module "seafileclient" {
  source = "./modules/kc-client"

  realm               = var.realm
  client_id           = "seafile"
  client_name         = "Seafile"
  description         = "files.unruhig.eu"
  root_url            = "https://files.unruhig.eu"
  admin_url           = "https://files.unruhig.eu"
  base_url            = ""
  valid_redirect_uris = ["https://files.unruhig.eu/oauth/callback/"]
  web_origins         = ["https://files.unruhig.eu"]
}

resource "keycloak_openid_user_property_protocol_mapper" "seafile-username-mapper" {
  realm_id  = module.seafileclient.realm.id
  client_id = module.seafileclient.client.id

  name                = "username"
  user_property       = "username"
  claim_name          = "preferred_username"
  add_to_userinfo     = true
  add_to_access_token = true
  add_to_id_token     = false
}

resource "keycloak_openid_user_client_role_protocol_mapper" "seafile-role-mapper" {
  realm_id  = module.seafileclient.realm.id
  client_id = module.seafileclient.client.id
  # client_id_for_role_mappings = module.seafileclient.client.id
  multivalued                 = true
  name                        = "user-client-role-mapper"
  claim_name                  = "roles"
  client_id_for_role_mappings = module.seafileclient.client_id
  add_to_userinfo             = true
  add_to_access_token         = true
  add_to_id_token             = false
}