Home Explore Help
Sign In
bat9go
/
Ycsecurity
mirror of https://github.com/yandex-cloud/yc-solution-library-for-security
Watch 1
Star 0
Fork 0
Files Issues 0 Wiki
Tree: c69eb85924
Branches Tags
Ycsecurity
/
auth_and_access
/
org_iac_iam
/
module_keycloak
/
federation.tf

federation.tf 1.5 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 
  1. # =======================
    2. 

  2. # YC Federation Resources
    3. 

  3. # =======================
    4. 

  4. 

  5. resource "yandex_organizationmanager_saml_federation" federation {
    6. 

  6.   name = "keycloak"
    7. 

  7.   description = "Keycloak Federation"
    8. 

  8.   organization_id = var.org_id
    9. 

  9.   issuer = "https://${var.kc_fqdn}:${var.kc_port}/realms/${var.kc_realm}"
    10. 

  10.   sso_url = "https://${var.kc_fqdn}:${var.kc_port}/realms/${var.kc_realm}/protocol/saml"
    11. 

  11.   sso_binding = "POST"
    12. 

  12.   auto_create_account_on_login = true
    13. 

  13.   security_settings {
    14. 

  14.     encrypted_assertions = true
    15. 

  15.   }
    16. 

  16. }
    17. 

  17. 

  18. resource "null_resource" "federation_cert" {
    19. 

  19.   provisioner "local-exec" {
    20. 

  20.     command = <<-CMD
    21. 

  21.     echo -----BEGIN CERTIFICATE-----\\n$(curl -s https://${var.kc_fqdn}:${var.kc_port}/realms/${var.kc_realm}/protocol/saml/descriptor | awk '{split($0,lst,"X509Certificate>"); print substr(lst[2],1,length(lst[2])-5)}')\\n-----END CERTIFICATE----- | tee kc-cert.pem
    22. 

  22.     
    23. 

  23.     yc organization-manager federation saml certificate create \
    24. 

  24.     --name=kc-cert \
    25. 

  25.     --federation-id=${yandex_organizationmanager_saml_federation.federation.id} \
    26. 

  26.     --certificate-file=kc-cert.pem
    27. 

  27.     
    28. 

  28.     rm -f kc-cert.pem
    29. 

  29.     CMD
    30. 

  30.   }
    31. 

  31. 

  32.  depends_on = [
    33. 

  33.    yandex_compute_instance.vm_instance
    34. 

  34.  ]
    35. 

  35. }
    36. 

  36. 

  37. output "federation_link" {
    38. 

  38.   value     = "https://console.cloud.yandex.ru/federations/${yandex_organizationmanager_saml_federation.federation.id}" 
    39. 

  39. }
    40. 

  40. 

  41. output "keycloak_links" {
    42. 

  42.   value     = "https://${var.kc_fqdn}:8443"
    43. 

  43. }
    44. 

  44. 

  45. output "federation_id" {
    46. 

  46.   value     = yandex_organizationmanager_saml_federation.federation.id
    47. 

  47. }
    48.