From 23693ca898439869748077f0537a6cf859f22213 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Mon, 27 Dec 2021 17:38:14 +0300 Subject: feat(ops/keycloak): Import Buildkite OIDC client This was previously configured in the UI. Change-Id: I68361b1489093b76736adab2e38ed7b474b10881 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4711 Tested-by: BuildkiteCI Reviewed-by: grfn --- ops/keycloak/main.tf | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'ops') diff --git a/ops/keycloak/main.tf b/ops/keycloak/main.tf index 90f3ca361036..7e9dd4b5b9c5 100644 --- a/ops/keycloak/main.tf +++ b/ops/keycloak/main.tf @@ -106,3 +106,24 @@ resource "keycloak_openid_client" "gerrit" { "https://cl.tvl.fyi", ] } + +resource "keycloak_openid_client" "buildkite" { + realm_id = keycloak_realm.tvl.id + client_id = "https://buildkite.com" + name = "Buildkite" + enabled = true + access_type = "CONFIDENTIAL" + standard_flow_enabled = true + base_url = "https://buildkite.com/sso/tvl" + direct_access_grants_enabled = false + exclude_session_state_from_auth_response = false + backchannel_logout_session_required = false + + valid_redirect_uris = [ + "https://buildkite.com/sso/~/1531aca5-f49c-4151-8832-a451e758af4c/saml/consume", + ] + + web_origins = [ + "https://buildkite.com", + ] +} -- cgit 1.4.1