feat(ops/keycloak): Import Buildkite OIDC client

This was previously configured in the UI. Change-Id: I68361b1489093b76736adab2e38ed7b474b10881 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4711 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27 17:38:14 +03:00 · 2021-12-27 17:38:14 +03:00 · 23693ca898
commit 23693ca898
parent fb7d45abc4
1 changed files with 21 additions and 0 deletions
--- a/ops/keycloak/main.tf
+++ b/ops/keycloak/main.tf
@ -106,3 +106,24 @@ resource "keycloak_openid_client" "gerrit" {
    "https://cl.tvl.fyi",
  ]
 }
+
+resource "keycloak_openid_client" "buildkite" {
+  realm_id                                 = keycloak_realm.tvl.id
+  client_id                                = "https://buildkite.com"
+  name                                     = "Buildkite"
+  enabled                                  = true
+  access_type                              = "CONFIDENTIAL"
+  standard_flow_enabled                    = true
+  base_url                                 = "https://buildkite.com/sso/tvl"
+  direct_access_grants_enabled             = false
+  exclude_session_state_from_auth_response = false
+  backchannel_logout_session_required      = false
+
+  valid_redirect_uris = [
+    "https://buildkite.com/sso/~/1531aca5-f49c-4151-8832-a451e758af4c/saml/consume",
+  ]
+
+  web_origins = [
+    "https://buildkite.com",
+  ]
+}