From 7b3c0b3e2f672ba2547827105b9f14d003d16267 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Sun, 26 Dec 2021 03:08:03 +0300 Subject: [PATCH] feat(ops/keycloak): Check in initial Keycloak configuration This is still missing most of the client configuration etc., in part due to bugs in the provider which are preventing resource imports. Change-Id: Ic224ffc001f8e1fe6dcd47b7d002580fdf7b0774 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4628 Tested-by: BuildkiteCI Autosubmit: tazjin Reviewed-by: Profpatsch --- bin/__dispatch.sh | 4 ++++ ops/keycloak/.gitignore | 3 +++ ops/keycloak/default.nix | 8 ++++++++ ops/keycloak/main.tf | 40 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 55 insertions(+) create mode 100644 ops/keycloak/.gitignore create mode 100644 ops/keycloak/default.nix create mode 100644 ops/keycloak/main.tf diff --git a/bin/__dispatch.sh b/bin/__dispatch.sh index d06860e6c..24a04d75c 100755 --- a/bin/__dispatch.sh +++ b/bin/__dispatch.sh @@ -65,6 +65,10 @@ case "${TARGET_TOOL}" in TARGET_TOOL="terraform" attr="ops.glesys.terraform" ;; + tf-keycloak) + TARGET_TOOL="terraform" + attr="ops.keycloak.terraform" + ;; *) echo "The tool '${TARGET_TOOL}' is currently not installed in this repository." exit 1 diff --git a/ops/keycloak/.gitignore b/ops/keycloak/.gitignore new file mode 100644 index 000000000..017878c61 --- /dev/null +++ b/ops/keycloak/.gitignore @@ -0,0 +1,3 @@ +.terraform* +*.tfstate* +.envrc diff --git a/ops/keycloak/default.nix b/ops/keycloak/default.nix new file mode 100644 index 000000000..96f0c40e5 --- /dev/null +++ b/ops/keycloak/default.nix @@ -0,0 +1,8 @@ +{ depot, pkgs, ... }: + +depot.nix.readTree.drvTargets { + # Provide a Terraform wrapper with the right provider installed. + terraform = pkgs.terraform.withPlugins(p: [ + p.keycloak + ]); +} diff --git a/ops/keycloak/main.tf b/ops/keycloak/main.tf new file mode 100644 index 000000000..312e8ac61 --- /dev/null +++ b/ops/keycloak/main.tf @@ -0,0 +1,40 @@ +# Configure TVL Keycloak instance. +# +# TODO(tazjin): Configure GitHub/GitLab IDP + +terraform { + required_providers { + keycloak = { + source = "mrparkers/keycloak" + } + } +} + +provider "keycloak" { + client_id = "terraform" + url = "https://auth.tvl.fyi" +} + +resource "keycloak_realm" "tvl" { + realm = "TVL" + enabled = true + display_name = "The Virus Lounge" + default_signature_algorithm = "RS256" +} + +resource "keycloak_ldap_user_federation" "tvl_ldap" { + name = "tvl-ldap" + realm_id = keycloak_realm.tvl.id + enabled = true + connection_url = "ldap://localhost" + users_dn = "ou=users,dc=tvl,dc=fyi" + username_ldap_attribute = "cn" + uuid_ldap_attribute = "cn" + rdn_ldap_attribute = "cn" + full_sync_period = 86400 + + user_object_classes = [ + "inetOrgPerson", + "organizationalPerson", + ] +}