data "authentik_property_mapping_scim" "user" {
  managed = "goauthentik.io/providers/scim/user"
}

data "authentik_property_mapping_scim" "group" {
  managed = "goauthentik.io/providers/scim/group"
}

resource "authentik_provider_scim" "scim" {
  name                    = "${var.component}-${var.instance}-scim"
  url                     = "http://${var.instance}-scimgateway.${var.namespace}.svc.cluster.local/scim"
  token                   = local.secrets.authentik
  property_mappings       = [data.authentik_property_mapping_scim.user.id]
  property_mappings_group = [data.authentik_property_mapping_scim.group.id]
}

provider "restapi" {
  uri = "http://authentik.${var.domain}-auth.svc/api/v3/"
  headers = local.request_headers
  create_method = "PATCH"
  update_method = "PATCH"
  destroy_method = "PATCH"
  write_returns_object = true
  id_attribute = "name"
}

resource "restapi_object" "ldap_outpost_binding" {
  path = "/providers/scim/${authentik_provider_scim.scim.id}/"
  data = jsonencode({
    name = authentik_provider_scim.scim.name
    exclude_users_service_account = true
    filter_group = authentik_group.groups.id
  })
}