentik_application.app.uuid
|
|
group = var.app_access_group_id
|
|
order = 0
|
|
count = var.app_access_group_id != "" ? 1 : 0 # only add it if the group's name exists
|
|
}
|