From 209b2fe3fcd362fdfa7cbadceff88e92408e8d2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorben=20G=C3=BCnther?= <admin@xenrox.net>
Date: Fri, 2 Jul 2021 14:31:07 +0200
Subject: [PATCH] keycloak: ansible vault -> hashicorp vault

---
 terraform_keycloak/keycloak.tf | 23 +++++++++++++++--------
 terraform_keycloak/versions.tf |  3 +++
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/terraform_keycloak/keycloak.tf b/terraform_keycloak/keycloak.tf
index 67dd9b1..d417c8f 100644
--- a/terraform_keycloak/keycloak.tf
+++ b/terraform_keycloak/keycloak.tf
@@ -9,14 +9,21 @@ data "external" "vault_keycloak" {
   "group_vars/all/vault_keycloak.yml"]
 }
 
-data "external" "vault_email" {
-  program = ["${path.module}/../misc/read-vault.py",
-  "group_vars/all/vault_email.yml"]
+data "vault_generic_secret" "nextcloud" {
+  path = "ansible/nextcloud"
+}
+
+data "vault_generic_secret" "peertube" {
+  path = "ansible/peertube"
 }
 
-data "external" "vault_oidc" {
+data "vault_generic_secret" "vault" {
+  path = "ansible/vault"
+}
+
+data "external" "vault_email" {
   program = ["${path.module}/../misc/read-vault.py",
-  "group_vars/all/vault_oidc.yml"]
+  "group_vars/all/vault_email.yml"]
 }
 
 provider "keycloak" {
@@ -108,7 +115,7 @@ resource "keycloak_group_roles" "peertube" {
 resource "keycloak_openid_client" "vault_openid_client" {
   realm_id      = "xenrox"
   client_id     = "openid_vault"
-  client_secret = data.external.vault_oidc.result.vault_oidc_vault_secret
+  client_secret = data.vault_generic_secret.vault.data["oidc_secret"]
 
   name                  = "Vault"
   enabled               = true
@@ -138,7 +145,7 @@ resource "keycloak_role" "vault_admin" {
 resource "keycloak_openid_client" "peertube_openid_client" {
   realm_id      = "xenrox"
   client_id     = "openid_peertube"
-  client_secret = data.external.vault_oidc.result.vault_oidc_peertube_secret
+  client_secret = data.vault_generic_secret.peertube.data["oidc_secret"]
 
   name                  = "Peertube"
   enabled               = true
@@ -167,7 +174,7 @@ resource "keycloak_role" "peertube" {
 resource "keycloak_openid_client" "nextcloud_openid_client" {
   realm_id      = "xenrox"
   client_id     = "openid_nextcloud"
-  client_secret = data.external.vault_oidc.result.vault_oidc_nextcloud_secret
+  client_secret = data.vault_generic_secret.nextcloud.data["oidc_secret"]
 
   name                  = "Nextcloud"
   enabled               = true
diff --git a/terraform_keycloak/versions.tf b/terraform_keycloak/versions.tf
index 9974e8a..cbe5aba 100644
--- a/terraform_keycloak/versions.tf
+++ b/terraform_keycloak/versions.tf
@@ -3,6 +3,9 @@ terraform {
     keycloak = {
       source = "mrparkers/keycloak"
     }
+    vault = {
+      source = "hashicorp/vault"
+    }
   }
   required_version = ">= 0.13"
 }
-- 
2.44.0