JankySolutions/infra
2
0
Fork 0
Code Issues Pull requests9 Projects Releases Packages12 Wiki Activity Actions

tf: fmt

Browse source
This commit is contained in:
Finn 2025-03-24 10:41:20 -07:00
parent 1c11e70926
commit ea20de8902
6 changed files with 51 additions and 51 deletions

8
tf/bao.tf
View file

@ -3,8 +3,8 @@ resource "vault_auth_backend" "kubernetes" {
}
resource "vault_kubernetes_auth_backend_config" "example" {
backend = vault_auth_backend.kubernetes.path
kubernetes_host = "https://kubernetes.default.svc.cluster.local:443"
backend = vault_auth_backend.kubernetes.path
kubernetes_host = "https://kubernetes.default.svc.cluster.local:443"
}
resource "vault_kubernetes_auth_backend_role" "k8s-default" {
@ -13,7 +13,7 @@ resource "vault_kubernetes_auth_backend_role" "k8s-default" {
bound_service_account_names = ["default"]
bound_service_account_namespaces = ["*"]
token_ttl = 3600
token_policies = [
token_policies = [
vault_policy.k8s_default.name
]
}
@ -30,6 +30,6 @@ resource "vault_policy" "k8s_default" {
policy = templatefile("bao-policies/k8s-default.hcl", {
k8s_auth_backend_accessor = vault_auth_backend.kubernetes.accessor,
k8s_secrets_path = vault_mount.static_secrets.path,
k8s_secrets_path = vault_mount.static_secrets.path,
})
}

8
tf/keycloak-clients.tf
View file

@ -2,16 +2,16 @@
module "keycloak_client_tofu" {
source = "./keycloak-client"
realm = keycloak_realm.dev.id
realm = keycloak_realm.dev.id
vault_mount = vault_mount.static_secrets.path
client_id = "tofu"
client_id = "tofu"
service_accounts_enabled = true
}
data "keycloak_openid_client" "realm_management" {
realm_id = keycloak_realm.dev.id
client_id = "realm-management"
realm_id = keycloak_realm.dev.id
client_id = "realm-management"
}
resource "keycloak_openid_client_service_account_role" "client_service_account_role" {

18
tf/keycloak-normal-flow.tf
View file

@ -1,6 +1,6 @@
resource "keycloak_authentication_flow" "webauthn_browser" {
realm_id = keycloak_realm.dev.id
alias = "webauthn_browser"
realm_id = keycloak_realm.dev.id
alias = "webauthn_browser"
description = "browser based authentication"
}
@ -18,20 +18,20 @@ resource "keycloak_authentication_subflow" "webauthn_flow" {
parent_flow_alias = keycloak_authentication_flow.webauthn_browser.alias
provider_id = "basic-flow"
requirement = "ALTERNATIVE"
depends_on = [ keycloak_authentication_execution.auth_cookie ]
depends_on = [keycloak_authentication_execution.auth_cookie]
}
resource "keycloak_authentication_execution" "user_pass" {
realm_id = keycloak_realm.dev.id
realm_id = keycloak_realm.dev.id
parent_flow_alias = keycloak_authentication_subflow.webauthn_flow.alias
authenticator = "auth-username-password-form"
requirement = "REQUIRED"
authenticator = "auth-username-password-form"
requirement = "REQUIRED"
}
resource "keycloak_authentication_execution" "webauthn" {
realm_id = keycloak_realm.dev.id
realm_id = keycloak_realm.dev.id
parent_flow_alias = keycloak_authentication_subflow.webauthn_flow.alias
authenticator = "webauthn-authenticator"
requirement = "REQUIRED"
authenticator = "webauthn-authenticator"
requirement = "REQUIRED"
}

