feat(ops/keycloak): Set up oauth2_proxy client

Change-Id: I996d9644ed7e870d6e5a42af117eafbf841da679
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4640
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: Profpatsch <mail@profpatsch.de>
This commit is contained in:
Vincent Ambo 2021-12-26 18:36:00 +03:00 committed by clbot
parent 7b3c0b3e2f
commit e8fa347fd1

View file

@ -38,3 +38,24 @@ resource "keycloak_ldap_user_federation" "tvl_ldap" {
"organizationalPerson", "organizationalPerson",
] ]
} }
resource "keycloak_openid_client" "oauth2_proxy" {
realm_id = keycloak_realm.tvl.id
client_id = "oauth2-proxy"
name = "TVL OAuth2 Proxy"
enabled = true
access_type = "CONFIDENTIAL"
standard_flow_enabled = true
valid_redirect_uris = [
"https://login.tvl.fyi/oauth2/callback"
]
}
resource "keycloak_openid_audience_protocol_mapper" "panettone_audience" {
realm_id = keycloak_realm.tvl.id
client_id = keycloak_openid_client.oauth2_proxy.id
name = "panettone-audience"
included_custom_audience = "b"
}