From 95af8ef4da5b416ef7cbcad9d907c8512ad9f796 Mon Sep 17 00:00:00 2001
From: Tobias Manske <mail@tobiasmanske.de>
Date: Mon, 20 Nov 2023 21:51:07 +0100
Subject: [PATCH] Revert "Limit group mapping to client"

This reverts commit ff324aebed56fd88af631bf33e1933f2dffe750c.
---
 tf-stage-1/service_gitea.tf    | 13 ++++++-------
 tf-stage-1/service_grafana.tf  | 17 ++++++++---------
 tf-stage-1/service_hedgedoc.tf |  1 -
 3 files changed, 14 insertions(+), 17 deletions(-)

diff --git a/tf-stage-1/service_gitea.tf b/tf-stage-1/service_gitea.tf
index 891972f..ea69fa6 100644
--- a/tf-stage-1/service_gitea.tf
+++ b/tf-stage-1/service_gitea.tf
@@ -28,11 +28,10 @@ resource "keycloak_openid_user_client_role_protocol_mapper" "gitea-role-mapper"
   realm_id  = module.giteaclient.realm.id
   client_id = module.giteaclient.client.id
   # client_id_for_role_mappings = module.giteaclient.client.id
-  multivalued                 = true
-  name                        = "user-client-role-mapper"
-  claim_name                  = "roles"
-  add_to_userinfo             = true
-  add_to_access_token         = true
-  add_to_id_token             = false
-  client_id_for_role_mappings = module.giteaclient.client.id
+  multivalued         = true
+  name                = "user-client-role-mapper"
+  claim_name          = "roles"
+  add_to_userinfo     = true
+  add_to_access_token = true
+  add_to_id_token     = false
 }
diff --git a/tf-stage-1/service_grafana.tf b/tf-stage-1/service_grafana.tf
index 3c0f9bd..b5da716 100644
--- a/tf-stage-1/service_grafana.tf
+++ b/tf-stage-1/service_grafana.tf
@@ -40,15 +40,14 @@ resource "keycloak_openid_user_property_protocol_mapper" "grafana-username-mappe
 }
 
 resource "keycloak_openid_user_client_role_protocol_mapper" "grafana-role-mapper" {
-  realm_id                    = module.grafanaclient.realm.id
-  client_id                   = module.grafanaclient.client.id
-  multivalued                 = true
-  name                        = "user-client-role-mapper"
-  claim_name                  = "resource_access.$${client_id}.roles"
-  add_to_userinfo             = true
-  add_to_access_token         = true
-  add_to_id_token             = false
-  client_id_for_role_mappings = module.grafanaclient.client.id
+  realm_id            = module.grafanaclient.realm.id
+  client_id           = module.grafanaclient.client.id
+  multivalued         = true
+  name                = "user-client-role-mapper"
+  claim_name          = "resource_access.$${client_id}.roles"
+  add_to_userinfo     = true
+  add_to_access_token = true
+  add_to_id_token     = false
 }
 
 resource "keycloak_role" "grafana-admin" {
diff --git a/tf-stage-1/service_hedgedoc.tf b/tf-stage-1/service_hedgedoc.tf
index af0a671..0c6061e 100644
--- a/tf-stage-1/service_hedgedoc.tf
+++ b/tf-stage-1/service_hedgedoc.tf
@@ -48,5 +48,4 @@ resource "keycloak_openid_user_session_note_protocol_mapper" "hedgedoc-ip-mapper
   session_note        = "clientAddress"
   add_to_access_token = true
   add_to_id_token     = true
-
 }