tobias/infrastructure
1
0
Fork 0
Code Issues 5 Pull Requests Projects Activity

Limit group mapping to client
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Tobias Manske 2023-11-19 23:08:52 +01:00
parent c8462f4450
commit ff324aebed
Signed by: tobias
GPG Key ID: 9164B527694A0709
3 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
tf-stage-1/service_gitea.tf
View File

@ -28,10 +28,11 @@ resource "keycloak_openid_user_client_role_protocol_mapper" "gitea-role-mapper"
realm_id = module.giteaclient.realm.id realm_id = module.giteaclient.realm.id
client_id = module.giteaclient.client.id client_id = module.giteaclient.client.id
# client_id_for_role_mappings = module.giteaclient.client.id # client_id_for_role_mappings = module.giteaclient.client.id
multivalued = true multivalued = true
name = "user-client-role-mapper" name = "user-client-role-mapper"
claim_name = "roles" claim_name = "roles"
add_to_userinfo = true add_to_userinfo = true
add_to_access_token = true add_to_access_token = true
add_to_id_token = false add_to_id_token = false
client_id_for_role_mappings = module.giteaclient.client.id
} }

17
tf-stage-1/service_grafana.tf
View File

@ -40,14 +40,15 @@ resource "keycloak_openid_user_property_protocol_mapper" "grafana-username-mappe
} }
resource "keycloak_openid_user_client_role_protocol_mapper" "grafana-role-mapper" { resource "keycloak_openid_user_client_role_protocol_mapper" "grafana-role-mapper" {
realm_id = module.grafanaclient.realm.id realm_id = module.grafanaclient.realm.id
client_id = module.grafanaclient.client.id client_id = module.grafanaclient.client.id
multivalued = true multivalued = true
name = "user-client-role-mapper" name = "user-client-role-mapper"
claim_name = "resource_access.$${client_id}.roles" claim_name = "resource_access.$${client_id}.roles"
add_to_userinfo = true add_to_userinfo = true
add_to_access_token = true add_to_access_token = true
add_to_id_token = false add_to_id_token = false
client_id_for_role_mappings = module.grafanaclient.client.id
} }
resource "keycloak_role" "grafana-admin" { resource "keycloak_role" "grafana-admin" {

1
tf-stage-1/service_hedgedoc.tf
View File

@ -48,4 +48,5 @@ resource "keycloak_openid_user_session_note_protocol_mapper" "hedgedoc-ip-mapper
session_note = "clientAddress" session_note = "clientAddress"
add_to_access_token = true add_to_access_token = true
add_to_id_token = true add_to_id_token = true
} }