fix(ops/keycloak): set up client for usage with oauth2_proxy

This will be useful for things like panettone, pending a NixOS module
for oauth2-proxy (the upstream one is too complicated and doesn't
support what we need).

Change-Id: I4ca193e10a94a29b1fb9003e945896ff8eb61116
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4662
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Autosubmit: tazjin <mail@tazj.in>
This commit is contained in:
Vincent Ambo 2021-12-26 19:08:14 +03:00 committed by clbot
parent a8923242be
commit fc16f1e467

View file

@ -49,14 +49,14 @@ resource "keycloak_openid_client" "oauth2_proxy" {
standard_flow_enabled = true
valid_redirect_uris = [
"https://login.tvl.fyi/oauth2/callback"
"https://login.tvl.fyi/oauth2/callback",
"http://localhost:4774/oauth2/callback",
]
}
resource "keycloak_openid_audience_protocol_mapper" "panettone_audience" {
realm_id = keycloak_realm.tvl.id
client_id = keycloak_openid_client.oauth2_proxy.id
name = "panettone-audience"
included_custom_audience = "b"
resource "keycloak_openid_audience_protocol_mapper" "oauth2_proxy_audience" {
realm_id = keycloak_realm.tvl.id
client_id = keycloak_openid_client.oauth2_proxy.id
name = "oauth2-proxy-audience"
included_custom_audience = keycloak_openid_client.oauth2_proxy.client_id
}