titan-iac

Author	SHA1	Message	Date
Brad Stein	6f4cc58941	vault: prep helm releases and image pins	2026-01-13 19:29:14 -03:00
Brad Stein	e576daf98b	iac: localize configmap scripts	2026-01-13 12:07:03 -03:00
Brad Stein	8a22eb1d1c	planka: default users to project owners	2026-01-12 23:24:09 -03:00
Brad Stein	46d15d6216	planka: enable project owners via oidc	2026-01-12 23:14:17 -03:00
Brad Stein	9242efd8c6	keycloak: fix logs oauth2 cookie secret	2026-01-09 08:57:13 -03:00
Brad Stein	abc6e45d17	logging: add opensearch dashboards ui	2026-01-09 08:54:07 -03:00
Brad Stein	2141e1dfa0	keycloak: re-run mas secrets ensure	2026-01-08 05:43:33 -03:00
Brad Stein	0a1cab87c3	comms: re-run signing key and synapse oidc	2026-01-08 05:40:28 -03:00
Brad Stein	a84b51d640	sso: install kubectl in synapse oidc job	2026-01-08 03:57:35 -03:00
Brad Stein	b9e16fc155	sso: run synapse oidc job with kubectl	2026-01-08 03:56:18 -03:00
Brad Stein	4ffa39c5a4	comms: ensure core secrets and synapse oidc	2026-01-08 03:53:49 -03:00
Brad Stein	93f36f8faf	sso: recheck mas encryption bytes	2026-01-08 03:44:54 -03:00
Brad Stein	2d36ed954f	sso: validate mas encryption length	2026-01-08 03:43:06 -03:00
Brad Stein	72b815b050	sso: strip mas secret newlines	2026-01-08 03:38:51 -03:00
Brad Stein	03ca26dc57	sso: fix mas encryption secret	2026-01-08 03:35:40 -03:00
Brad Stein	b0040a85cf	keycloak: rerun MAS secrets bootstrap	2026-01-08 02:32:31 -03:00
Brad Stein	6678fbce0b	keycloak: rerun MAS secrets bootstrap	2026-01-08 02:25:55 -03:00
Brad Stein	864bf866c2	keycloak: use create for MAS secrets	2026-01-08 02:23:40 -03:00
Brad Stein	bf34e42bbe	keycloak: make MAS secret job idempotent	2026-01-08 02:21:37 -03:00
Brad Stein	2f9a2c2796	keycloak: allow MAS secret apply read access	2026-01-08 02:19:21 -03:00
Brad Stein	f1faa303ce	keycloak: rerun MAS secrets bootstrap	2026-01-08 02:17:04 -03:00
Brad Stein	22f63a06fa	keycloak: retry MAS secret bootstrap	2026-01-08 02:12:40 -03:00
Brad Stein	4f2eb38514	comms: ensure MAS secrets via keycloak admin job	2026-01-08 02:09:23 -03:00
Brad Stein	18cf731b12	fix(portal): pin kubectl image digest	2026-01-04 03:40:13 -03:00
Brad Stein	1e2564ba7f	test(portal): sync e2e client secret	2026-01-04 03:35:26 -03:00
Brad Stein	6fa8dce0e3	test: ensure smtp probe user has email	2026-01-04 01:08:17 -03:00
Brad Stein	f1d0304b73	test: send execute-actions-email to existing mailbox	2026-01-04 01:06:05 -03:00
Brad Stein	3f15d1c05a	test: fix keycloak execute-actions-email probe	2026-01-04 00:59:24 -03:00
Brad Stein	3f541fc249	keycloak: allow e2e client execute-actions-email	2026-01-04 00:58:02 -03:00
Brad Stein	6ec27c75b0	tests: add Keycloak email probe	2026-01-04 00:53:13 -03:00
Brad Stein	d646e9206c	keycloak: rerun realm settings job	2026-01-03 18:27:29 -03:00
Brad Stein	2750e3ffb5	keycloak: allow vaultwarden user attributes	2026-01-03 18:25:48 -03:00
Brad Stein	2e8035975e	keycloak: add token exchange E2E smoke test	2026-01-03 15:58:44 -03:00
Brad Stein	cdc0778afd	keycloak: robust policy lookup for token exchange job	2026-01-03 15:50:43 -03:00
Brad Stein	835e5e2688	keycloak: make token exchange permissions job idempotent	2026-01-03 15:48:40 -03:00
Brad Stein	6ce7829c54	keycloak: fix token exchange permission patching	2026-01-03 15:46:26 -03:00
Brad Stein	621b766b32	keycloak: retry token exchange permissions job	2026-01-03 15:45:04 -03:00
Brad Stein	3d37050968	keycloak: enable fine-grained token exchange authz	2026-01-03 15:43:07 -03:00
Brad Stein	0265770d98	keycloak: allow token exchange to portal	2026-01-03 14:48:28 -03:00
Brad Stein	4e65b90e7f	keycloak: add portal e2e client	2026-01-03 14:35:23 -03:00
Brad Stein	145e0b7057	keycloak: enable token exchange	2026-01-03 14:29:28 -03:00
Brad Stein	58c44ae1ab	keycloak: allow nextcloud mail profile attrs	2026-01-03 12:36:23 -03:00
Brad Stein	8ff1f6ba3f	keycloak: set bstein mailu_email	2026-01-03 06:15:16 -03:00
Brad Stein	6fa75a2009	keycloak: allow mailu_email + groups	2026-01-03 03:32:38 -03:00
Brad Stein	5a9cf4de83	keycloak(atlas): default TOTP required action	2026-01-03 01:09:14 -03:00
Brad Stein	06add72919	sso: provision vaultwarden users	2026-01-02 21:04:12 -03:00
Brad Stein	6e6f8f6658	keycloak(atlas): disable browser IdP redirector	2026-01-02 20:09:05 -03:00
Brad Stein	4252c5545e	keycloak(atlas): retry realm settings job	2026-01-02 20:04:47 -03:00
Brad Stein	9ebdd93186	keycloak(atlas): harden realm settings job	2026-01-02 20:02:11 -03:00
Brad Stein	eaf248477f	keycloak: cleanup LDAP federation	2026-01-02 18:45:45 -03:00

1 2

81 Commits