feat: add blueprints for authentik ldap outpost and render values directly instead of using env vars

Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-04-10 13:50:32 +02:00 · 2026-04-10 13:50:32 +02:00 · e819770415
commit e819770415
parent d25f1c5304
11 changed files with 312 additions and 53 deletions
--- a/roles/authentik/templates/blueprints/blueprint-local-users.yaml.j2
+++ b/roles/authentik/templates/blueprints/blueprint-local-users.yaml.j2
@ -4,9 +4,24 @@ metadata:
  name: "local-users"
  labels:
    blueprints.goauthentik.io/instantiate: "true"
-    blueprints.goauthentik.io/description: "Local user accounts"
+    blueprints.goauthentik.io/description: "Local groups and user accounts"

 entries:
+{% for group in authentik_groups %}
+  - model: authentik_core.group
+    id: group-{{ group.name | regex_replace('[^a-zA-Z0-9]', '-') }}
+    identifiers:
+      name: {{ group.name }}
+    attrs:
+      name: {{ group.name }}
+{% if group.is_superuser is defined %}
+      is_superuser: {{ group.is_superuser | lower }}
+{% endif %}
+{% if group.parent is defined and group.parent %}
+      parent: !Find [authentik_core.group, [name, {{ group.parent }}]]
+{% endif %}
+
+{% endfor %}
 {% for user in authentik_local_users %}
  - model: authentik_core.user
    id: user-{{ user.username }}
@ -17,8 +32,8 @@ entries:
      name: "{{ user.name | default(user.username) }}"
      email: "{{ user.email | default('') }}"
      is_active: {{ user.is_active | default(true) | lower }}
-{% if user.password_env is defined %}
-      password: !Env {{ user.password_env }}
+{% if user.password is defined %}
+      password: "{{ user.password }}"
 {% endif %}
 {% if user.groups is defined and user.groups | length > 0 %}
      groups: