refactor(ops/keycloak): Split out clients & user-sources r/3511

Without some kind of physical organisation it's a little difficult to understand whether things are going "in" (supplying users to Keycloak) or "out" (getting auth/user info from Keycloak). Change-Id: I516501081e3448c81c710fcbc79cc68ad2a80f3b Reviewed-on: https://cl.tvl.fyi/c/depot/+/4762 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de>
author: Vincent Ambo <mail@tazj.in> 2022-01-01T14·46+0300
committer: tazjin <mail@tazj.in> 2022-01-02T21·22+0000
commit: 5a6f984222d37e50c8d7c06415ba48e66f45b4ed (patch)
tree: 5b1cd5b14f062775dfd29944f932bb1a631499a9 /ops/keycloak/user_sources.tf
parent: 5e036ed9fc579d14353eb7da4af4b426c99f96e6 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/ops/keycloak/user_sources.tf b/ops/keycloak/user_sources.tf
new file mode 100644
index 000000000000..3fde6e07cc91
--- /dev/null
+++ b/ops/keycloak/user_sources.tf
@@ -0,0 +1,21 @@
+# All user sources, that is services from which Keycloak gets user
+# information (either by accessing a system like LDAP or integration
+# through protocols like OIDC).
+
+resource "keycloak_ldap_user_federation" "tvl_ldap" {
+  name                    = "tvl-ldap"
+  realm_id                = keycloak_realm.tvl.id
+  enabled                 = true
+  connection_url          = "ldap://localhost"
+  users_dn                = "ou=users,dc=tvl,dc=fyi"
+  username_ldap_attribute = "cn"
+  uuid_ldap_attribute     = "cn"
+  rdn_ldap_attribute      = "cn"
+  full_sync_period        = 86400
+  trust_email             = true
+
+  user_object_classes = [
+    "inetOrgPerson",
+    "organizationalPerson",
+  ]
+}
author	Vincent Ambo <mail@tazj.in>	2022-01-01T14·46+0300
committer	tazjin <mail@tazj.in>	2022-01-02T21·22+0000
commit	5a6f984222d37e50c8d7c06415ba48e66f45b4ed (patch)
tree	5b1cd5b14f062775dfd29944f932bb1a631499a9 /ops/keycloak/user_sources.tf
parent	5e036ed9fc579d14353eb7da4af4b426c99f96e6 (diff)