infrastructure/modules/services/authentik.tf

34 lines
1.2 KiB
Terraform
Raw Normal View History

2024-09-28 12:14:09 +00:00
data "authentik_flow" "default_authorization_flow" {
slug = "default-provider-authorization-implicit-consent"
}
data "authentik_certificate_key_pair" "default" {
name = "auth.serguzim.me"
}
2024-09-28 12:14:09 +00:00
data "authentik_property_mapping_provider_scope" "default_scopes" {
managed_list = [
"goauthentik.io/providers/oauth2/scope-email",
"goauthentik.io/providers/oauth2/scope-openid",
"goauthentik.io/providers/oauth2/scope-profile"
]
}
resource "authentik_provider_oauth2" "service_providers" {
2024-09-28 16:24:07 +00:00
for_each = local.services_auth
2024-09-28 12:14:09 +00:00
name = each.value.name
client_type = "confidential"
client_id = each.value.name
authorization_flow = data.authentik_flow.default_authorization_flow.id
redirect_uris = each.value.auth_redirects
property_mappings = data.authentik_property_mapping_provider_scope.default_scopes.ids
signing_key = data.authentik_certificate_key_pair.default.id
2024-09-28 12:14:09 +00:00
}
resource "authentik_application" "service_applications" {
2024-09-28 16:24:07 +00:00
for_each = local.services_auth
2024-09-28 12:14:09 +00:00
name = each.value.name
slug = "${each.value.subdomain}-serguzim-me"
protocol_provider = authentik_provider_oauth2.service_providers[each.key].id
}