feat: add ability to provision local users using blueprints
This commit is contained in:
parent
359622d17a
commit
d800d43c71
GPG key ID:
C1E0AB516AC16D1A
3 changed files with 56 additions and 0 deletions
|
|
@ -98,3 +98,16 @@ authentik_entra_sources: []
|
||||||
authentik_login_source_ids: []
|
authentik_login_source_ids: []
|
||||||
# - "source-entra-entra-id"
|
# - "source-entra-entra-id"
|
||||||
authentik_identification_stage_name: default-authentication-identification
|
authentik_identification_stage_name: default-authentication-identification
|
||||||
|
|
||||||
|
# Local users to provision
|
||||||
|
authentik_local_users: []
|
||||||
|
# - username: admin
|
||||||
|
# name: "Admin User"
|
||||||
|
# email: "admin@example.com"
|
||||||
|
# password_env: AUTHENTIK_ADMIN_PASSWORD # reference env var in authentik_blueprint_env
|
||||||
|
# is_active: true
|
||||||
|
# groups:
|
||||||
|
# - authentik Admins
|
||||||
|
# attributes:
|
||||||
|
# settings:
|
||||||
|
# locale: en
|
||||||
|
|
|
||||||
|
|
@ -77,6 +77,14 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
register: login_bp
|
register: login_bp
|
||||||
|
|
||||||
|
- name: Render local users blueprint
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: blueprints/blueprint-local-users.yaml.j2
|
||||||
|
dest: "{{ authentik_docker_volume_dir }}/blueprints/05-local-users.yaml"
|
||||||
|
mode: "0644"
|
||||||
|
when: authentik_local_users | length > 0
|
||||||
|
register: local_users_bp
|
||||||
|
|
||||||
- name: Create docker-compose file for authentik
|
- name: Create docker-compose file for authentik
|
||||||
template:
|
template:
|
||||||
src: docker-compose.yml.j2
|
src: docker-compose.yml.j2
|
||||||
|
|
@ -95,5 +103,6 @@
|
||||||
or (outpost_bp is defined and (outpost_bp.results | selectattr('changed') | list | length > 0))
|
or (outpost_bp is defined and (outpost_bp.results | selectattr('changed') | list | length > 0))
|
||||||
or (entra_bp is defined and (entra_bp.results | selectattr('changed') | list | length > 0))
|
or (entra_bp is defined and (entra_bp.results | selectattr('changed') | list | length > 0))
|
||||||
or (login_bp is defined and login_bp.changed)
|
or (login_bp is defined and login_bp.changed)
|
||||||
|
or (local_users_bp.changed | default(false))
|
||||||
) | ternary('always','auto')
|
) | ternary('always','auto')
|
||||||
}}
|
}}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,34 @@
|
||||||
|
# yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json
|
||||||
|
version: 1
|
||||||
|
metadata:
|
||||||
|
name: "local-users"
|
||||||
|
labels:
|
||||||
|
blueprints.goauthentik.io/instantiate: "true"
|
||||||
|
blueprints.goauthentik.io/description: "Local user accounts"
|
||||||
|
|
||||||
|
entries:
|
||||||
|
{% for user in authentik_local_users %}
|
||||||
|
- model: authentik_core.user
|
||||||
|
id: user-{{ user.username }}
|
||||||
|
identifiers:
|
||||||
|
username: {{ user.username }}
|
||||||
|
attrs:
|
||||||
|
username: {{ user.username }}
|
||||||
|
name: "{{ user.name | default(user.username) }}"
|
||||||
|
email: "{{ user.email | default('') }}"
|
||||||
|
is_active: {{ user.is_active | default(true) | lower }}
|
||||||
|
{% if user.password_env is defined %}
|
||||||
|
password: !Env {{ user.password_env }}
|
||||||
|
{% endif %}
|
||||||
|
{% if user.groups is defined and user.groups | length > 0 %}
|
||||||
|
groups:
|
||||||
|
{% for group in user.groups %}
|
||||||
|
- !Find [authentik_core.group, [name, {{ group }}]]
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% if user.attributes is defined %}
|
||||||
|
attributes:
|
||||||
|
{{ user.attributes | to_nice_yaml(indent=2) | indent(8, first=true) }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% endfor %}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue