mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-04-16 06:44:16 +02:00
tf-stage2: update keycloak provider to 3.8.1
OpenID clients: - 'use_refresh_tokens' set to false to preserve the values on live - 'backchannel_logout_session_required' implicitly changed to true for the 'grafana_openid_client' and 'openid_gitlab' clients SAML client (GitLab): - 'front_channel_logout' set to false to preserve the live setting
This commit is contained in:
Evangelos Foutras
parent
511b6ca4e1
commit
2b9e29ca2e
|
|
@ -2,19 +2,21 @@
|
|||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/hashicorp/external" {
|
||||
version = "2.0.0"
|
||||
version = "2.2.2"
|
||||
hashes = [
|
||||
"h1:Q5xqryWI3tCY8yr+fugq7dz4Qz+8g4GaW9ZS8dc6Ob8=",
|
||||
"zh:07949780dd6a1d43e7b46950f6e6976581d9724102cb5388d3411a1b6f476bde",
|
||||
"zh:0a4f4636ff93f0644affa8474465dd8c9252946437ad025b28fc9f6603534a24",
|
||||
"zh:0dd7e05a974c649950d1a21d7015d3753324ae52ebdd1744b144bc409ca4b3e8",
|
||||
"zh:2b881032b9aa9d227ac712f614056d050bcdcc67df0dc79e2b2cb76a197059ad",
|
||||
"zh:38feb4787b4570335459ca75a55389df1a7570bdca8cdf5df4c2876afe3c14b4",
|
||||
"zh:40f7e0aaef3b1f4c2ca2bb1189e3fe9af8c296da129423986d1d99ccc8cfb86c",
|
||||
"zh:56b361f64f0f0df5c4f958ae2f0e6f8ba192f35b720b9d3ae1be068fabcf73d9",
|
||||
"zh:5fadb5880cd31c2105f635ded92b9b16f918c1dd989627a4ce62c04939223909",
|
||||
"zh:61fa0be9c14c8c4109cfb7be8d54a80c56d35dbae49d3231cddb59831e7e5a4d",
|
||||
"zh:853774bf97fbc4a784d5af5a4ca0090848430781ae6cfc586adeb48f7c44af79",
|
||||
"h1:e7RpnZ2PbJEEPnfsg7V0FNwbfSk0/Z3FdrLsXINBmDY=",
|
||||
"zh:0b84ab0af2e28606e9c0c1289343949339221c3ab126616b831ddb5aaef5f5ca",
|
||||
"zh:10cf5c9b9524ca2e4302bf02368dc6aac29fb50aeaa6f7758cce9aa36ae87a28",
|
||||
"zh:56a016ee871c8501acb3f2ee3b51592ad7c3871a1757b098838349b17762ba6b",
|
||||
"zh:719d6ef39c50e4cffc67aa67d74d195adaf42afcf62beab132dafdb500347d39",
|
||||
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
|
||||
"zh:7fbfc4d37435ac2f717b0316f872f558f608596b389b895fcb549f118462d327",
|
||||
"zh:8ac71408204db606ce63fe8f9aeaf1ddc7751d57d586ec421e62d440c402e955",
|
||||
"zh:a4cacdb06f114454b6ed0033add28006afa3f65a0ea7a43befe45fc82e6809fb",
|
||||
"zh:bb5ce3132b52ae32b6cc005bc9f7627b95259b9ffe556de4dad60d47d47f21f0",
|
||||
"zh:bb60d2976f125ffd232a7ccb4b3f81e7109578b23c9c6179f13a11d125dca82a",
|
||||
"zh:f9540ecd2e056d6e71b9ea5f5a5cf8f63dd5c25394b9db831083a9d4ea99b372",
|
||||
"zh:ffd998b55b8a64d4335a090b6956b4bf8855b290f7554dd38db3302de9c41809",
|
||||
]
|
||||
}
|
||||
|
||||
|
|
@ -38,20 +40,24 @@ provider "registry.terraform.io/louy/uptimerobot" {
|
|||
}
|
||||
|
||||
provider "registry.terraform.io/mrparkers/keycloak" {
