Skip to content

bcgov/sso-terraform

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13,796 Commits
.github
.github
 
 
bin
bin
 
 
dockerfiles
dockerfiles
 
 
docs
docs
 
 
examples/next-app
examples/next-app
 
 
keycloak-exports
keycloak-exports
 
 
scripts
scripts
 
 
terraform-v2-custom
terraform-v2-custom
 
 
terraform-v2
terraform-v2
 
 
terraform
terraform
 
 
.editorconfig
.editorconfig
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gitlint
.gitlint
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.prettierrc
.prettierrc
 
 
.tool-versions
.tool-versions
 
 
CODEOWNERS
CODEOWNERS
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
COMPLIANCE.yaml
COMPLIANCE.yaml
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
START_HERE.md
START_HERE.md
 
 
package.json
package.json
 
 
requirements.txt
requirements.txt
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

sso-terraform

Lifecycle:Stable

This repository stores the Terraform scripts to provision BCGov SSO infrastructure in Silver and Gold Keycloak instances.

Workflow

The general workflow for an SSO integration creation/update is:

  1. The requester makes a request via CSS self-service app.

  2. The CSS self-service app backend server dispatches request GitHub action.

  3. The request GitHub action creates a PR with the changes and send the PR information to CSS self-service app backend server.

  4. The CSS self-service app backend server merges the PR via GitHub API endpoint.

  5. The CSS self-service app batch service dispatches terraform-batch GitHub actions every given interval.

  6. The terraform-batch GitHub actions communicate with the CSS self-service app backend server to check if there is a pending request and if so, applies the Terraform scripts.

  7. Once the Terraform scripts applied, it sends the results back to the CSS self-service app backend server.

Related Repositories

  1. sso-requests: stores codebase for the main self-service app; Common Hosted Single Sign-on (CSS).
  2. sso-requests-actions: stores the custom GitHub actions used by SSO projects, including this repository.
  3. sso-terraform-modules: stores the custom Terraform modules used this repository.
  4. sso-terraform-dev: stores the sandbox environment of this repository to mimic the workflows and behaviours.

Custom Realms in Gold cluster

Gold custom realms are managed by Terrafrom in a separate Terraform backend state. To create a new custom realm, create a new Terraform script that has the required definition of the realm:

cd terraform-v2-custom/keycloak-<env>/custom-realms
cat >>"new-realm.tf" <<EOF
module "new-realm" {
  source     = "github.com/bcgov/sso-terraform-modules?ref=main/modules/custom-realm"
  realm_name = "new-realm"
  enabled    = true
}
EOF

This terraform file is applied when the PR is merged into the main branch. A github action will trigger, adding the custom realm to the gold cluster. Deleting the new-realm.tf file will delete the custom realm when the change is merged into the main branch.

  • Please use Kebab case for the custom realm Terraform files. e.g. sso-team-test.tf

About

Versioned client configurations for RedHat SSO

bcgov.github.io/sso-terraform/

Topics

citz bcgov-sso

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

3 stars

Watchers

8 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 13

Languages