This repository stores the Terraform scripts to provision BCGov SSO infrastructure in Silver and Gold Keycloak instances.
The general workflow for an SSO integration creation/update is:
-
The requester makes a request via CSS self-service app.
-
The CSS self-service app backend server dispatches
requestGitHub action. -
The
requestGitHub action creates a PR with the changes and send the PR information to CSS self-service app backend server. -
The CSS self-service app backend server merges the PR via GitHub API endpoint.
-
The CSS self-service app batch service dispatches
terraform-batchGitHub actions every given interval. -
The
terraform-batchGitHub actions communicate with the CSS self-service app backend server to check if there is a pending request and if so, applies the Terraform scripts. -
Once the Terraform scripts applied, it sends the results back to the CSS self-service app backend server.
- sso-requests: stores codebase for the main self-service app;
Common Hosted Single Sign-on (CSS). - sso-requests-actions: stores the custom GitHub actions used by SSO projects, including this repository.
- sso-terraform-modules: stores the custom Terraform modules used this repository.
- sso-terraform-dev: stores the sandbox environment of this repository to mimic the workflows and behaviours.
Gold custom realms are managed by Terrafrom in a separate Terraform backend state. To create a new custom realm, create a new Terraform script that has the required definition of the realm:
cd terraform-v2-custom/keycloak-<env>/custom-realms
cat >>"new-realm.tf" <<EOF
module "new-realm" {
source = "github.com/bcgov/sso-terraform-modules?ref=main/modules/custom-realm"
realm_name = "new-realm"
enabled = true
}
EOFThis terraform file is applied when the PR is merged into the main branch. A github action will trigger, adding the custom realm to the gold cluster. Deleting the new-realm.tf file will delete the custom realm when the change is merged into the main branch.
- Please use
Kebab casefor the custom realm Terraform files. e.g.sso-team-test.tf