about summary refs log tree commit diff
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2021-12-25T21·46+0300
committerclbot <clbot@tvl.fyi>2021-12-26T00·10+0000
commit738cca62c1c4b5297d636fc331cd49bd82eaa0a6 (patch)
tree90f3720d66f570680e95e3f49dfc3c751c6a49b3
parent798b439c4bec6f03f17c86e4d689aad69b79a7cc (diff)
feat(monorepo-gerrit): Configure for Keycloak compatibility r/3410
Change-Id: Ic3fce02b071c09cf03e652510f16bafb795a5a1d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4614
Autosubmit: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: grfn <grfn@gws.fyi>
-rw-r--r--ops/modules/monorepo-gerrit.nix11
-rw-r--r--ops/secrets/gerrit-secrets.agebin835 -> 828 bytes
2 files changed, 6 insertions, 5 deletions
diff --git a/ops/modules/monorepo-gerrit.nix b/ops/modules/monorepo-gerrit.nix
index 30caa984d706..6638f30b3f9f 100644
--- a/ops/modules/monorepo-gerrit.nix
+++ b/ops/modules/monorepo-gerrit.nix
@@ -94,12 +94,13 @@ in {
         html = "<a href=\"https://cl.tvl.fyi/$1\">cl/$1</a>";
       };
 
-      # Configures integration with CAS, which then integrates with a variety
-      # of backends.
+      # Configures integration with Keycloak, which then integrates with a
+      # variety of backends.
       auth.type = "OAUTH";
-      plugin.gerrit-oauth-provider-cas-oauth = {
-        root-url = "https://login.tvl.fyi";
-        client-id = "OAUTH-TVL-gerrit-Fv0d8Aizz5";
+      plugin.gerrit-oauth-provider-keycloak-oauth = {
+        root-url = "https://auth.tvl.fyi";
+        realm = "TVL";
+        client-id = "gerrit";
         # client-secret is set in /var/lib/gerrit/etc/secure.config.
       };
 
diff --git a/ops/secrets/gerrit-secrets.age b/ops/secrets/gerrit-secrets.age
index 077f33f060b3..02a3c66b5369 100644
--- a/ops/secrets/gerrit-secrets.age
+++ b/ops/secrets/gerrit-secrets.age
Binary files differ