maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
21890 commits 1 branch 0 tags 188 MiB
Commit graph

2 commits

Author SHA1 Message Date
Florian Klink
c706826aa9 feat(ops/keycloak): configure Buildkite SAML 
This enables logging in to Buildkite with SAML.

Fixes #95.

Change-Id: Ieaa87c660692953305619c2bd8270d2329bd7545
Reviewed-on: https://cl.snix.dev/c/snix/+/30478
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Jonas Chevalier <zimbatm@zimbatm.com>
 2025-05-05 12:36:30 +00:00
Florian Klink
e20ff4cb60 fix(ops/keycloak): fix assigning grafana_roles 
keycloak_openid_user_client_role_protocol_mapper.grafana_role_mapper was
missing. It is configured to make the client roles for this Application
(and only those for this application) available in the grafana_roles
claim.

We can also disable full scope, as we're not interested in other role
mappings.

The Terraform files are a bit reorganized, everything configuring the
Grafana client lives in grafana.tf (and vice-versa for Forgejo,
Buildkite and Gerrit). The only thing left in permissions.tf is global
groups, their memberships and mappings.

Change-Id: I37b0755f4f8658518083353ec6cc0193e805d5c2
Reviewed-on: https://cl.snix.dev/c/snix/+/30476
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
Reviewed-by: Jonas Chevalier <zimbatm@zimbatm.com>
 2025-05-05 12:36:30 +00:00