37 lines
1.2 KiB
YAML
37 lines
1.2 KiB
YAML
# Ultimail — claim OIDC `groups` pour RBAC backend (contacts, calendar, drive, photos)
|
|
version: 1
|
|
metadata:
|
|
name: Ultimail suite groups
|
|
labels:
|
|
blueprints.goauthentik.io/instantiate: "true"
|
|
entries:
|
|
- model: authentik_providers_oauth2.scopemapping
|
|
id: ulti-suite-groups-mapping
|
|
identifiers:
|
|
name: ulti-suite-groups
|
|
attrs:
|
|
name: ulti-suite-groups
|
|
scope_name: profile
|
|
description: Suite RBAC groups for Ultimail API
|
|
expression: |
|
|
return {
|
|
"groups": [
|
|
"role:user",
|
|
"contacts:write",
|
|
"calendar:write",
|
|
"drive:write",
|
|
"photos:write",
|
|
],
|
|
}
|
|
|
|
- model: authentik_providers_oauth2.oauth2provider
|
|
identifiers:
|
|
name: ulti-backend-provider
|
|
attrs:
|
|
property_mappings:
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, offline_access]]
|
|
- !KeyOf ulti-suite-groups-mapping
|