|
||||
version = "2.0.0"
|
||||
constraints = "2.0.0"
|
||||
version = "3.8.1"
|
||||
hashes = [
|
||||
"h1:jeKgSpUEjfCGQNkmmUTZ+B30ZUsgGC73GirYw9Q3n1k=",
|
||||
"zh:0ec35b6af8431cc1d6f92f054ed80e3578511f2bd4af0ba36e7cecbf28f35bba",
|
||||
"zh:16a90911dd6b07d50136318baac5682f7533aca92e78c6953ab9632e8c43f5a4",
|
||||
"zh:300c6428351ec160d8f78486049c72d18acbb8a39b2935824fc38cb64eb39590",
|
||||
"zh:33f2e2de72b063eeaef1a9c81ae87f05fe7428a6410475ba66f42727b3fc6ad0",
|
||||
"zh:38efb3db71b4c1e338cd0b326a9ca42e39731859401341d3e78381c945e8ca53",
|
||||
"zh:65e547b3b5b2607bd7709ae9b118476782b222598db3144423617aff5cecdee6",
|
||||
"zh:8222f39c3aa6d085d6056e2fe2505ed1917931f8a3338aa0deea6f583a60abe5",
|
||||
"zh:a06f6078b40c3849f853780a7377d0682caa5cef1312559e60a53ebe0a2f8e45",
|
||||
"zh:cc0a782cb901430a4e162e365d566d7d9d9fd08425b6f6a2789c5dffd18badd6",
|
||||
"zh:fccc95b3cf94f21200af69f8cbaea393e21ce54946cbd58f5b659b50e9b545ed",
|
||||
"zh:ffd3e7acf20d961cc81c724e671810f5709955f9be6de884a07aa2079e6a709c",
|
||||
"h1:iQR3OtWM43PI8H6Dz75OBEtBTWFKxYukx9M5z+CWRoA=",
|
||||
"zh:04dea3786b9a8eaaf56b5c9c76b9346d3ed89371e4e7bb95e0f02167d6f1d41e",
|
||||
"zh:179911a5441722d8716626761c383134cc34b5300f1d63fd75fbd41a2c536357",
|
||||
"zh:2b4896b343425720b76f1eb621c1b51af2d7774e70559852c6db91ec364995ba",
|
||||
"zh:428d9e6c7bfc7525adf90131472cc703f563f2188dca790a58cf66ef5f69249c",
|
||||
"zh:450d2bf2a69a90cef3fb9043c6f2f89f269191e72efd39893bbbd9695e61f4bd",
|
||||
"zh:5bb2d0838a6555ae3d14dd2febee51dca8cf4702a30c23d757617ae9a4d1b905",
|
||||
"zh:60a17a1a9488fc93b2a11e0e5314c5e04485f9f96e3c6a002e49df02d2c3bc9a",
|
||||
"zh:6bda95fcbca8b0b492ade6523fe5556777765e2aa230beb5388b1071d1e1edb4",
|
||||
"zh:70c5160c1c041db4c9d302c6bc4a3ecfb50a659502f2c8e4ca6a87afd3e48df8",
|
||||
"zh:7b60ef0163a5344e4e4a4e0d371016f8a5ed5e257ec4731a984685e384afe284",
|
||||
"zh:8b7368f17111125f083870616e356d086ed4735452cda31c9fb22103cc597d9a",
|
||||
"zh:8fdb45171799227906469acc1bbc313c5a16b58dc756c3d346b5461500b46956",
|
||||
"zh:954680fa65a615ea4784f205f36aedec86ffd28e38c0597ff56f4f6a30513b26",
|
||||
"zh:b65c4545dddf6659601baf840fc80c72a2c0e2dffc15b2521dc3170bfa40927d",
|
||||
"zh:bca184053de15bb4ade54fdb76703ab13e7a2412e73254c6b1d6f7aa776cadd1",
|
||||
"zh:f4e9951f9ebd1b87e18a0b88c7643c00163f8d5c60e7157e5259d8dfe96b7f4c",
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -218,9 +218,7 @@ resource "keycloak_oidc_identity_provider" "realm_identity_provider" {
|
|||
trust_email = false
|
||||
store_token = false
|
||||
backchannel_supported = false
|
||||
extra_config = {
|
||||
syncMode = "IMPORT"
|
||||
}
|
||||
sync_mode = "IMPORT"
|
||||
}
|
