infra: remove keycloak idp from cloudflare zero trust access

2025-01-05 20:33:57 +08:00 · 2025-01-05 20:33:57 +08:00 · d383b1c5ee
parent cf0238677f
commit d383b1c5ee
3 changed files with 3 additions and 18 deletions
--- a/infra/cloudflare.tf
+++ b/infra/cloudflare.tf
@ -129,20 +129,6 @@ resource "cloudflare_zero_trust_access_identity_provider" "pin_login" {
  type       = "onetimepin"
 }
 resource "cloudflare_zero_trust_access_identity_provider" "oidc_keycloak" {
  account_id = local.cloudflare_main_account_id
  name       = "Keycloak"
  type       = "oidc"
  config {
    client_id     = "cloudflare"
    client_secret = local.secrets.cloudflare.keycloak_oidc_secret
    auth_url      = "https://id.rebmit.moe/realms/rebmit/protocol/openid-connect/auth"
    token_url     = "https://id.rebmit.moe/realms/rebmit/protocol/openid-connect/token"
    certs_url     = "https://id.rebmit.moe/realms/rebmit/protocol/openid-connect/certs"
    scopes        = ["openid", "email", "profile"]
  }
 }
 # ------------------------------------
 # workers - mirror
--- a/infra/secrets.yaml
+++ b/infra/secrets.yaml
@ -3,7 +3,6 @@ cloudflare:
  api_token: ENC[AES256_GCM,data:7M6Lr5YADfgzSVsDNRNFWnB5mOwkMuMJmJ/+a7Dc0voZuqJs4tN9dQ==,iv:Kw3Q0D+dZqOowFNhIaFC4DtpD6fIDNuI1AqgzDOW1SA=,tag:Zk4Rjvn7BJAc/bpUZfERxA==,type:str]
  account_id: ENC[AES256_GCM,data:sLf/0k/YigCNmuMmJs1oAC0RH33kk/LEYyQ0mTCmGx8=,iv:/aLFeJ6CMUEF13jq/uH/qF+uh/Iw0exXaIiN2KLyiTM=,tag:JODPvMIOKwS1Hiv2u6HQ+A==,type:str]
  zone_id: ENC[AES256_GCM,data:iq4Gq3/+DsEVefEmo0wIHkokhi/1EbkVHWiXOdJdCFA=,iv:8CyDCjvVGyg0ekzr9LW3vIWKxjkx8uBP8Rv6i1dxUbE=,tag:+L9tbPbZ4YS4wy8fwmPKLg==,type:str]
  keycloak_oidc_secret: ENC[AES256_GCM,data:YYzNtvueXWpoYWZ7EMzY5SnBsYQ9STMCo7Ibywj6uec=,iv:4HjPanOy3MRoTDnouzmedu71d7kIrtNMEpMzqbOFDtw=,tag:MqyiGEvNUr8lBNe8dTgzVA==,type:str]
 b2:
  application_key_id: ENC[AES256_GCM,data:/d5o2E1AH9We5PO3Z6ht4gmWTYaIEi3SBQ==,iv:M01vQK8e0Vz47d3aSIf+ZBru5yKrI4RF2dWIt0QigXo=,tag:psl7KFArqDmewMtae0vxzw==,type:str]
  application_key: ENC[AES256_GCM,data:ilAp9RHqgIZdojHr0DWOJSf0Fa6/H9f8/pPKQ9tvCg==,iv:Vi8+s2zREguZPjkFkGcKzVRaRHKlXKQcU7fsLiNo48c=,tag:xlhWxf+ObzIUdu3D5CON+A==,type:str]
@ -24,8 +23,8 @@ sops:
        Rk1mSHZicDNuVVFpL1NMcS9NS0NmRXcKT2GiNJ8L2ADuoJPm5XF1SrkNZtEzh/i5
        8gGmswWnE+d7VM0BSnM64la/E4prcIhM4e4Ybyd8El6pwQN919gofQ==
        -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-12-22T06:48:39Z"
+  lastmodified: "2025-01-05T12:29:28Z"
-  mac: ENC[AES256_GCM,data:Z1W6xpn+z2zxv0XotubEs5Li5dDQeVadSDDRnvI5F08YUR6jbINdQqjmlRHsC2yJbbTTKXuaor3R+SeDK8tONQXVqKkCilgOn7VsDdRy1u2V8tn6dOkHrpxdn5EG6NJIODTCurLOX5Vgrz2d9qPuYJT0EN+M4C2b30MNn0/dVI8=,iv:kdtuCmHYp3BIL49LynjMSVFYsMZoc0DeVLBao/GrPqA=,tag:5PMiHibrcXSnDwwH3tIQ9A==,type:str]
+  mac: ENC[AES256_GCM,data:r3u0nBksPMdZAyWhnMjWcTUQWD834Ldd4I68elCAn50gYCDZQywUGK+8sPf9uOWhnskToemXGt6SIcMEmx/oTUydyqDlm7FLZ61fzTPbh6+U9q/uGjQ3cvAddLtmqwgEwr1AMSlDVF+cGbdDyRrHADSCz1zV0M14J1DZgF1uYCg=,iv:AxwAOvKm6Tm8p8//RGWOT5U+J5I/VbLQJ+7oUUd8Rw8=,tag:b/YY9nWr2YzX5AeCXDlR5g==,type:str]
  pgp: []
  unencrypted_suffix: _unencrypted
  version: 3.9.2
--- a/infra/terraform.tfstate
+++ b/infra/terraform.tfstate