25 lines
997 B
Terraform
25 lines
997 B
Terraform
|
resource "keycloak_openid_client" "oidc" {
|
||
|
realm_id = var.realm
|
||
|
client_id = var.client_id
|
||
|
name = var.name != null ? var.name : var.client_id
|
||
|
enabled = true
|
||
|
use_refresh_tokens = var.use_refresh_tokens
|
||
|
service_accounts_enabled = var.service_accounts_enabled
|
||
|
|
||
|
access_type = "CONFIDENTIAL"
|
||
|
standard_flow_enabled = true
|
||
|
root_url = var.root_url != null ? var.root_url : "https://${var.client_id}.janky.solutions"
|
||
|
valid_redirect_uris = length(var.valid_redirect_uris) == 0 ? ["/*"] : var.valid_redirect_uris
|
||
|
}
|
||
|
|
||
|
# resource "keycloak_openid_client_service_account_realm_role" ""
|
||
|
|
||
|
resource "vault_kv_secret_v2" "oidc" {
|
||
|
mount = var.vault_mount
|
||
|
name = "${var.namespace != null ? var.namespace : var.client_id}/default/oidc-client-credentials-${var.client_id}"
|
||
|
data_json = jsonencode({
|
||
|
client_id = keycloak_openid_client.oidc.client_id,
|
||
|
client_secret = keycloak_openid_client.oidc.client_secret
|
||
|
})
|
||
|
}
|