||||
|
||||
resource "keycloak_saml_client" "saml_gitlab" {
|
||||
|
|
@ -242,6 +240,7 @@ resource "keycloak_saml_client" "saml_gitlab" {
|
|||
base_url = "/"
|
||||
master_saml_processing_url = var.gitlab_instance.saml_redirect_url
|
||||
idp_initiated_sso_url_name = "saml_gitlab"
|
||||
front_channel_logout = false
|
||||
|
||||
assertion_consumer_post_url = var.gitlab_instance.saml_redirect_url
|
||||
}
|
||||
|
|
@ -257,6 +256,7 @@ resource "keycloak_openid_client" "openid_gitlab" {
|
|||
|
||||
access_type = "PUBLIC"
|
||||
standard_flow_enabled = true
|
||||
use_refresh_tokens = false
|
||||
full_scope_allowed = false
|
||||
valid_redirect_uris = [
|
||||
"https://gitlab.archlinux.org"
|
||||
|
|
@ -775,6 +775,7 @@ resource "keycloak_openid_client" "grafana_openid_client" {
|
|||
|
||||
access_type = "CONFIDENTIAL"
|
||||
standard_flow_enabled = true
|
||||
use_refresh_tokens = false
|
||||
valid_redirect_uris = [
|
||||
"https://monitoring.archlinux.org",
|
||||
"https://monitoring.archlinux.org/login/generic_oauth"
|
||||
|
|
@ -802,6 +803,7 @@ resource "keycloak_openid_client" "hedgedoc_openid_client" {
|
|||
|
||||
access_type = "CONFIDENTIAL"
|
||||
standard_flow_enabled = true
|
||||
use_refresh_tokens = false
|
||||
valid_redirect_uris = [
|
||||
"https://md.archlinux.org/*",
|
||||
]
|
||||
|
|
@ -828,6 +830,7 @@ resource "keycloak_openid_client" "matrix_openid_client" {
|
|||
|
||||
access_type = "CONFIDENTIAL"
|
||||
standard_flow_enabled = true
|
||||
use_refresh_tokens = false
|
||||
valid_redirect_uris = [
|
||||
"https://matrix.archlinux.org/_synapse/client/oidc/callback"
|
||||
]
|
||||
|
|
@ -857,6 +860,7 @@ resource "keycloak_openid_client" "gluebuddy_openid_client" {
|
|||
|
||||
access_type = "CONFIDENTIAL"
|
||||
standard_flow_enabled = true
|
||||
use_refresh_tokens = false
|
||||
valid_redirect_uris = [
|
||||
"https://gitlab.archlinux.org/"
|
||||
]
|
||||
|
|
@ -872,6 +876,7 @@ resource "keycloak_openid_client" "security_tracker_openid_client" {
|
|||
|
||||
access_type = "CONFIDENTIAL"
|
||||
standard_flow_enabled = true
|
||||
use_refresh_tokens = false
|
||||
web_origins = []
|
||||
valid_redirect_uris = [
|
||||
"https://security.archlinux.org/*",
|
||||
|
|
|
|||
|
|
@ -4,12 +4,10 @@ terraform {
|
|||
source = "hashicorp/external"
|
||||
}
|
||||
keycloak = {
|
||||
source = "mrparkers/keycloak"
|
||||
version = "2.0.0"
|
||||
source = "mrparkers/keycloak"
|
||||
}
|
||||
uptimerobot = {
|
||||
source = "louy/uptimerobot"
|
||||
version = "0.5.1"
|
||||
source = "louy/uptimerobot"
|
||||
}
|
||||
}
|
||||
required_version = ">= 0.13"
|
||||
|
|
|
|||
Loading…
Reference in New Issue