tobias/infrastructure
1
0
Fork 0
Code Issues 5 Pull Requests Projects Activity

Add all admin and access roles to super admin group
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Tobias Manske
2024-01-16 01:34:02 +01:00
parent 465deae25a
commit bd3cc48754
1 changed files with 25 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
tf-stage-1/modules/kc-client/client.tf
View File

@@ -3,8 +3,8 @@ data "keycloak_realm" "realm" {
}
resource "keycloak_openid_client" "client" {
realm_id = data.keycloak_realm.realm.id
client_id = var.client_id
realm_id = data.keycloak_realm.realm.id
client_id = var.client_id
client_secret = var.client_secret
name = var.client_name
@@ -24,11 +24,11 @@ resource "keycloak_openid_client" "client" {
login_theme = var.login_theme
standard_flow_enabled = true
implicit_flow_enabled = false
direct_access_grants_enabled = true
service_accounts_enabled = false
frontchannel_logout_enabled = var.frontchannel_logout_enabled
standard_flow_enabled = true
implicit_flow_enabled = false
direct_access_grants_enabled = true
service_accounts_enabled = false
frontchannel_logout_enabled = var.frontchannel_logout_enabled
oauth2_device_authorization_grant_enabled = var.device_authorization_grant_enabled
}
@@ -43,7 +43,7 @@ resource "keycloak_role" "restricted-access" {
resource "keycloak_role" "admin-role" {
realm_id = data.keycloak_realm.realm.id
client_id = keycloak_openid_client.client.id
name = "${var.admin_role_name != null ? "${var.admin_role_name}" : "${var.client_name}-admin"}"
name = var.admin_role_name != null ? "${var.admin_role_name}" : "${var.client_name}-admin"
description = "Client Admin permissions"
}
@@ -53,9 +53,9 @@ resource "keycloak_group" "access_group" {
}
resource "keycloak_group" "admin_group" {
realm_id = data.keycloak_realm.realm.id
realm_id = data.keycloak_realm.realm.id
parent_id = keycloak_group.access_group.id
name = "${var.client_name}-admin"
name = "${var.client_name}-admin"
}
resource "keycloak_group_roles" "access_group_roles" {
@@ -73,3 +73,18 @@ resource "keycloak_group_roles" "admin_group_roles" {
keycloak_role.admin-role.id
]
}
data "keycloak_group" "super_admin_group" {
realm_id = data.keycloak_realm.realm.id
name = "service-admin"
}
resource "keycloak_group_roles" "super_admin_group_roles" {
exhaustive = false
realm_id = data.keycloak_realm.realm.id
group_id = data.keycloak_group.super_admin_group.id
role_ids = [
keycloak_role.restricted-access.id,
keycloak_role.admin-role.id
]
}