Grafana roles

2024-03-02 23:24:35 +01:00 · 2024-03-02 23:24:35 +01:00 · c870d20dc6
parent d9822641e3
commit c870d20dc6
1 changed files with 40 additions and 0 deletions
--- a/tf-stage-1/service_grafana.tf
+++ b/tf-stage-1/service_grafana.tf
@ -68,3 +68,43 @@ resource "keycloak_role" "grafana-viewer" {
  name        = "viewer"
  description = "Viewer"
 }
+
+resource "keycloak_group" "grafana_viewer_group" {
+  realm_id  = module.grafanaclient.realm.id
+  parent_id = module.grafanaclient.access_group.id
+  name      = "grafana-viewer"
+}
+
+resource "keycloak_group" "grafana_editor_group" {
+  realm_id  = module.grafanaclient.realm.id
+  parent_id = module.grafanaclient.access_group.id
+  name      = "grafana-editor"
+}
+
+resource "keycloak_group" "grafana_orgadmin_group" {
+  realm_id  = module.grafanaclient.realm.id
+  parent_id = module.grafanaclient.access_group.id
+  name      = "grafana-orgadmin"
+}
+
+resource "keycloak_group_roles" "grafana_viewer_roles" {
+  realm_id = module.grafanaclient.realm.id
+  group_id = keycloak_group.grafana_viewer_group.id
+  role_ids = [
+    keycloak_role.grafana-viewer.id
+  ]
+}
+resource "keycloak_group_roles" "grafana_editor_roles" {
+  realm_id = module.grafanaclient.realm.id
+  group_id = keycloak_group.grafana_editor_group.id
+  role_ids = [
+    keycloak_role.grafana-editor.id
+  ]
+}
+resource "keycloak_group_roles" "grafana_orgadmin_roles" {
+  realm_id = module.grafanaclient.realm.id
+  group_id = keycloak_group.grafana_orgadmin_group.id
+  role_ids = [
+    keycloak_role.grafana-admin.id
+  ]
+}