tvl-depot/ops/keycloak
Vincent Ambo 6576c2f15f feat(ops/keycloak): import github identity provider configuration
For some reason Terraform decided that it would otherwise like
to *delete* this configuration, which is undesirable.

Note that there is a "magic" special behaviour when the `alias` and
`provider_id` are set to the name of a built-in supported
provider (github, gitlab etc.), which lets us skip the
authorization_url setup.

Change-Id: Ib66154c2896dda162c57bdc2d7964a9fa4e15f20
Reviewed-on: https://cl.tvl.fyi/c/depot/+/6706
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2022-09-20 09:28:45 +00:00
..
.gitignore feat(ops/keycloak): Check in initial Keycloak configuration 2021-12-26 16:45:59 +00:00
clients.tf feat(ops/keycloak): Add OIDC client for panettone 2022-05-28 17:03:36 +00:00
default.nix refactor(ops/keycloak): Use tools.checks.validateTerraform 2022-06-07 09:32:13 +00:00
main.tf feat(ops/keycloak): import github identity provider configuration 2022-09-20 09:28:45 +00:00
README.md docs(ops/buildkite): Add documentation about this config 2022-06-06 11:05:12 +00:00
user_sources.tf feat(ops/keycloak): import github identity provider configuration 2022-09-20 09:28:45 +00:00

Terraform for Keycloak

This contains the Terraform configuration for deploying TVL's Keycloak instance (which lives at auth.tvl.fyi).

Secrets are needed for applying this. The encrypted file //ops/secrets/tf-keycloak.age contains export calls which should be sourced, for example via direnv, by users with the appropriate credentials.

An example direnv configuration used by tazjin is this:

# //ops/keycloak/.envrc
source_up
eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-keycloak.age)