helm-charts/authentik-application/files/provider/ldap.yaml.gotmpl

{{- $name := include "authentik-application.fullname" .root }}
{{- $token := get . "ldapToken" }}

{{- with get . "root" }}

- model: authentik_providers_ldap.LDAPProvider
  id: provider
  identifiers:
    name: {{ .Values.blueprint.provider.name | default $name }}
  state: present
  attrs:
    base_dn: "DC=ldap,DC=goauthentik,DC=io"
    bind_mode: "direct"
    search_mode: "direct"
    mfa_support: False
    authorization_flow: !Find [authentik_flows.flow, [slug, default-authentication-flow]]
    invalidation_flow: !Find [authentik_flows.flow, [slug, default-invalidation-flow]]

- model: authentik_core.user
  id: outpost-user
  state: present
  identifiers:
    username: {{ printf "outpost-user-%s" $name | quote }}
  attrs:
    username: {{ printf "outpost-user-%s" $name | quote }}
    type: "service_account"
    name: {{ printf "Outpost %s Service-Account" $name | quote }}
    path: "goauthentik.io/outposts"

{{/*
- model: authentik_core.Token
  id: outpost-token
  identifiers:
    identifier: {{ printf "outpost-token-%s-api" $name | quote }}
  state: present
  attrs:
    identifier: {{ printf "outpost-token-%s-api" $name | quote }}
    intent: "api"
    user: !KeyOf outpost-user
    description: {{ printf "Autogenerated by authentik for Outpost %s" $name | quote }}
    key: {{ $token | quote }}
    expiring: False
*/}}

- model: authentik_outposts.Outpost
  id: outpost
  identifiers:
    name: {{ .Values.blueprint.provider.name | default (include "authentik-application.fullname" .) }}
  state: present
  attrs:
    type: ldap
    providers:
      - !KeyOf provider
    config:
      authentik_host: {{ .Values.blueprint.authentik.domain | quote }}
      authentik_host_insecure: False
    user: !KeyOf "outpost-user"
{{/*
    token: !KeyOf "outpost-token"

or:

- model: UserObjectPermission
  identifiers:
    user: !KeyOf "outpost-user"
    content_type: "authentik_outposts.outpost"
  state: present
  attrs:
    user: !KeyOf "outpost-user"
    content_type: "authentik_outposts.outpost"
    object_pk: !KeyOf "outpost"
    permission: "view_outpost"
*/}}
{{- end }}{{/* end with of get-root */}}
feat(authentik-application): add ldap support - WIP 2024-12-04 16:54:29 +01:00			`{{- $name := include "authentik-application.fullname" .root }}`
			`{{- $token := get . "ldapToken" }}`

			`{{- with get . "root" }}`

			`- model: authentik_providers_ldap.LDAPProvider`
			`id: provider`
			`identifiers:`
			`name: {{ .Values.blueprint.provider.name \| default $name }}`
			`state: present`
			`attrs:`
			`base_dn: "DC=ldap,DC=goauthentik,DC=io"`
			`bind_mode: "direct"`
			`search_mode: "direct"`
			`mfa_support: False`
			`authorization_flow: !Find [authentik_flows.flow, [slug, default-authentication-flow]]`
			`invalidation_flow: !Find [authentik_flows.flow, [slug, default-invalidation-flow]]`

			`- model: authentik_core.user`
			`id: outpost-user`
			`state: present`
			`identifiers:`
			`username: {{ printf "outpost-user-%s" $name \| quote }}`
			`attrs:`
			`username: {{ printf "outpost-user-%s" $name \| quote }}`
			`type: "service_account"`
			`name: {{ printf "Outpost %s Service-Account" $name \| quote }}`
			`path: "goauthentik.io/outposts"`

			`{{/*`
			`- model: authentik_core.Token`
			`id: outpost-token`
			`identifiers:`
			`identifier: {{ printf "outpost-token-%s-api" $name \| quote }}`
			`state: present`
			`attrs:`
			`identifier: {{ printf "outpost-token-%s-api" $name \| quote }}`
			`intent: "api"`
			`user: !KeyOf outpost-user`
			`description: {{ printf "Autogenerated by authentik for Outpost %s" $name \| quote }}`
			`key: {{ $token \| quote }}`
			`expiring: False`
			`*/}}`

			`- model: authentik_outposts.Outpost`
			`id: outpost`
			`identifiers:`
			`name: {{ .Values.blueprint.provider.name \| default (include "authentik-application.fullname" .) }}`
			`state: present`
			`attrs:`
			`type: ldap`
			`providers:`
			`- !KeyOf provider`
			`config:`
			`authentik_host: {{ .Values.blueprint.authentik.domain \| quote }}`
			`authentik_host_insecure: False`
			`user: !KeyOf "outpost-user"`
			`{{/*`
			`token: !KeyOf "outpost-token"`

			`or:`

			`- model: UserObjectPermission`
			`identifiers:`
			`user: !KeyOf "outpost-user"`
			`content_type: "authentik_outposts.outpost"`
			`state: present`
			`attrs:`
			`user: !KeyOf "outpost-user"`
			`content_type: "authentik_outposts.outpost"`
			`object_pk: !KeyOf "outpost"`
			`permission: "view_outpost"`
			`*/}}`
			`{{- end }}{{/* end with of get-root */}}`