diff --git a/tf-stage2/.terraform.lock.hcl b/tf-stage2/.terraform.lock.hcl
index 276336bdeefa98f5a118357ebcc452995bd07218..f1c0289f1b41efd2b8c9ff1aa6434b8a5baad5dd 100644
--- a/tf-stage2/.terraform.lock.hcl
+++ b/tf-stage2/.terraform.lock.hcl
@@ -2,19 +2,21 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/external" {
- version = "2.0.0"
+ version = "2.2.2"
hashes = [
- "h1:Q5xqryWI3tCY8yr+fugq7dz4Qz+8g4GaW9ZS8dc6Ob8=",
- "zh:07949780dd6a1d43e7b46950f6e6976581d9724102cb5388d3411a1b6f476bde",
- "zh:0a4f4636ff93f0644affa8474465dd8c9252946437ad025b28fc9f6603534a24",
- "zh:0dd7e05a974c649950d1a21d7015d3753324ae52ebdd1744b144bc409ca4b3e8",
- "zh:2b881032b9aa9d227ac712f614056d050bcdcc67df0dc79e2b2cb76a197059ad",
- "zh:38feb4787b4570335459ca75a55389df1a7570bdca8cdf5df4c2876afe3c14b4",
- "zh:40f7e0aaef3b1f4c2ca2bb1189e3fe9af8c296da129423986d1d99ccc8cfb86c",
- "zh:56b361f64f0f0df5c4f958ae2f0e6f8ba192f35b720b9d3ae1be068fabcf73d9",
- "zh:5fadb5880cd31c2105f635ded92b9b16f918c1dd989627a4ce62c04939223909",
- "zh:61fa0be9c14c8c4109cfb7be8d54a80c56d35dbae49d3231cddb59831e7e5a4d",
- "zh:853774bf97fbc4a784d5af5a4ca0090848430781ae6cfc586adeb48f7c44af79",
+ "h1:e7RpnZ2PbJEEPnfsg7V0FNwbfSk0/Z3FdrLsXINBmDY=",
+ "zh:0b84ab0af2e28606e9c0c1289343949339221c3ab126616b831ddb5aaef5f5ca",
+ "zh:10cf5c9b9524ca2e4302bf02368dc6aac29fb50aeaa6f7758cce9aa36ae87a28",
+ "zh:56a016ee871c8501acb3f2ee3b51592ad7c3871a1757b098838349b17762ba6b",
+ "zh:719d6ef39c50e4cffc67aa67d74d195adaf42afcf62beab132dafdb500347d39",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:7fbfc4d37435ac2f717b0316f872f558f608596b389b895fcb549f118462d327",
+ "zh:8ac71408204db606ce63fe8f9aeaf1ddc7751d57d586ec421e62d440c402e955",
+ "zh:a4cacdb06f114454b6ed0033add28006afa3f65a0ea7a43befe45fc82e6809fb",
+ "zh:bb5ce3132b52ae32b6cc005bc9f7627b95259b9ffe556de4dad60d47d47f21f0",
+ "zh:bb60d2976f125ffd232a7ccb4b3f81e7109578b23c9c6179f13a11d125dca82a",
+ "zh:f9540ecd2e056d6e71b9ea5f5a5cf8f63dd5c25394b9db831083a9d4ea99b372",
+ "zh:ffd998b55b8a64d4335a090b6956b4bf8855b290f7554dd38db3302de9c41809",
]
}
@@ -38,20 +40,24 @@ provider "registry.terraform.io/louy/uptimerobot" {
}
provider "registry.terraform.io/mrparkers/keycloak" {
- version = "2.0.0"
- constraints = "2.0.0"
+ version = "3.8.1"
hashes = [
- "h1:jeKgSpUEjfCGQNkmmUTZ+B30ZUsgGC73GirYw9Q3n1k=",
- "zh:0ec35b6af8431cc1d6f92f054ed80e3578511f2bd4af0ba36e7cecbf28f35bba",
- "zh:16a90911dd6b07d50136318baac5682f7533aca92e78c6953ab9632e8c43f5a4",
- "zh:300c6428351ec160d8f78486049c72d18acbb8a39b2935824fc38cb64eb39590",
- "zh:33f2e2de72b063eeaef1a9c81ae87f05fe7428a6410475ba66f42727b3fc6ad0",
- "zh:38efb3db71b4c1e338cd0b326a9ca42e39731859401341d3e78381c945e8ca53",
- "zh:65e547b3b5b2607bd7709ae9b118476782b222598db3144423617aff5cecdee6",
- "zh:8222f39c3aa6d085d6056e2fe2505ed1917931f8a3338aa0deea6f583a60abe5",
- "zh:a06f6078b40c3849f853780a7377d0682caa5cef1312559e60a53ebe0a2f8e45",
- "zh:cc0a782cb901430a4e162e365d566d7d9d9fd08425b6f6a2789c5dffd18badd6",
- "zh:fccc95b3cf94f21200af69f8cbaea393e21ce54946cbd58f5b659b50e9b545ed",
- "zh:ffd3e7acf20d961cc81c724e671810f5709955f9be6de884a07aa2079e6a709c",
+ "h1:iQR3OtWM43PI8H6Dz75OBEtBTWFKxYukx9M5z+CWRoA=",
+ "zh:04dea3786b9a8eaaf56b5c9c76b9346d3ed89371e4e7bb95e0f02167d6f1d41e",
+ "zh:179911a5441722d8716626761c383134cc34b5300f1d63fd75fbd41a2c536357",
+ "zh:2b4896b343425720b76f1eb621c1b51af2d7774e70559852c6db91ec364995ba",
+ "zh:428d9e6c7bfc7525adf90131472cc703f563f2188dca790a58cf66ef5f69249c",
+ "zh:450d2bf2a69a90cef3fb9043c6f2f89f269191e72efd39893bbbd9695e61f4bd",
