2025-03-17 11:00:52 +00:00 · 2025-03-17 11:00:52 +00:00 · dd392ef054
commit dd392ef054
parent 97f22e0ea6
4 changed files with 46 additions and 33 deletions
--- a/ops/keycloak/identity_providers.tf
+++ b/ops/keycloak/identity_providers.tf
@ -0,0 +1,41 @@
+variable "github_client_secret" {
+  type = string
+}
+
+variable "gitlab_client_secret" {
+  type = string
+}
+
+resource "keycloak_oidc_identity_provider" "github" {
+  alias                 = "github"
+  provider_id           = "github"
+  client_id             = "Ov23liKpXqs0aPaVgDpg"
+  client_secret         = var.github_client_secret
+  realm                 = keycloak_realm.snix.id
+  backchannel_supported = false
+  gui_order             = "1"
+  store_token           = false
+  sync_mode             = "IMPORT"
+  trust_email           = true
+  default_scopes        = "openid user:email"
+
+  authorization_url = ""
+  token_url         = ""
+}
+
+resource "keycloak_oidc_identity_provider" "gitlab" {
+  alias                 = "gitlab"
+  provider_id           = "gitlab"
+  client_id             = "6ecb359ede53f7d80003d127dc4448bd1b1d73631a01273d9576e00ff9a94d2c"
+  client_secret         = var.gitlab_client_secret
+  realm                 = keycloak_realm.snix.id
+  backchannel_supported = false
+  gui_order             = "2"
+  store_token           = false
+  sync_mode             = "IMPORT"
+  trust_email           = true
+  default_scopes        = "openid read_user"
+
+  authorization_url = ""
+  token_url         = ""
+}
--- a/ops/keycloak/user_sources.tf
+++ b/ops/keycloak/user_sources.tf
@ -1,27 +0,0 @@
-# All user sources, that is services from which Keycloak gets user
-# information (either by accessing a system like LDAP or integration
-# through protocols like OIDC).
-
-variable "github_client_secret" {
-  type = string
-}
-
-# keycloak_oidc_identity_provider.github will be destroyed
-# (because keycloak_oidc_identity_provider.github is not in configuration)
-resource "keycloak_oidc_identity_provider" "github" {
-  alias                 = "github"
-  provider_id           = "github"
-  client_id             = "Ov23liKpXqs0aPaVgDpg"
-  client_secret         = var.github_client_secret
-  realm                 = keycloak_realm.snix.id
-  backchannel_supported = false
-  gui_order             = "1"
-  store_token           = false
-  sync_mode             = "IMPORT"
-  trust_email           = true
-  default_scopes        = "openid user:email"
-
-  # These default to built-in values for the `github` provider_id.
-  authorization_url = ""
-  token_url         = ""
-}