test.rubykaigi.net with authenticate_oidc action through dex

ruby-no-kai · Aug 24, 2022 · f5d628c · f5d628c
1 parent 144b3b6
commit f5d628c
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 0 deletions.
diff --git a/tf/core/alb_auth.tf b/tf/core/alb_auth.tf
@@ -0,0 +1,12 @@
+locals {
+  alb_oidc = {
+    authorization_endpoint     = "https://idp.rubykaigi.net/auth"
+    token_endpoint             = "https://idp-internal.rubykaigi.net/token"
+    user_info_endpoint         = "https://idp-internal.rubykaigi.net/userinfo"
+    client_id                  = "5VM7b7zXTEcQA5zcW2wmY0PM7RK2W6yT5M6xglFj8SI"
+    client_secret              = "rQHgwpnOwsUTpvp6QDttq2KNs53HMbtPp5k4Go307Ds"
+    issuer                     = "https://idp.rubykaigi.net"
+    on_unauthenticated_request = "authenticate"
+    session_timeout            = 12 * 3600
+  }
+}
diff --git a/tf/core/alb_rules.tf b/tf/core/alb_rules.tf
@@ -1,3 +1,45 @@
+resource "aws_lb_listener_rule" "common-test" {
+  listener_arn = aws_lb_listener.common-https.arn
+  priority     = 100
+  condition {
+    host_header {
+      values = ["test.rubykaigi.net"]
+    }
+  }
+  action {
+    type = "authenticate-oidc"
+    authenticate_oidc {
+      authorization_endpoint     = local.alb_oidc.authorization_endpoint
+      token_endpoint             = local.alb_oidc.token_endpoint
+      user_info_endpoint         = local.alb_oidc.user_info_endpoint
+      client_id                  = local.alb_oidc.client_id
+      client_secret              = local.alb_oidc.client_secret
+      issuer                     = local.alb_oidc.issuer
+      on_unauthenticated_request = local.alb_oidc.on_unauthenticated_request
+      session_timeout            = local.alb_oidc.session_timeout
+    }
+  }
+  action {
+    type = "fixed-response"
+    fixed_response {
+      content_type = "text/html"
+      message_body = "<!DOCTYPE html><html lang=en><head><meta charset=utf-8><body><img src=\"https://img.sorah.jp/x/20220824_054329_Wx7mcpRweD.png\">"
+      status_code  = 200
+    }
+  }
+}
+
+resource "aws_route53_record" "test_rubykaigi_net" {
+  for_each = local.rubykaigi_net_zones
+  name     = "test.rubykaigi.net."
+  zone_id  = each.value
+  type     = "CNAME"
+  ttl      = 60
+  records  = ["ops-lb.rubykaigi.net."]
+}
+
+###
+
 resource "aws_lb_target_group" "common-dex" {
   name        = "rknw-common-dex"
   port        = 80