infrastructure/tf-stage-1/service_minio.tf

module "minioclient" {
  source = "./modules/kc-client"

  realm               = var.realm
  client_id           = "minio"
  client_name         = "minio"
  description         = "minio.tobiasmanske.de"
  root_url            = "https://minio.tobiasmanske.de"
  admin_url           = ""
  base_url            = ""
  valid_redirect_uris = ["https://minio.tobiasmanske.de/oauth_callback"]
  web_origins         = []
}


resource "keycloak_openid_user_session_note_protocol_mapper" "minio-client-id-mapper" {
  realm_id  = module.minioclient.realm.id
  client_id = module.minioclient.client.id
  name      = "Client ID"

  claim_name         = "clientId"
  claim_value_type   = "String"
  session_note       = "clientId"
}
resource "keycloak_openid_user_session_note_protocol_mapper" "minio-client-host-mapper" {
  realm_id  = module.minioclient.realm.id
  client_id = module.minioclient.client.id
  name      = "Client Host"

  claim_name         = "clientHost"
  claim_value_type   = "String"
  session_note       = "clientHost"
}
resource "keycloak_openid_user_session_note_protocol_mapper" "minio-client-ip-address-mapper" {
  realm_id  = module.minioclient.realm.id
  client_id = module.minioclient.client.id
  name      = "Client Address"

  claim_name         = "clientAddress"
  claim_value_type   = "String"
  session_note       = "clientAddress"
}

resource "keycloak_openid_user_client_role_protocol_mapper" "minio-role-mapper" {
  realm_id  = module.minioclient.realm.id
  client_id = module.minioclient.client.id
  client_id_for_role_mappings = module.minioclient.client_id
  multivalued         = true
  name                = "user-client-role-mapper"
  claim_name          = "roles"
  add_to_userinfo     = true
  add_to_access_token = true
  add_to_id_token     = true
}

resource "keycloak_role" "minio-consoleAdmin" {
  realm_id    = module.minioclient.realm.id
  client_id   = module.minioclient.client.id
  name        = "consoleAdmin"
  description = ""
}
resource "keycloak_role" "minio-diagnostics" {
  realm_id    = module.minioclient.realm.id
  client_id   = module.minioclient.client.id
  name        = "diagnostics"
  description = ""
}
resource "keycloak_role" "minio-readonly" {
  realm_id    = module.minioclient.realm.id
  client_id   = module.minioclient.client.id
  name        = "readonly"
  description = ""
}
resource "keycloak_role" "minio-readwrite" {
  realm_id    = module.minioclient.realm.id
  client_id   = module.minioclient.client.id
  name        = "readwrite"
  description = ""
}
resource "keycloak_role" "minio-writeonly" {
  realm_id    = module.minioclient.realm.id
  client_id   = module.minioclient.client.id
  name        = "writeonly"
  description = ""
}