about summary refs log tree commit diff
path: root/ops/keycloak
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2021-12-27T14·38+0300
committertazjin <mail@tazj.in>2021-12-27T15·53+0000
commit23693ca898439869748077f0537a6cf859f22213 (patch)
treeda754724cc9e2f334cf79ee5924a35fdb8e434a1 /ops/keycloak
parentfb7d45abc414c7b02e529b4b9e586dd986196d7b (diff)
feat(ops/keycloak): Import Buildkite OIDC client r/3473
This was previously configured in the UI.

Change-Id: I68361b1489093b76736adab2e38ed7b474b10881
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4711
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Diffstat (limited to 'ops/keycloak')
-rw-r--r--ops/keycloak/main.tf21
1 files changed, 21 insertions, 0 deletions
diff --git a/ops/keycloak/main.tf b/ops/keycloak/main.tf
index 90f3ca361036..7e9dd4b5b9c5 100644
--- a/ops/keycloak/main.tf
+++ b/ops/keycloak/main.tf
@@ -106,3 +106,24 @@ resource "keycloak_openid_client" "gerrit" {
     "https://cl.tvl.fyi",
   ]
 }
+
+resource "keycloak_openid_client" "buildkite" {
+  realm_id                                 = keycloak_realm.tvl.id
+  client_id                                = "https://buildkite.com"
+  name                                     = "Buildkite"
+  enabled                                  = true
+  access_type                              = "CONFIDENTIAL"
+  standard_flow_enabled                    = true
+  base_url                                 = "https://buildkite.com/sso/tvl"
+  direct_access_grants_enabled             = false
+  exclude_session_state_from_auth_response = false
+  backchannel_logout_session_required      = false
+
+  valid_redirect_uris = [
+    "https://buildkite.com/sso/~/1531aca5-f49c-4151-8832-a451e758af4c/saml/consume",
+  ]
+
+  web_origins = [
+    "https://buildkite.com",
+  ]
+}