feat: default oidc values

Signed-off-by: Raphaël Pinson <raphael.pinson@camptocamp.com>
camptocamp · Jan 18, 2022 · 3dbdde6 · 3dbdde6
1 parent 2f658db
commit 3dbdde6
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 6 deletions.
diff --git a/modules/local.tf b/modules/local.tf
@@ -16,4 +16,18 @@ locals {
   )
 
   user_map = { for username, infos in local.keycloak.user_map : username => merge(infos, tomap({ password = random_password.keycloak_passwords[username].result })) }
+
+
+  oidc = {
+    issuer_url    = format("https://keycloak.apps.%s.%s/auth/realms/devops-stack", var.cluster_name, var.base_domain)
+    oauth_url     = format("https://keycloak.apps.%s.%s/auth/realms/devops-stack/protocol/openid-connect/auth", var.cluster_name, var.base_domain)
+    token_url     = format("https://keycloak.apps.%s.%s/auth/realms/devops-stack/protocol/openid-connect/token", var.cluster_name, var.base_domain)
+    api_url       = format("https://keycloak.apps.%s.%s/auth/realms/devops-stack/protocol/openid-connect/userinfo", var.cluster_name, var.base_domain)
+    client_id     = "devops-stack-applications"
+    client_secret = random_password.clientsecret.result
+    oauth2_proxy_extra_args = [
+      "--insecure-oidc-skip-issuer-verification=true",
+      "--ssl-insecure-skip-verify=true",
+    ]
+  }
 }
diff --git a/modules/main.tf b/modules/main.tf
@@ -32,7 +32,7 @@ resource "argocd_project" "this" {
 
 data "utils_deep_merge_yaml" "values" {
   input = [ for i in var.profiles : templatefile("${path.module}/profiles/${i}.yaml", {
-      oidc           = var.oidc,
+      oidc           = local.oidc,
       base_domain    = var.base_domain,
       cluster_issuer = var.cluster_issuer,
       argocd         = var.argocd,
@@ -112,6 +112,11 @@ resource "argocd_application" "this" {
   depends_on = [ argocd_application.operator ]
 }
 
+resource "random_password" "clientsecret" {
+  length  = 16
+  special = false
+}
+
 #data "kubernetes_secret" "keycloak_admin_password" {
 #  metadata {
 #    name      = "credential-keycloak"

diff --git a/modules/outputs.tf b/modules/outputs.tf
@@ -1,3 +1,9 @@
+output "oidc" {
+  description = "OIDC values"
+  sensitive   = true
+  value       = local.oidc
+}
+
 output "keycloak_users" {
   value     = { for username, infos in local.user_map : username => lookup(infos, "password") }
   sensitive = true

diff --git a/modules/variables.tf b/modules/variables.tf
@@ -10,11 +10,6 @@ variable "base_domain" {
   type = string
 }
 
-variable "oidc" {
-  type = any
-  default = {}
-}
-
 variable "argocd" {
   type = object({
     namespace  = string