domain-incoming/share/division/groups.tf

locals {
  sorted-team-names = reverse(distinct(sort([
    for team in var.teams: team.name
  ])))
  sorted-teams = flatten([
    for name in local.sorted-team-names: [
      for team in var.teams:
        merge({
        "apps" = []
      }, team) if team.name == name
    ]
  ])
}

data "authentik_group" "parent" {
  name         = var.parent
}
resource "authentik_group" "division" {
  name         = "div-${var.instance}"
  parent       = data.authentik_group.parent.id
  attributes   = jsonencode({for app in var.apps: app => true})
}

resource "authentik_group" "teams" {
  count        = length(local.sorted-teams)
  name         = "team-${var.instance}-${local.sorted-teams[count.index].name}"
  parent       = authentik_group.division.id
  attributes   = jsonencode({for app in lookup(local.sorted-teams[count.index],"apps", []): app => true})
}