about summary refs log tree commit diff
path: root/ops/keycloak
AgeCommit message (Collapse)AuthorFilesLines
2021-12-27 r/3472 feat(ops/keycloak): Import Gerrit OIDC clientVincent Ambo1-0/+21
This was previously configured in the UI. Change-Id: Ib15b8ecca96d7814dc85d62199865b22bdb63f95 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4710 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27 r/3471 fix(ops/keycloak): Move Terraform state to GleSYS bucketVincent Ambo1-0/+11
This should never sit around locally the way it does now. Change-Id: Icfbdaf1949d6d948a796a0759282ea6144af3621 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4709 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27 r/3470 feat(ops/secrets): Add tf-keycloak secrets fileVincent Ambo1-0/+18
This file can be sourced (somehow, depending on the user) while working with //ops/keycloak to get the relevant secrets. Change-Id: Ibb3051c4b019f64824964475451c1c3996db6421 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4708 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
2021-12-27 r/3469 feat(ops/keycloak): Add OIDC client for GrafanaVincent Ambo1-0/+14
Completely forgot about Grafana, so it's currently broken. Oops! Change-Id: Ia4e6405428ad8e514d6e61635f9692c57f61defe Reviewed-on: https://cl.tvl.fyi/c/depot/+/4705 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: tazjin <mail@tazj.in>
2021-12-26 r/3428 fix(ops/keycloak): set up client for usage with oauth2_proxyVincent Ambo1-7/+7
This will be useful for things like panettone, pending a NixOS module for oauth2-proxy (the upstream one is too complicated and doesn't support what we need). Change-Id: I4ca193e10a94a29b1fb9003e945896ff8eb61116 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4662 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de> Autosubmit: tazjin <mail@tazj.in>
2021-12-26 r/3427 fix(ops/keycloak): trust email addresses from LDAPVincent Ambo1-0/+1
Verified emails are required for some things, like e.g. oauth2_proxy Change-Id: Ifb124be40d6d2863cd1b7ed5fbdfcf4827e8808c Reviewed-on: https://cl.tvl.fyi/c/depot/+/4661 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-12-26 r/3426 feat(ops/keycloak): Set up oauth2_proxy clientVincent Ambo1-0/+21
Change-Id: I996d9644ed7e870d6e5a42af117eafbf841da679 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4640 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: Profpatsch <mail@profpatsch.de>
2021-12-26 r/3425 feat(ops/keycloak): Check in initial Keycloak configurationVincent Ambo3-0/+51
This is still missing most of the client configuration etc., in part due to bugs in the provider which are preventing resource imports. Change-Id: Ic224ffc001f8e1fe6dcd47b7d002580fdf7b0774 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4628 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: Profpatsch <mail@profpatsch.de>