+ "zh:5bb2d0838a6555ae3d14dd2febee51dca8cf4702a30c23d757617ae9a4d1b905",
+ "zh:60a17a1a9488fc93b2a11e0e5314c5e04485f9f96e3c6a002e49df02d2c3bc9a",
+ "zh:6bda95fcbca8b0b492ade6523fe5556777765e2aa230beb5388b1071d1e1edb4",
+ "zh:70c5160c1c041db4c9d302c6bc4a3ecfb50a659502f2c8e4ca6a87afd3e48df8",
+ "zh:7b60ef0163a5344e4e4a4e0d371016f8a5ed5e257ec4731a984685e384afe284",
+ "zh:8b7368f17111125f083870616e356d086ed4735452cda31c9fb22103cc597d9a",
+ "zh:8fdb45171799227906469acc1bbc313c5a16b58dc756c3d346b5461500b46956",
+ "zh:954680fa65a615ea4784f205f36aedec86ffd28e38c0597ff56f4f6a30513b26",
+ "zh:b65c4545dddf6659601baf840fc80c72a2c0e2dffc15b2521dc3170bfa40927d",
+ "zh:bca184053de15bb4ade54fdb76703ab13e7a2412e73254c6b1d6f7aa776cadd1",
+ "zh:f4e9951f9ebd1b87e18a0b88c7643c00163f8d5c60e7157e5259d8dfe96b7f4c",
]
}
diff --git a/tf-stage2/keycloak.tf b/tf-stage2/keycloak.tf
index fc10dfdb1313a565bec94d7b96a6a7619748d203..ce4413fc2fd706d79b9888d0f2407eb011cdc435 100644
--- a/tf-stage2/keycloak.tf
+++ b/tf-stage2/keycloak.tf
@@ -218,9 +218,7 @@ resource "keycloak_oidc_identity_provider" "realm_identity_provider" {
trust_email = false
store_token = false
backchannel_supported = false
- extra_config = {
- syncMode = "IMPORT"
- }
+ sync_mode = "IMPORT"
}
resource "keycloak_saml_client" "saml_gitlab" {
@@ -242,6 +240,7 @@ resource "keycloak_saml_client" "saml_gitlab" {
base_url = "/"
master_saml_processing_url = var.gitlab_instance.saml_redirect_url
idp_initiated_sso_url_name = "saml_gitlab"
+ front_channel_logout = false
assertion_consumer_post_url = var.gitlab_instance.saml_redirect_url
}
@@ -257,6 +256,7 @@ resource "keycloak_openid_client" "openid_gitlab" {
access_type = "PUBLIC"
standard_flow_enabled = true
+ use_refresh_tokens = false
full_scope_allowed = false
valid_redirect_uris = [
"https://gitlab.archlinux.org"
@@ -775,6 +775,7 @@ resource "keycloak_openid_client" "grafana_openid_client" {
access_type = "CONFIDENTIAL"
standard_flow_enabled = true
+ use_refresh_tokens = false
valid_redirect_uris = [
"https://monitoring.archlinux.org",
"https://monitoring.archlinux.org/login/generic_oauth"
@@ -802,6 +803,7 @@ resource "keycloak_openid_client" "hedgedoc_openid_client" {
access_type = "CONFIDENTIAL"
standard_flow_enabled = true
+ use_refresh_tokens = false
valid_redirect_uris = [
"https://md.archlinux.org/*",
]
@@ -828,6 +830,7 @@ resource "keycloak_openid_client" "matrix_openid_client" {
access_type = "CONFIDENTIAL"
standard_flow_enabled = true
+ use_refresh_tokens = false
valid_redirect_uris = [
"https://matrix.archlinux.org/_synapse/client/oidc/callback"
]
@@ -857,6 +860,7 @@ resource "keycloak_openid_client" "gluebuddy_openid_client" {
access_type = "CONFIDENTIAL"
standard_flow_enabled = true
+ use_refresh_tokens = false
valid_redirect_uris = [
"https://gitlab.archlinux.org/"
]
@@ -872,6 +876,7 @@ resource "keycloak_openid_client" "security_tracker_openid_client" {
access_type = "CONFIDENTIAL"
standard_flow_enabled = true
+ use_refresh_tokens = false
web_origins = []
valid_redirect_uris = [
"https://security.archlinux.org/*",
diff --git a/tf-stage2/versions.tf b/tf-stage2/versions.tf
index 348849460dc6be90151cd4b1c35e5a78b7416df4..dc8671477960e0f12c42b2891fff9c57c19d6769 100644
--- a/tf-stage2/versions.tf
+++ b/tf-stage2/versions.tf
@@ -4,12 +4,10 @@ terraform {
source = "hashicorp/external"
}
keycloak = {
- source = "mrparkers/keycloak"
- version = "2.0.0"
+ source = "mrparkers/keycloak"
}
uptimerobot = {
- source = "louy/uptimerobot"
- version = "0.5.1"
+ source = "louy/uptimerobot"
}
}
required_version = ">= 0.13"