adding authentik app

authentik_applications/grafana.tf

@@ -0,0 +1,61 @@
+data "authentik_flow" "default-provider-authorization-implicit-consent" {
+  slug = "default-provider-authorization-implicit-consent"
+}
+
+data "authentik_flow" "default-provider-invalidation-flow" {
+  slug = "default-provider-invalidation-flow"
+}
+
+data "authentik_property_mapping_provider_scope" "scope-email" {
+  name = "authentik default OAuth Mapping: OpenID 'email'"
+}
+
+data "authentik_property_mapping_provider_scope" "scope-profile" {
+  name = "authentik default OAuth Mapping: OpenID 'profile'"
+}
+
+data "authentik_property_mapping_provider_scope" "scope-openid" {
+  name = "authentik default OAuth Mapping: OpenID 'openid'"
+}
+
+resource "authentik_provider_oauth2" "grafana" {
+  name          = "Grafana"
+  client_id     = var.grafana_client_id
+
+  client_secret = var.grafana_client_secret
+
+  authorization_flow  = data.authentik_flow.default-provider-authorization-implicit-consent.id
+
+  invalidation_flow = data.authentik_flow.default-provider-invalidation-flow.id
+
+  allowed_redirect_uris = [
+    {
+      matching_mode = "strict",
+      url           = var.grafana_allowed_redirect_uris,
+    }
+  ]
+
+  property_mappings = [
+    data.authentik_property_mapping_provider_scope.scope-email.id,
+    data.authentik_property_mapping_provider_scope.scope-profile.id,
+    data.authentik_property_mapping_provider_scope.scope-openid.id,
+  ]
+}
+
+resource "authentik_application" "grafana" {
+  name              = "Grafana"
+  slug              = "grafana"
+  protocol_provider = authentik_provider_oauth2.grafana.id
+}
+
+resource "authentik_group" "grafana_admins" {
+  name    = "Grafana Admins"
+}
+
+resource "authentik_group" "grafana_editors" {
+  name    = "Grafana Editors"
+}
+
+resource "authentik_group" "grafana_viewers" {
+  name    = "Grafana Viewers"
+}

authentik_applications/main.tf

@@ -0,0 +1,17 @@
+terraform {
+  required_version = ">=1.3.0"
+
+  required_providers {
+    authentik = {
+      source = "goauthentik/authentik"
+      version = "2024.10.2"
+    }
+  }
+}
+
+provider "authentik" {
+  url   = var.authentik_url
+  token = var.token
+  # Optionally set insecure to ignore TLS Certificates
+  insecure = true
+}

authentik_applications/variables.tf

@@ -0,0 +1,20 @@
+variable "token" {
+  type        = string
+  description = "Secret key for Authentik prd"
+}
+
+variable "grafana_client_id" {
+  type = string
+}
+
+variable "grafana_client_secret" {
+  type = string
+}
+
+variable "authentik_url" {
+  type = string
+}
+
+variable "grafana_allowed_redirect_uris" {
+  type = string
+}