feat: wazuh keycloak

stephane-segning · stephane-segning · commit a2ec53f4dcfa · 2025-11-18T09:29:28.000+01:00
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -143,6 +143,9 @@ module "wazuh" {
   helm_chart_version = var.wazuh_helm_chart_version
   subject            = var.subject
 
+  openid_client_id     = var.openid_client_id
+  openid_client_secret = var.openid_client_secret
+
   ip_addresses = {
     for k, v in local.wazuh_domains :
     k => {
diff --git a/terraform/modules/wazuh/files/resources.yaml b/terraform/modules/wazuh/files/resources.yaml
@@ -39,7 +39,7 @@ resources:
       healthCheck:
         type: HTTPS
         port: 5601
-        requestPath: /app/login
+        requestPath: /api/status
         timeoutSec: 5
         checkIntervalSec: 30
         healthyThreshold: 2
diff --git a/terraform/modules/wazuh/files/wazuh.values.yaml b/terraform/modules/wazuh/files/wazuh.values.yaml
@@ -8,8 +8,9 @@ indexer:
   persistence:
     size: 100Gi
   keycloak:
-    enabled: false
+    enabled: true
     openid_connect_url: "${openid_connect_url}/.well-known/openid-configuration"
+    base_redirect_url: "https://{{ .Values.global.domain }}"
 
 master:
   replicaCount: 1
diff --git a/terraform/modules/wazuh/variables.tf b/terraform/modules/wazuh/variables.tf
@@ -7,6 +7,16 @@ variable "openid_connect_url" {
   default = "https://login.dev.wazuh.adorsys.team/realms/test-adorsys"
 }
 
+variable "openid_client_id" {
+  sensitive = true
+  type = string
+}
+
+variable "openid_client_secret" {
+  sensitive = true
+  type = string
+}
+
 variable "subject" {
   type = object({
     country      = string
diff --git a/terraform/modules/wazuh/wazuh.tf b/terraform/modules/wazuh/wazuh.tf
@@ -35,6 +35,16 @@ resource "helm_release" "wazuh" {
     name  = "cluster.auth.key"
     value = random_id.hex_16.hex
   }
+  
+  set_sensitive {
+    name  = "indexer.keycloak.client_id"
+    value = var.openid_client_id
+  }
+  
+  set_sensitive {
+    name  = "indexer.keycloak.client_secret"
+    value = var.openid_client_secret
+  }
 
   set {
     name  = "cluster.rootCaSecretName"
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -93,6 +93,15 @@ variable "wazuh_helm_chart_version" {
   type      = string
 }
 
+variable "openid_client_id" {
+  sensitive = true
+  type = string
+}
+
+variable "openid_client_secret" {
+  sensitive = true
+  type = string
+}
 
 variable "subject" {
   type = object({
