Commit graph

7 commits

Author SHA1 Message Date
Vincent Ambo
98be390576 fix(ops/keycloak): Move Terraform state to GleSYS bucket
This should never sit around locally the way it does now.

Change-Id: Icfbdaf1949d6d948a796a0759282ea6144af3621
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4709
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27 15:53:57 +00:00
Vincent Ambo
e616f978d0 feat(ops/secrets): Add tf-keycloak secrets file
This file can be sourced (somehow, depending on the user) while
working with //ops/keycloak to get the relevant secrets.

Change-Id: Ibb3051c4b019f64824964475451c1c3996db6421
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4708
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27 15:53:57 +00:00
Vincent Ambo
4f030f085d feat(ops/keycloak): Add OIDC client for Grafana
Completely forgot about Grafana, so it's currently broken. Oops!

Change-Id: Ia4e6405428ad8e514d6e61635f9692c57f61defe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4705
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: tazjin <mail@tazj.in>
2021-12-27 15:53:57 +00:00
Vincent Ambo
fc16f1e467 fix(ops/keycloak): set up client for usage with oauth2_proxy
This will be useful for things like panettone, pending a NixOS module
for oauth2-proxy (the upstream one is too complicated and doesn't
support what we need).

Change-Id: I4ca193e10a94a29b1fb9003e945896ff8eb61116
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4662
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Autosubmit: tazjin <mail@tazj.in>
2021-12-26 16:59:01 +00:00
Vincent Ambo
a8923242be fix(ops/keycloak): trust email addresses from LDAP
Verified emails are required for some things, like e.g. oauth2_proxy

Change-Id: Ifb124be40d6d2863cd1b7ed5fbdfcf4827e8808c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4661
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-12-26 16:59:01 +00:00
Vincent Ambo
e8fa347fd1 feat(ops/keycloak): Set up oauth2_proxy client
Change-Id: I996d9644ed7e870d6e5a42af117eafbf841da679
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4640
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-12-26 16:59:01 +00:00
Vincent Ambo
7b3c0b3e2f feat(ops/keycloak): Check in initial Keycloak configuration
This is still missing most of the client configuration etc., in part
due to bugs in the provider which are preventing resource imports.

Change-Id: Ic224ffc001f8e1fe6dcd47b7d002580fdf7b0774
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4628
Tested-by: BuildkiteCI
Autosubmit: tazjin <mail@tazj.in>
Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-12-26 16:45:59 +00:00