about summary refs log tree commit diff
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2022-05-28T16·05+0200
committertazjin <tazjin@tvl.su>2022-05-28T17·03+0000
commit38be32c6b0f847aec1d1e19eb2765485d9f2ed39 (patch)
treedeedfb20740d8cd981f7f885d2b0aaadf9956616
parentaed1fbeb95c1790ed9faa46bfa410635fb8e8bb6 (diff)
feat(ops/keycloak): Add OIDC client for panettone r/4177
Change-Id: Idb4352e3bbf412df5569aa988a78c6438063f93a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5769
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
-rw-r--r--ops/keycloak/clients.tf14
1 files changed, 14 insertions, 0 deletions
diff --git a/ops/keycloak/clients.tf b/ops/keycloak/clients.tf
index 5f2fd21a3557..9506bd4aa046 100644
--- a/ops/keycloak/clients.tf
+++ b/ops/keycloak/clients.tf
@@ -90,3 +90,17 @@ resource "keycloak_openid_audience_protocol_mapper" "oauth2_proxy_audience" {
   name                     = "oauth2-proxy-audience"
   included_custom_audience = keycloak_openid_client.oauth2_proxy.client_id
 }
+
+resource "keycloak_openid_client" "panettone" {
+  realm_id              = keycloak_realm.tvl.id
+  client_id             = "panettone"
+  name                  = "Panettone"
+  enabled               = true
+  access_type           = "CONFIDENTIAL"
+  standard_flow_enabled = true
+
+  valid_redirect_uris = [
+    "https://b.tvl.fyi/auth",
+    "http://localhost:6161/auth",
+  ]
+}