depot - monorepo for the virus lounge

Age	Commit message (Collapse)	Author	Files	Lines
2022-01-02	r/3511 refactor(ops/keycloak): Split out clients & user-sources	Vincent Ambo	1	-106/+0
	Without some kind of physical organisation it's a little difficult to understand whether things are going "in" (supplying users to Keycloak) or "out" (getting auth/user info from Keycloak). Change-Id: I516501081e3448c81c710fcbc79cc68ad2a80f3b Reviewed-on: https://cl.tvl.fyi/c/depot/+/4762 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-12-28	r/3495 fix(ops/keycloak): redefine buildkite client, correctly this time	Vincent Ambo	1	-15/+26
	This client definition was previously nonsense. What happened is that I accidentally imported the client as an OIDC client, which Keycloak accepted because apparently those are the same entities on the API level, and that ended up getting mangled into some broken hybrid shape by Terraform. This sets up the Buildkite provider again but with the correct SAML configuration this time. Change-Id: Id7ba318984d2fcc9e2ca91ed45ccbfd227278bbe Reviewed-on: https://cl.tvl.fyi/c/depot/+/4731 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: tazjin <mail@tazj.in>
2021-12-27	r/3473 feat(ops/keycloak): Import Buildkite OIDC client	Vincent Ambo	1	-0/+21
	This was previously configured in the UI. Change-Id: I68361b1489093b76736adab2e38ed7b474b10881 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4711 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27	r/3472 feat(ops/keycloak): Import Gerrit OIDC client	Vincent Ambo	1	-0/+21
	This was previously configured in the UI. Change-Id: Ib15b8ecca96d7814dc85d62199865b22bdb63f95 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4710 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27	r/3471 fix(ops/keycloak): Move Terraform state to GleSYS bucket	Vincent Ambo	1	-0/+11
	This should never sit around locally the way it does now. Change-Id: Icfbdaf1949d6d948a796a0759282ea6144af3621 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4709 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27	r/3469 feat(ops/keycloak): Add OIDC client for Grafana	Vincent Ambo	1	-0/+14
	Completely forgot about Grafana, so it's currently broken. Oops! Change-Id: Ia4e6405428ad8e514d6e61635f9692c57f61defe Reviewed-on: https://cl.tvl.fyi/c/depot/+/4705 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: tazjin <mail@tazj.in>
2021-12-26	r/3428 fix(ops/keycloak): set up client for usage with oauth2_proxy	Vincent Ambo	1	-7/+7
	This will be useful for things like panettone, pending a NixOS module for oauth2-proxy (the upstream one is too complicated and doesn't support what we need). Change-Id: I4ca193e10a94a29b1fb9003e945896ff8eb61116 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4662 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de> Autosubmit: tazjin <mail@tazj.in>
2021-12-26	r/3427 fix(ops/keycloak): trust email addresses from LDAP	Vincent Ambo	1	-0/+1
	Verified emails are required for some things, like e.g. oauth2_proxy Change-Id: Ifb124be40d6d2863cd1b7ed5fbdfcf4827e8808c Reviewed-on: https://cl.tvl.fyi/c/depot/+/4661 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-12-26	r/3426 feat(ops/keycloak): Set up oauth2_proxy client	Vincent Ambo	1	-0/+21
	Change-Id: I996d9644ed7e870d6e5a42af117eafbf841da679 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4640 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-12-26	r/3425 feat(ops/keycloak): Check in initial Keycloak configuration	Vincent Ambo	1	-0/+40
	This is still missing most of the client configuration etc., in part due to bugs in the provider which are preventing resource imports. Change-Id: Ic224ffc001f8e1fe6dcd47b7d002580fdf7b0774 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4628 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: Profpatsch <mail@profpatsch.de>