From c870d20dc63567109ce8cc09d773b3de220d1f07 Mon Sep 17 00:00:00 2001
From: Tobias Manske <mail@tobiasmanske.de>
Date: Sat, 2 Mar 2024 23:24:35 +0100
Subject: [PATCH] Grafana roles

---
 tf-stage-1/service_grafana.tf | 40 +++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/tf-stage-1/service_grafana.tf b/tf-stage-1/service_grafana.tf
index b5da716..3782d92 100644
--- a/tf-stage-1/service_grafana.tf
+++ b/tf-stage-1/service_grafana.tf
@@ -68,3 +68,43 @@ resource "keycloak_role" "grafana-viewer" {
   name        = "viewer"
   description = "Viewer"
 }
+
+resource "keycloak_group" "grafana_viewer_group" {
+  realm_id  = module.grafanaclient.realm.id
+  parent_id = module.grafanaclient.access_group.id
+  name      = "grafana-viewer"
+}
+
+resource "keycloak_group" "grafana_editor_group" {
+  realm_id  = module.grafanaclient.realm.id
+  parent_id = module.grafanaclient.access_group.id
+  name      = "grafana-editor"
+}
+
+resource "keycloak_group" "grafana_orgadmin_group" {
+  realm_id  = module.grafanaclient.realm.id
+  parent_id = module.grafanaclient.access_group.id
+  name      = "grafana-orgadmin"
+}
+
+resource "keycloak_group_roles" "grafana_viewer_roles" {
+  realm_id = module.grafanaclient.realm.id
+  group_id = keycloak_group.grafana_viewer_group.id
+  role_ids = [
+    keycloak_role.grafana-viewer.id
+  ]
+}
+resource "keycloak_group_roles" "grafana_editor_roles" {
+  realm_id = module.grafanaclient.realm.id
+  group_id = keycloak_group.grafana_editor_group.id
+  role_ids = [
+    keycloak_role.grafana-editor.id
+  ]
+}
+resource "keycloak_group_roles" "grafana_orgadmin_roles" {
+  realm_id = module.grafanaclient.realm.id
+  group_id = keycloak_group.grafana_orgadmin_group.id
+  role_ids = [
+    keycloak_role.grafana-admin.id
+  ]
+}