tobias/infrastructure
1
0
Fork 0
Code Issues 5 Pull Requests Projects Activity

Add all admin and access roles to super admin group

Browse Source
This commit is contained in:
Tobias Manske 2024-01-16 01:34:02 +01:00
parent 5f2c316033
commit de76894eb4
Signed by: tobias
GPG Key ID: 9164B527694A0709
1 changed files with 25 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
tf-stage-1/modules/kc-client/client.tf
View File

@ -3,8 +3,8 @@ data "keycloak_realm" "realm" {
} }
resource "keycloak_openid_client" "client" { resource "keycloak_openid_client" "client" {
realm_id = data.keycloak_realm.realm.id realm_id = data.keycloak_realm.realm.id
client_id = var.client_id client_id = var.client_id
client_secret = var.client_secret client_secret = var.client_secret
name = var.client_name name = var.client_name
@ -24,11 +24,11 @@ resource "keycloak_openid_client" "client" {
login_theme = var.login_theme login_theme = var.login_theme
standard_flow_enabled = true standard_flow_enabled = true
implicit_flow_enabled = false implicit_flow_enabled = false
direct_access_grants_enabled = true direct_access_grants_enabled = true
service_accounts_enabled = false service_accounts_enabled = false
frontchannel_logout_enabled = var.frontchannel_logout_enabled frontchannel_logout_enabled = var.frontchannel_logout_enabled
oauth2_device_authorization_grant_enabled = var.device_authorization_grant_enabled oauth2_device_authorization_grant_enabled = var.device_authorization_grant_enabled
} }
@ -43,7 +43,7 @@ resource "keycloak_role" "restricted-access" {
resource "keycloak_role" "admin-role" { resource "keycloak_role" "admin-role" {
realm_id = data.keycloak_realm.realm.id realm_id = data.keycloak_realm.realm.id
client_id = keycloak_openid_client.client.id client_id = keycloak_openid_client.client.id
name = "${var.admin_role_name != null ? "${var.admin_role_name}" : "${var.client_name}-admin"}" name = var.admin_role_name != null ? "${var.admin_role_name}" : "${var.client_name}-admin"
description = "Client Admin permissions" description = "Client Admin permissions"
} }
@ -53,9 +53,9 @@ resource "keycloak_group" "access_group" {
} }
resource "keycloak_group" "admin_group" { resource "keycloak_group" "admin_group" {
realm_id = data.keycloak_realm.realm.id realm_id = data.keycloak_realm.realm.id
parent_id = keycloak_group.access_group.id parent_id = keycloak_group.access_group.id
name = "${var.client_name}-admin" name = "${var.client_name}-admin"
} }
resource "keycloak_group_roles" "access_group_roles" { resource "keycloak_group_roles" "access_group_roles" {
@ -73,3 +73,18 @@ resource "keycloak_group_roles" "admin_group_roles" {
keycloak_role.admin-role.id keycloak_role.admin-role.id
] ]
} }
data "keycloak_group" "super_admin_group" {
realm_id = data.keycloak_realm.realm.id
name = "service-admin"
}
resource "keycloak_group_roles" "super_admin_group_roles" {
exhaustive = false
realm_id = data.keycloak_realm.realm.id
group_id = data.keycloak_group.super_admin_group.id
role_ids = [
keycloak_role.restricted-access.id,
keycloak_role.admin-role.id
]
}