~xenrox/ansible

209b2fe3fcd362fdfa7cbadceff88e92408e8d2d — Thorben Günther 2 years ago 32513e7
keycloak: ansible vault -> hashicorp vault
2 files changed, 18 insertions(+), 8 deletions(-)

M terraform_keycloak/keycloak.tf
M terraform_keycloak/versions.tf
M terraform_keycloak/keycloak.tf => terraform_keycloak/keycloak.tf +15 -8
@@ 9,14 9,21 @@ data "external" "vault_keycloak" {
  "group_vars/all/vault_keycloak.yml"]
}

data "external" "vault_email" {
  program = ["${path.module}/../misc/read-vault.py",
  "group_vars/all/vault_email.yml"]
data "vault_generic_secret" "nextcloud" {
  path = "ansible/nextcloud"
}

data "vault_generic_secret" "peertube" {
  path = "ansible/peertube"
}

data "external" "vault_oidc" {
data "vault_generic_secret" "vault" {
  path = "ansible/vault"
}

data "external" "vault_email" {
  program = ["${path.module}/../misc/read-vault.py",
  "group_vars/all/vault_oidc.yml"]
  "group_vars/all/vault_email.yml"]
}

provider "keycloak" {


@@ 108,7 115,7 @@ resource "keycloak_group_roles" "peertube" {
resource "keycloak_openid_client" "vault_openid_client" {
  realm_id      = "xenrox"
  client_id     = "openid_vault"
  client_secret = data.external.vault_oidc.result.vault_oidc_vault_secret
  client_secret = data.vault_generic_secret.vault.data["oidc_secret"]

  name                  = "Vault"
  enabled               = true


@@ 138,7 145,7 @@ resource "keycloak_role" "vault_admin" {
resource "keycloak_openid_client" "peertube_openid_client" {
  realm_id      = "xenrox"
  client_id     = "openid_peertube"
  client_secret = data.external.vault_oidc.result.vault_oidc_peertube_secret
  client_secret = data.vault_generic_secret.peertube.data["oidc_secret"]

  name                  = "Peertube"
  enabled               = true


@@ 167,7 174,7 @@ resource "keycloak_role" "peertube" {
resource "keycloak_openid_client" "nextcloud_openid_client" {
  realm_id      = "xenrox"
  client_id     = "openid_nextcloud"
  client_secret = data.external.vault_oidc.result.vault_oidc_nextcloud_secret
  client_secret = data.vault_generic_secret.nextcloud.data["oidc_secret"]

  name                  = "Nextcloud"
  enabled               = true

M terraform_keycloak/versions.tf => terraform_keycloak/versions.tf +3 -0
@@ 3,6 3,9 @@ terraform {
    keycloak = {
      source = "mrparkers/keycloak"
    }
    vault = {
      source = "hashicorp/vault"
    }
  }
  required_version = ">= 0.13"
}