Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
25a41929
Verified
Commit
25a41929
authored
May 02, 2020
by
Sven-Hendrik Haase
Browse files
Use archlinux realm for applications instead of master
parent
3e2b6934
Changes
4
Hide whitespace changes
Inline
Side-by-side
one-shots/keycloak-importer/import_user_groups.py
View file @
25a41929
...
...
@@ -20,9 +20,9 @@ CLIENT_ID = "admin-cli"
KEYCLOAK_ADMIN_USERNAME
=
os
.
environ
[
"KEYCLOAK_ADMIN_USERNAME"
]
KEYCLOAK_ADMIN_PASSWORD
=
os
.
environ
[
"KEYCLOAK_ADMIN_PASSWORD"
]
KEYCLOAK_URL
=
"https://accounts.archlinux.org/auth"
KEYCLOAK_REALM
=
"
master
"
KEYCLOAK_REALM
=
"
archlinux
"
REALM_URL
=
f
"
{
KEYCLOAK_URL
}
/realms/
{
KEYCLOAK_REALM
}
"
REALM_URL
=
f
"
{
KEYCLOAK_URL
}
/realms/
master
"
FETCH_TOKEN_URL
=
f
"
{
REALM_URL
}
/protocol/openid-connect/token"
API_BASE_URL
=
f
"
{
KEYCLOAK_URL
}
/admin/realms/
{
KEYCLOAK_REALM
}
"
...
...
roles/keycloak/tasks/main.yml
View file @
25a41929
...
...
@@ -9,7 +9,7 @@
-
restart keycloak
-
name
:
create an admin user
command
:
/opt/keycloak/bin/add-user-keycloak.sh -u "{{ vault_keycloak_admin_user }}" -p "{{ vault_keycloak_admin_password }}"
command
:
/opt/keycloak/bin/add-user-keycloak.sh
-r master
-u "{{ vault_keycloak_admin_user }}" -p "{{ vault_keycloak_admin_password }}"
args
:
creates
:
/opt/keycloak/standalone/configuration/keycloak-add-user.json
...
...
roles/keycloak/templates/nginx.d.conf.j2
View file @
25a41929
...
...
@@ -34,4 +34,8 @@ server {
proxy_set_header Host $host;
proxy_ssl_verify off;
}
location = / {
return 301 https://$server_name/auth/;
}
}
tf-stage2/keycloak.tf
View file @
25a41929
...
...
@@ -34,8 +34,8 @@ variable "gitlab_instance" {
}
}
resource
"keycloak_realm"
"
master
"
{
realm
=
"
master
"
resource
"keycloak_realm"
"
archlinux
"
{
realm
=
"
archlinux
"
enabled
=
true
remember_me
=
true
display_name
=
"Arch Linux"
...
...
@@ -59,7 +59,7 @@ resource "keycloak_realm" "master" {
}
resource
"keycloak_saml_client"
"saml_gitlab"
{
realm_id
=
"
master
"
// "${keycloak_realm.realm.id}"
realm_id
=
"
archlinux
"
// "${keycloak_realm.realm.id}"
client_id
=
"saml_gitlab"
name
=
"Arch Linux Accounts"
...
...
@@ -84,7 +84,7 @@ resource "keycloak_saml_client" "saml_gitlab" {
resource
"keycloak_saml_user_property_protocol_mapper"
"gitlab_saml_email"
{
realm_id
=
"
master
"
realm_id
=
"
archlinux
"
client_id
=
keycloak_saml_client
.
saml_gitlab
.
id
name
=
"email"
...
...
@@ -96,7 +96,7 @@ resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_email" {
resource
"keycloak_saml_user_property_protocol_mapper"
"gitlab_saml_name"
{
realm_id
=
"
master
"
realm_id
=
"
archlinux
"
client_id
=
keycloak_saml_client
.
saml_gitlab
.
id
name
=
"name"
...
...
@@ -108,7 +108,7 @@ resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_name" {
resource
"keycloak_saml_user_property_protocol_mapper"
"gitlab_saml_first_name"
{
realm_id
=
"
master
"
realm_id
=
"
archlinux
"
client_id
=
keycloak_saml_client
.
saml_gitlab
.
id
name
=
"first_name"
...
...
@@ -120,7 +120,7 @@ resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_first_name"
resource
"keycloak_saml_user_property_protocol_mapper"
"gitlab_saml_last_name"
{
realm_id
=
"
master
"
realm_id
=
"
archlinux
"
client_id
=
keycloak_saml_client
.
saml_gitlab
.
id
name
=
"last_name"
...
...
@@ -138,18 +138,18 @@ variable "arch_groups" {
resource
"keycloak_group"
"arch_groups"
{
for_each
=
var
.
arch_groups
realm_id
=
"
master
"
realm_id
=
"
archlinux
"
name
=
each
.
value
}
resource
"keycloak_role"
"devops"
{
realm_id
=
"
master
"
realm_id
=
"
archlinux
"
name
=
"DevOps"
description
=
"DevOps role"
}
resource
"keycloak_group_roles"
"group_roles"
{
realm_id
=
"
master
"
realm_id
=
"
archlinux
"
group_id
=
keycloak_group
.
arch_groups
[
"DevOps"
].
id
role_ids
=
[
keycloak_role
.
devops
.
id
...
...
@@ -161,7 +161,7 @@ output "gitlab_saml_configuration" {
issuer
=
keycloak_saml_client
.
saml_gitlab
.
client_id
assertion_consumer_service_url
=
var
.
gitlab_instance
.
saml_redirect_url
admin_groups
=
[
keycloak_role
.
devops
.
name
]
idp_sso_target_url
=
"https://accounts.archlinux.org/auth/realms/
master
/protocol/saml/clients/
${
keycloak_saml_client
.
saml_gitlab
.
client_id
}
"
idp_sso_target_url
=
"https://accounts.archlinux.org/auth/realms/
archlinux
/protocol/saml/clients/
${
keycloak_saml_client
.
saml_gitlab
.
client_id
}
"
signing_certificate_fingerprint
=
keycloak_saml_client
.
saml_gitlab
.
signing_certificate
}
}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment