module "giteaclient" {
  source = "./modules/kc-client"

  realm               = var.realm
  client_id           = "gitea"
  client_name         = "Gitea"
  description         = "git.tobiasmanske.de"
  root_url            = "https://git.tobiasmanske.de"
  admin_url           = "https://git.tobiasmanske.de"
  base_url            = ""
  valid_redirect_uris = ["https://git.tobiasmanske.de/user/oauth2/Keycloak/callback"]
  web_origins         = ["https://git.tobiasmanske.de"]
}

resource "keycloak_openid_user_property_protocol_mapper" "gitea-username-mapper" {
  realm_id  = module.giteaclient.realm.id
  client_id = module.giteaclient.client.id

  name                = "username"
  user_property       = "username"
  claim_name          = "preferred_username"
  add_to_userinfo     = true
  add_to_access_token = true
  add_to_id_token     = false
}

resource "keycloak_openid_user_client_role_protocol_mapper" "gitea-role-mapper" {
  realm_id  = module.giteaclient.realm.id
  client_id = module.giteaclient.client.id
  # client_id_for_role_mappings = module.giteaclient.client.id
  multivalued         = true
  name                = "user-client-role-mapper"
  claim_name          = "roles"
  add_to_userinfo     = true
  add_to_access_token = true
  add_to_id_token     = false
}