benschubert.infrastructure

benschubert.infrastructure.authentik_policy_binding module – Allow administration of policy bindings in Authentik

Note

This module is part of the benschubert.infrastructure collection (version 0.0.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install benschubert.infrastructure.

To use it in a playbook, specify: benschubert.infrastructure.authentik_policy_binding.

Synopsis 

This module allows the administration of Policy bindings via the Authentik API
See https://docs.goauthentik.io/docs/customize/policies/working_with_policies/

Parameters 

Parameter	Comments
authentik_token string / required	The token used to authenticate against the Authentik server
authentik_url string / required	The URL at which to contact the Authentik server
binding dictionary / required	The configuration for the binding At least one of `group`, `policy` or `user` needs to be provided
enabled boolean	Whether the policy is enabled or not Choices: `false` `true` ← (default)
failure_result boolean	The result if the policy execution fails Choices: `false` ← (default) `true`
group string	The pk of the group to allow/deny access to the given flow or application
negate boolean	Negates the outcome of the policy Choices: `false` ← (default) `true`
order integer / required	The place in the list of policies bindings where this needs to be evaluated
policy string	The policy to bind against the target
target string / required	The pk of the flow or application against which the policy must be bound
user string	The pk of the user to allow/deny access to the given flow or application
ca_path string	PEM formatted file that contains a CA certificate to be used for validation
state string	Whether the entity should exist or not Choices: `"present"` ← (default) `"absent"`
timeout integer	The timeout to set when contacting the Authentik Server. If your server is slow to respond, it might be necessary to bump this Default: `10`
validate_certs boolean	If false, SSL certificates will not be validated. This should only set to false used on personally controlled sites using self-signed certificates. Choices: `false` `true` ← (default)

Examples 

- name: Restrict access to app {{ app }} to group {{ group }}
  benschubert.infrastructure.policy_binding:
    authentik_token: <my-secret-token>
    authentik_url: https://authentik.test
    binding:
      group: "{{ group.pk }}"
      order: 0
      target: "{{ app.pk }}"

- name: Forbid access to app {{ app }} from user {{ user }}
  benschubert.infrastructure.policy_binding:
    authentik_token: <my-secret-token>
    authentik_url: https://authentik.test
    binding:
      negate: true
      order: 0
      user: "{{ user.pk }}"
      target: "{{ app.pk }}"

- name: Bind the policy {{ policy }} to the flow {{ flow }}
  benschubert.infrastructure.policy_binding:
    authentik_token: <my-secret-token>
    authentik_url: https://authentik.test
    binding:
      order: 0
      policy: "{{ policy.pk }}"
      target: "{{ flow.pk }}"

Authors

Benjamin Schubert (@benjaminschubert)

Collection links