46
tf/keycloak-passkey-flow.tf
View file

@ -1,6 +1,6 @@
resource "keycloak_authentication_flow" "passkey" {
realm_id = keycloak_realm.dev.id
alias = "passkey"
realm_id = keycloak_realm.dev.id
alias = "passkey"
description = "browser based authentication"
}
@ -17,14 +17,14 @@ resource "keycloak_authentication_subflow" "passkey_forms" {
parent_flow_alias = keycloak_authentication_flow.passkey.alias
provider_id = "basic-flow"
requirement = "ALTERNATIVE"
depends_on = [ keycloak_authentication_execution.auth_cookie ]
depends_on = [keycloak_authentication_execution.auth_cookie]
}
resource "keycloak_authentication_execution" "passkey_username" {
realm_id = keycloak_realm.dev.id
realm_id = keycloak_realm.dev.id
parent_flow_alias = keycloak_authentication_subflow.passkey_forms.alias
authenticator = "auth-username-form"
requirement = "REQUIRED"
authenticator = "auth-username-form"
requirement = "REQUIRED"
}
resource "keycloak_authentication_subflow" "passkey_passwordless_or_2fa" {
@ -33,15 +33,15 @@ resource "keycloak_authentication_subflow" "passkey_passwordless_or_2fa" {
parent_flow_alias = keycloak_authentication_subflow.passkey_forms.alias
provider_id = "basic-flow"
requirement = "REQUIRED"
depends_on = [ keycloak_authentication_execution.passkey_username ]
depends_on = [keycloak_authentication_execution.passkey_username]
}
resource "keycloak_authentication_execution" "passkey_webauthn_passwordless" {
realm_id = keycloak_realm.dev.id
realm_id = keycloak_realm.dev.id
parent_flow_alias = keycloak_authentication_subflow.passkey_passwordless_or_2fa.alias
authenticator = "webauthn-authenticator-passwordless"
requirement = "ALTERNATIVE"
depends_on = [ keycloak_authentication_execution.passkey_username ]
authenticator = "webauthn-authenticator-passwordless"
requirement = "ALTERNATIVE"
depends_on = [keycloak_authentication_execution.passkey_username]
}
resource "keycloak_authentication_subflow" "passkey_password_and_second_factor" {
@ -53,10 +53,10 @@ resource "keycloak_authentication_subflow" "passkey_password_and_second_factor"
}
resource "keycloak_authentication_execution" "passkey_password" {
realm_id = keycloak_realm.dev.id
realm_id = keycloak_realm.dev.id
parent_flow_alias = keycloak_authentication_subflow.passkey_password_and_second_factor.alias
authenticator = "auth-password-form"
requirement = "REQUIRED"
authenticator = "auth-password-form"
requirement = "REQUIRED"
}
resource "keycloak_authentication_subflow" "passkey_second_factor" {
@ -68,22 +68,22 @@ resource "keycloak_authentication_subflow" "passkey_second_factor" {
}
resource "keycloak_authentication_execution" "passkey_user_configured_condition" {
realm_id = keycloak_realm.dev.id
realm_id = keycloak_realm.dev.id
parent_flow_alias = keycloak_authentication_subflow.passkey_second_factor.alias
authenticator = "conditional-user-configured"
requirement = "REQUIRED"
authenticator = "conditional-user-configured"
requirement = "REQUIRED"
}
resource "keycloak_authentication_execution" "passkey_webauthn" {
realm_id = keycloak_realm.dev.id
realm_id = keycloak_realm.dev.id
parent_flow_alias = keycloak_authentication_subflow.passkey_second_factor.alias
authenticator = "webauthn-authenticator"
requirement = "ALTERNATIVE"
authenticator = "webauthn-authenticator"
requirement = "ALTERNATIVE"
}
resource "keycloak_authentication_execution" "passkey_otp" {
realm_id = keycloak_realm.dev.id
realm_id = keycloak_realm.dev.id
parent_flow_alias = keycloak_authentication_subflow.passkey_second_factor.alias
authenticator = "auth-otp-form"
requirement = "ALTERNATIVE"
authenticator = "auth-otp-form"
requirement = "ALTERNATIVE"
}

10
tf/keycloak.tf
View file

@ -1,11 +1,11 @@
resource "keycloak_realm" "dev" {
realm = "dev.janky.solutions"
enabled = true
display_name = "Janky Solutions (dev)"
realm = "dev.janky.solutions"
enabled = true
display_name = "Janky Solutions (dev)"
default_signature_algorithm = "RS256"
}
resource "keycloak_authentication_bindings" "browser_authentication_binding" {
realm_id = keycloak_realm.dev.id
browser_flow = keycloak_authentication_flow.passkey.alias
realm_id = keycloak_realm.dev.id
browser_flow = keycloak_authentication_flow.passkey.alias
}

12
tf/providers.tf
View file

@ -1,9 +1,9 @@
data "terraform_remote_state" "kube" {
backend = "kubernetes"
config = {
secret_suffix = "state"
namespace = "tofu"
config_path = "../.kubeconfig"
secret_suffix = "state"
namespace = "tofu"
config_path = "../.kubeconfig"
}
}
@ -12,13 +12,13 @@ provider "vault" {}
terraform {
required_providers {
keycloak = {
source = "mrparkers/keycloak"
source = "mrparkers/keycloak"
version = ">= 4.0.0"
}
}
}
provider "keycloak" {
realm = "dev.janky.solutions"
url = "https://auth.janky.solutions"
realm = "dev.janky.solutions"
url = "https://auth.janky.solutions"
}