about summary refs log tree commit diff
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2021-12-26T16·08+0300
committerclbot <clbot@tvl.fyi>2021-12-26T16·59+0000
commitfc16f1e467918b7bff59e0a18a32622e2571fead (patch)
treeca78f1a85c773cf078ce83c77f52b35366a60baa
parenta8923242bebdc2464f760f906fddd135a8c13abb (diff)
fix(ops/keycloak): set up client for usage with oauth2_proxy r/3428
This will be useful for things like panettone, pending a NixOS module
for oauth2-proxy (the upstream one is too complicated and doesn't
support what we need).

Change-Id: I4ca193e10a94a29b1fb9003e945896ff8eb61116
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4662
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
Autosubmit: tazjin <mail@tazj.in>
-rw-r--r--ops/keycloak/main.tf14
1 files changed, 7 insertions, 7 deletions
diff --git a/ops/keycloak/main.tf b/ops/keycloak/main.tf
index d6c01442ecd3..05398a866cee 100644
--- a/ops/keycloak/main.tf
+++ b/ops/keycloak/main.tf
@@ -49,14 +49,14 @@ resource "keycloak_openid_client" "oauth2_proxy" {
   standard_flow_enabled = true
 
   valid_redirect_uris = [
-    "https://login.tvl.fyi/oauth2/callback"
+    "https://login.tvl.fyi/oauth2/callback",
+    "http://localhost:4774/oauth2/callback",
   ]
 }
 
-resource "keycloak_openid_audience_protocol_mapper" "panettone_audience" {
-  realm_id  = keycloak_realm.tvl.id
-  client_id = keycloak_openid_client.oauth2_proxy.id
-  name      = "panettone-audience"
-
-  included_custom_audience = "b"
+resource "keycloak_openid_audience_protocol_mapper" "oauth2_proxy_audience" {
+  realm_id                 = keycloak_realm.tvl.id
+  client_id                = keycloak_openid_client.oauth2_proxy.id
+  name                     = "oauth2-proxy-audience"
+  included_custom_audience = keycloak_openid_client.oauth2_proxy.client_id
 }