Fix openid role mapping scope

tf-stage-1/modules/kc-client/outputs.tf

@@ -10,3 +10,6 @@ output "access_group" {
 output "realm" {
   value = data.keycloak_realm.realm
 }
+output "client_id" {
+  value = var.client_id
+}

tf-stage-1/service_gitea.tf

@@ -27,7 +27,7 @@ resource "keycloak_openid_user_property_protocol_mapper" "gitea-username-mapper"
 resource "keycloak_openid_user_client_role_protocol_mapper" "gitea-role-mapper" {
   realm_id  = module.giteaclient.realm.id
   client_id = module.giteaclient.client.id
-  # client_id_for_role_mappings = module.giteaclient.client.id
+  client_id_for_role_mappings = module.giteaclient.client_id
   multivalued         = true
   name                = "user-client-role-mapper"
   claim_name          = "roles"

tf-stage-1/service_minio.tf

@@ -44,7 +44,7 @@ resource "keycloak_openid_user_session_note_protocol_mapper" "minio-client-ip-ad
 resource "keycloak_openid_user_client_role_protocol_mapper" "minio-role-mapper" {
   realm_id  = module.minioclient.realm.id
   client_id = module.minioclient.client.id
-  client_id_for_role_mappings = module.minioclient.client.id
+  client_id_for_role_mappings = module.minioclient.client_id
   multivalued         = true
   name                = "user-client-role-mapper"
   claim_name          = "roles"

tf-stage-1/service_seafile.tf

@@ -31,7 +31,7 @@ resource "keycloak_openid_user_client_role_protocol_mapper" "seafile-role-mapper
   multivalued                 = true
   name                        = "user-client-role-mapper"
   claim_name                  = "roles"
-  client_id_for_role_mappings = module.seafileclient.client.id
+  client_id_for_role_mappings = module.seafileclient.client_id
   add_to_userinfo             = true
   add_to_access_token         = true
   add_to_id_token             = false