feat(ops/keycloak): Check in initial Keycloak configuration
This is still missing most of the client configuration etc., in part due to bugs in the provider which are preventing resource imports. Change-Id: Ic224ffc001f8e1fe6dcd47b7d002580fdf7b0774 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4628 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: Profpatsch <mail@profpatsch.de>
This commit is contained in:
parent
8a5ccd7089
commit
7b3c0b3e2f
4 changed files with 55 additions and 0 deletions
|
@ -65,6 +65,10 @@ case "${TARGET_TOOL}" in
|
||||||
TARGET_TOOL="terraform"
|
TARGET_TOOL="terraform"
|
||||||
attr="ops.glesys.terraform"
|
attr="ops.glesys.terraform"
|
||||||
;;
|
;;
|
||||||
|
tf-keycloak)
|
||||||
|
TARGET_TOOL="terraform"
|
||||||
|
attr="ops.keycloak.terraform"
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
echo "The tool '${TARGET_TOOL}' is currently not installed in this repository."
|
echo "The tool '${TARGET_TOOL}' is currently not installed in this repository."
|
||||||
exit 1
|
exit 1
|
||||||
|
|
3
ops/keycloak/.gitignore
vendored
Normal file
3
ops/keycloak/.gitignore
vendored
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
.terraform*
|
||||||
|
*.tfstate*
|
||||||
|
.envrc
|
8
ops/keycloak/default.nix
Normal file
8
ops/keycloak/default.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{ depot, pkgs, ... }:
|
||||||
|
|
||||||
|
depot.nix.readTree.drvTargets {
|
||||||
|
# Provide a Terraform wrapper with the right provider installed.
|
||||||
|
terraform = pkgs.terraform.withPlugins(p: [
|
||||||
|
p.keycloak
|
||||||
|
]);
|
||||||
|
}
|
40
ops/keycloak/main.tf
Normal file
40
ops/keycloak/main.tf
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
# Configure TVL Keycloak instance.
|
||||||
|
#
|
||||||
|
# TODO(tazjin): Configure GitHub/GitLab IDP
|
||||||
|
|
||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
keycloak = {
|
||||||
|
source = "mrparkers/keycloak"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "keycloak" {
|
||||||
|
client_id = "terraform"
|
||||||
|
url = "https://auth.tvl.fyi"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "keycloak_realm" "tvl" {
|
||||||
|
realm = "TVL"
|
||||||
|
enabled = true
|
||||||
|
display_name = "The Virus Lounge"
|
||||||
|
default_signature_algorithm = "RS256"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "keycloak_ldap_user_federation" "tvl_ldap" {
|
||||||
|
name = "tvl-ldap"
|
||||||
|
realm_id = keycloak_realm.tvl.id
|
||||||
|
enabled = true
|
||||||
|
connection_url = "ldap://localhost"
|
||||||
|
users_dn = "ou=users,dc=tvl,dc=fyi"
|
||||||
|
username_ldap_attribute = "cn"
|
||||||
|
uuid_ldap_attribute = "cn"
|
||||||
|
rdn_ldap_attribute = "cn"
|
||||||
|
full_sync_period = 86400
|
||||||
|
|
||||||
|
user_object_classes = [
|
||||||
|
"inetOrgPerson",
|
||||||
|
"organizationalPerson",
|
||||||
|
]
|
||||||
|
}
|
Loading…
Reference in a new issue