Skip to content

Instantly share code, notes, and snippets.

@jleclanche

jleclanche/keycloak.tf

Created October 6, 2019 09:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jleclanche/70b83ed82bb902f13a397a080473de09 to your computer and use it in GitHub Desktop.
Save jleclanche/70b83ed82bb902f13a397a080473de09 to your computer and use it in GitHub Desktop.
Download ZIP
keycloak arch linux
Raw
keycloak.tf
provider "keycloak" {
client_id = "terraform"
username = "lol"
password = "lol"
url = "https://gitlab.archlinux.org:8443"
}
variable "devops" {
default = [
"jleclanche"
]
}
variable "gitlab_instance" {
default = {
root_url = "https://gitlab.archlinux.org"
saml_redirect_url = "https://gitlab.archlinux.org/users/auth/saml/callback"
}
}
/*resource "keycloak_realm" "realm" {
realm = "master"
enabled = true
}*/
resource "keycloak_saml_client" "saml_gitlab_archlinux" {
realm_id = "master" // "${keycloak_realm.realm.id}"
client_id = "saml_gitlab"
name = "GitLab SAML (Terraform)"
enabled = true
// access_type = "CONFIDENTIAL"
valid_redirect_uris = [
var.gitlab_instance.saml_redirect_url
]
root_url = var.gitlab_instance.root_url
base_url = "/" // needed?
master_saml_processing_url = var.gitlab_instance.saml_redirect_url // needed?
// idp_initiated_sso_url_name = self.client_id
idp_initiated_sso_url_name = "saml_gitlab_archlinux"
assertion_consumer_post_url = var.gitlab_instance.saml_redirect_url
// standard_flow_enabled = true
}
resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_email" {
realm_id = "master"
client_id = keycloak_saml_client.saml_gitlab_archlinux.id
name = "email"
user_property = "Email"
friendly_name = "Email"
saml_attribute_name = "email"
saml_attribute_name_format = "Basic"
}
resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_name" {
realm_id = "master"
client_id = keycloak_saml_client.saml_gitlab_archlinux.id
name = "name"
user_property = "Username"
friendly_name = "Username"
saml_attribute_name = "name"
saml_attribute_name_format = "Basic"
}
resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_first_name" {
realm_id = "master"
client_id = keycloak_saml_client.saml_gitlab_archlinux.id
name = "first_name"
user_property = "FirstName"
friendly_name = "First Name"
saml_attribute_name = "first_name"
saml_attribute_name_format = "Basic"
}
resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_last_name" {
realm_id = "master"
client_id = keycloak_saml_client.saml_gitlab_archlinux.id
name = "last_name"
user_property = "LastName"
friendly_name = "Last Name"
saml_attribute_name = "last_name" // maybe just name
saml_attribute_name_format = "Basic"
}
resource "keycloak_group" "devops" {
realm_id = "master"
name = "DevOps"
}
resource "keycloak_role" "devops" {
realm_id = "master"
name = "DevOps"
description = "DevOps role"
}
resource "keycloak_group_roles" "group_roles" {
realm_id = "master"
group_id = keycloak_group.devops.id
role_ids = [
keycloak_role.devops.id
]
}
// devops mappings
resource "keycloak_group_memberships" "devops" {
realm_id = "master"
group_id = keycloak_group.devops.id
members = var.devops
}
variable "gitlab_url" {
default = "https://gitlab.archlinux.org"
}
variable "keycloak_url" {
default = "https://gitlab.archlinux.org:8443"
}
output "gitlab_saml_configuration" {
value = {
issuer = keycloak_saml_client.saml_gitlab_archlinux.client_id
assertion_consumer_service_url = var.gitlab_instance.sal_redirect_url
admin_groups = [keycloak_role.devops.name]
idp_sso_target_url = "${var.keycloak_url}/auth/realms/master/protocol/saml/clients/${keycloak_saml_client.saml_gitlab_archlinux.client_id}"
idp_cert_fingerprint = "TODO"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment