diff options
-rw-r--r-- | ops/keycloak/main.tf | 2 | ||||
-rw-r--r-- | ops/keycloak/user_sources.tf | 23 | ||||
-rw-r--r-- | ops/secrets/tf-keycloak.age | bin | 981 -> 1001 bytes |
3 files changed, 24 insertions, 1 deletions
diff --git a/ops/keycloak/main.tf b/ops/keycloak/main.tf index a8e2d82a3cd0..c18f4a178991 100644 --- a/ops/keycloak/main.tf +++ b/ops/keycloak/main.tf @@ -1,6 +1,6 @@ # Configure TVL Keycloak instance. # -# TODO(tazjin): Configure GitHub/GitLab IDP +# TODO(tazjin): Configure GitLab IDP terraform { required_providers { diff --git a/ops/keycloak/user_sources.tf b/ops/keycloak/user_sources.tf index 3fde6e07cc91..01307fff8df5 100644 --- a/ops/keycloak/user_sources.tf +++ b/ops/keycloak/user_sources.tf @@ -2,6 +2,10 @@ # information (either by accessing a system like LDAP or integration # through protocols like OIDC). +variable "github_client_secret" { + type = string +} + resource "keycloak_ldap_user_federation" "tvl_ldap" { name = "tvl-ldap" realm_id = keycloak_realm.tvl.id @@ -19,3 +23,22 @@ resource "keycloak_ldap_user_federation" "tvl_ldap" { "organizationalPerson", ] } + +# keycloak_oidc_identity_provider.github will be destroyed +# (because keycloak_oidc_identity_provider.github is not in configuration) +resource "keycloak_oidc_identity_provider" "github" { + alias = "github" + provider_id = "github" + client_id = "6d7f8bb2e82bb6739556" + client_secret = var.github_client_secret + realm = keycloak_realm.tvl.id + backchannel_supported = false + gui_order = "1" + store_token = false + sync_mode = "IMPORT" + trust_email = true + + # These default to built-in values for the `github` provider_id. + authorization_url = "" + token_url = "" +} diff --git a/ops/secrets/tf-keycloak.age b/ops/secrets/tf-keycloak.age index b450e84fb069..c916dcd2a356 100644 --- a/ops/secrets/tf-keycloak.age +++ b/ops/secrets/tf-keycloak.age Binary files differ |