search

bcgov / social-access-portal

access portal POC for social sector apps
Apache License 2.0
0 stars 0 forks source link

BCSCP-11 Move BCSC idp config into app definition #27

Closed simensma-fresh closed 2 years ago

simensma-fresh commented 2 years ago

Summary

Moved BCSC Identity Provider definition into the application instead of on a realm level, to support one BCSC IDP per app. Added script to build + push Keycloak (make build-and-push-keycloak) to artifactory

Related PR: https://github.com/bcgov/social-access-portal-terraform-modules/pull/6

Changes

github-actions[bot] commented 2 years ago

Terraform plan in terraform/demo-app

Plan: 2 to add, 2 to change, 0 to destroy. ```hcl Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create ~ update in-place Terraform will perform the following actions: # module.demo_app_1.kubernetes_deployment.app_deployment will be updated in-place ~ resource "kubernetes_deployment" "app_deployment" { id = "b0f542-dev/ssag-demo-app-1" # (1 unchanged attribute hidden) ~ spec { # (5 unchanged attributes hidden) ~ template { ~ spec { # (11 unchanged attributes hidden) ~ container { ~ image = "roysagar11/ssag:v0.0.4" -> "roysagar11/ssag" name = "ssag-demo-app-1" # (8 unchanged attributes hidden) # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # (1 unchanged block hidden) } # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # module.demo_app_1.kubernetes_ingress.app_ingress will be created + resource "kubernetes_ingress" "app_ingress" { + id = (known after apply) + status = (known after apply) + metadata { + annotations = { + "route.openshift.io/termination" = "edge" } + generation = (known after apply) + name = "ssag-demo-app-1" + namespace = "b0f542-dev" + resource_version = (known after apply) + uid = (known after apply) } + spec { + backend { + service_name = "ssag-demo-app-1" + service_port = "80" } + rule { + host = "demo-app-1.apps.silver.devops.gov.bc.ca" + http { + path { + path = "/" + backend { + service_name = "ssag-demo-app-1" + service_port = "80" } } } } } } # module.demo_app_2.kubernetes_deployment.app_deployment will be updated in-place ~ resource "kubernetes_deployment" "app_deployment" { id = "b0f542-dev/ssag-demo-app-2" # (1 unchanged attribute hidden) ~ spec { # (5 unchanged attributes hidden) ~ template { ~ spec { # (11 unchanged attributes hidden) ~ container { ~ image = "roysagar11/ssag:v0.0.4" -> "roysagar11/ssag" name = "ssag-demo-app-2" # (8 unchanged attributes hidden) # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # (1 unchanged block hidden) } # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # module.demo_app_2.kubernetes_ingress.app_ingress will be created + resource "kubernetes_ingress" "app_ingress" { + id = (known after apply) + status = (known after apply) + metadata { + annotations = { + "route.openshift.io/termination" = "edge" } + generation = (known after apply) + name = "ssag-demo-app-2" + namespace = "b0f542-dev" + resource_version = (known after apply) + uid = (known after apply) } + spec { + backend { + service_name = "ssag-demo-app-2" + service_port = "80" } + rule { + host = "demo-app-2.apps.silver.devops.gov.bc.ca" + http { + path { + path = "/" + backend { + service_name = "ssag-demo-app-2" + service_port = "80" } } } } } } Plan: 2 to add, 2 to change, 0 to destroy. ```

:memo: Plan generated in Runs Demo applications terraform plan #27

github-actions[bot] commented 2 years ago

Terraform plan in terraform/infrastructure

No changes. Your infrastructure matches the configuration. ``` No changes. Your infrastructure matches the configuration. Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed. ```

