benschubert.infrastructure.authentik_provider_proxy module – Allows administration of Authentik proxy providers

Note

This module is part of the benschubert.infrastructure collection (version 0.0.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install benschubert.infrastructure.

To use it in a playbook, specify: benschubert.infrastructure.authentik_provider_proxy.

Synopsis

Parameters

Parameter

Comments

authentik_token

string / required

The token used to authenticate against the Authentik server

authentik_url

string / required

The URL at which to contact the Authentik server

ca_path

string

PEM formatted file that contains a CA certificate to be used for validation

provider

dictionary / required

The configuration for the specified provider

authorization_flow

string / required

The slug for the authorization flow used to authorize connecting to the connected application

external_host

string / required

The URL at which the protected application will be hosted

invalidation_flow

string / required

The slug for the invalidation flow used to invalidate a session

mode

string / required

The mode with which the provider operates

Choices:

  • "forward_single"

name

string / required

The name to give to the provider

state

string

Whether the entity should exist or not

Choices:

  • "present" ← (default)

  • "absent"

timeout

integer

The timeout to set when contacting the Authentik Server.

If your server is slow to respond, it might be necessary to bump this

Default: 10

validate_certs

boolean

If false, SSL certificates will not be validated.

This should only set to false used on personally controlled sites using self-signed certificates.

Choices:

  • false

  • true ← (default)

Examples

- name: Configure a provider for Traefik's dashboard
  benschubert.infrastructure.authentik_provider_proxy:
    authentik_token: <my-secret-token>
    authentik_url: https://authentik.test/
    provider:
      name: traefik-provider
      authorization_flow: only-admin-authorization
      external_host: https://traefik.test
      mode: forward_single

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

data

dictionary

The information returned by the Authentik API

Returned: always

Sample: {"access_token_validity": "hours=1", "assigned_application_name": "<my application>", "assigned_application_slug": "<my application slug>", "authentication_flow": null, "authorization_flow": "8ac6d32e-d6d7-487a-9262-3d16e121ad9f", "basic_auth_enabled": false, "basic_auth_password_attribute": "", "basic_auth_user_attribute": "", "certificate": null, "client_id": "pI0UYHcvqYS2JPRvOO3KhSEeP2d0q6hnS5NJmbho", "component": "ak-provider-proxy-form", "cookie_domain": "", "external_host": "https://traefik.test", "intercept_header_auth": true, "internal_host": "", "internal_host_ssl_validation": true, "jwks_sources": [], "meta_model_name": "authentik_providers_proxy.proxyprovider", "mode": "forward_single", "name": "Traefik's dashboard", "outpost_set": ["Outpost authentik Embedded Outpost"], "pk": 1, "property_mappings": ["04ff5c23-0913-44c4-b256-9e062f5a8f72", "bccf1bab-e50f-41fa-89b0-9624ae58e1e5", "270683ab-b0be-4aa0-b68c-91846ba6256f", "30e8959e-d2b4-41c5-a1d6-72c1a4742926"], "refresh_token_validity": "days=30", "skip_path_regex": "", "verbose_name": "Proxy Provider", "verbose_name_plural": "Proxy Providers"}

Authors

  • Benjamin Schubert (@benjaminschubert)