helm-charts/authentik-application/files/provider/ldap.yaml.gotmpl

{{- $name := include "authentik-application.fullname" .root }}
{{- $token := get . "ldapToken" }}

{{- with get . "root" }}

- model: authentik_providers_ldap.LDAPProvider
  id: provider
  identifiers:
    name: {{ .Values.blueprint.provider.name | default $name }}
  state: present
  attrs:
    base_dn: "DC=ldap,DC=goauthentik,DC=io"
    bind_mode: "direct"
    search_mode: "direct"
    mfa_support: False
    authorization_flow: !Find [authentik_flows.flow, [slug, default-authentication-flow]]
    invalidation_flow: !Find [authentik_flows.flow, [slug, default-invalidation-flow]]

- model: authentik_core.user
  id: outpost-user
  state: present
  identifiers:
    username: {{ printf "outpost-user-%s" $name | quote }}
  attrs:
    username: {{ printf "outpost-user-%s" $name | quote }}
    type: "service_account"
    name: {{ printf "Outpost %s Service-Account" $name | quote }}
    path: "goauthentik.io/outposts"

{{/*
- model: authentik_core.Token
  id: outpost-token
  identifiers:
    identifier: {{ printf "outpost-token-%s-api" $name | quote }}
  state: present
  attrs:
    identifier: {{ printf "outpost-token-%s-api" $name | quote }}
    intent: "api"
    user: !KeyOf outpost-user
    description: {{ printf "Autogenerated by authentik for Outpost %s" $name | quote }}
    key: {{ $token | quote }}
    expiring: False
*/}}

- model: authentik_outposts.Outpost
  id: outpost
  identifiers:
    name: {{ .Values.blueprint.provider.name | default (include "authentik-application.fullname" .) }}
  state: present
  attrs:
    type: ldap
    providers:
      - !KeyOf provider
    config:
      authentik_host: {{ .Values.blueprint.authentik.domain | quote }}
      authentik_host_insecure: False
    user: !KeyOf "outpost-user"
{{/*
    token: !KeyOf "outpost-token"

or:

- model: UserObjectPermission
  identifiers:
    user: !KeyOf "outpost-user"
    content_type: "authentik_outposts.outpost"
  state: present
  attrs:
    user: !KeyOf "outpost-user"
    content_type: "authentik_outposts.outpost"
    object_pk: !KeyOf "outpost"
    permission: "view_outpost"
*/}}
{{- end }}{{/* end with of get-root */}}