:white_check_mark: Plan applied in Apply infrastructure terraform plan #23

github-actions[bot] commented 2 years ago

Terraform plan in terraform/keycloak

Plan: 15 to add, 0 to change, 0 to destroy. ```hcl Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_address will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_address" { + extra_config = { + "claim" = "address" + "syncMode" = "INHERIT" + "user.attribute" = "address" } + id = (known after apply) + identity_provider_alias = "bcsc" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "address" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_age will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_age" { + extra_config = { + "claim" = "age" + "syncMode" = "INHERIT" + "user.attribute" = "age" } + id = (known after apply) + identity_provider_alias = "bcsc" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "age" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_age19orover will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_age19orover" { + extra_config = { + "claim" = "age_19_or_over" + "syncMode" = "INHERIT" + "user.attribute" = "age19OrOver" } + id = (known after apply) + identity_provider_alias = "bcsc" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "age_19_or_over" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_birthdate will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_birthdate" { + extra_config = { + "claim" = "birthdate" + "syncMode" = "INHERIT" + "user.attribute" = "birthDate" } + id = (known after apply) + identity_provider_alias = "bcsc" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "birth_date" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_country will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_country" { + extra_config = { + "claim" = "country" + "syncMode" = "INHERIT" + "user.attribute" = "country" } + id = (known after apply) + identity_provider_alias = "bcsc" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "country" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_displayname will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_displayname" { + extra_config = { + "claim" = "display_name" + "syncMode" = "INHERIT" + "user.attribute" = "display_name" } + id = (known after apply) + identity_provider_alias = "bcsc" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "display_name" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_email will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_email" { + extra_config = { + "claim" = "email" + "syncMode" = "INHERIT" + "user.attribute" = "email" } + id = (known after apply) + identity_provider_alias = "bcsc" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "email" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_firstname will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_firstname" { + extra_config = { + "claim" = "given_name" + "syncMode" = "INHERIT" + "user.attribute" = "firstName" } + id = (known after apply) + identity_provider_alias = "bcsc" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "first_name" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_lastname will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_lastname" { + extra_config = { + "claim" = "family_name" + "syncMode" = "INHERIT" + "user.attribute" = "lastName" } + id = (known after apply) + identity_provider_alias = "bcsc" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "last_name" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_locality will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_locality" { + extra_config = { + "claim" = "locality" + "syncMode" = "INHERIT" + "user.attribute" = "locality" } + id = (known after apply) + identity_provider_alias = "bcsc" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "locality" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_postal_code will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_postal_code" { + extra_config = { + "claim" = "postal_code" + "syncMode" = "INHERIT" + "user.attribute" = "postalCode" } + id = (known after apply) + identity_provider_alias = "bcsc" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "postal_code" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_sex will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_sex" { + extra_config = { + "claim" = "gender" + "syncMode" = "INHERIT" + "user.attribute" = "gender" } + id = (known after apply) + identity_provider_alias = "bcsc" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "sex" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_state_or_province will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_state_or_province" { + extra_config = { + "claim" = "region" + "syncMode" = "INHERIT" + "user.attribute" = "region" } + id = (known after apply) + identity_provider_alias = "bcsc" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "state_or_province" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_street_address will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_street_address" { + extra_config = { + "claim" = "street_address" + "syncMode" = "INHERIT" + "user.attribute" = "streetAddress" } + id = (known after apply) + identity_provider_alias = "bcsc" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "street_address" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.module.bcsc-idp[0].module.bcsc_idp.keycloak_oidc_identity_provider.this will be created + resource "keycloak_oidc_identity_provider" "this" { + accepts_prompt_none_forward_from_client = false + add_read_token_role_on_create = false + alias = "bcsc" + authenticate_by_default = false + authorization_url = "https://idtest.gov.bc.ca/login/oidc/authorize" + backchannel_supported = true + client_id = (sensitive) + client_secret = (sensitive value) + default_scopes = "openid" + disable_user_info = false + display_name = "bcsc" + enabled = true + extra_config = { + "clientAuthMethod" = "client_secret_post" } + first_broker_login_flow_alias = "first broker login" + gui_order = "" + hide_on_login_page = false + id = (known after apply) + internal_id = (known after apply) + jwks_url = "https://idtest.gov.bc.ca/oauth2/jwk" + link_only = false + login_hint = "false" + logout_url = "" + post_broker_login_flow_alias = "" + provider_id = "****" + realm = "bcsc1" + store_token = false + sync_mode = "FORCE" + token_url = "https://idtest.gov.bc.ca/oauth2/token" + trust_email = false + ui_locales = false + user_info_url = "https://idtest.gov.bc.ca/oauth2/userinfo" + validate_signature = true } Plan: 15 to add, 0 to change, 0 to destroy. ```

:white_check_mark: Plan applied in Apply KeyCloak terraform plan #16