From 66527e98b515061f059591c1d31f6dd99b842035 Mon Sep 17 00:00:00 2001
From: Sven-Hendrik Haase <svenstaro@gmail.com>
Date: Fri, 22 May 2020 23:51:34 +0200
Subject: [PATCH] keycloak: Rename some things around and add staff role

---
 tf-stage2/keycloak.tf | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/tf-stage2/keycloak.tf b/tf-stage2/keycloak.tf
index 3742bffe9..216813955 100644
--- a/tf-stage2/keycloak.tf
+++ b/tf-stage2/keycloak.tf
@@ -156,7 +156,7 @@ resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_username" {
   saml_attribute_name_format = "Basic"
 }
 
-resource "keycloak_group" "archlinux_staff" {
+resource "keycloak_group" "staff" {
   realm_id = "archlinux"
   name = "Arch Linux Staff"
 }
@@ -170,17 +170,23 @@ resource "keycloak_group" "arch_groups" {
   for_each = var.arch_groups
 
   realm_id = "archlinux"
-  parent_id = keycloak_group.archlinux_staff.id
+  parent_id = keycloak_group.staff.id
   name = each.value
 }
 
 resource "keycloak_role" "devops" {
   realm_id = "archlinux"
   name = "DevOps"
-  description = "DevOps role"
+  description = "Role held by members of the DevOps group"
 }
 
-resource "keycloak_group_roles" "group_roles" {
+resource "keycloak_role" "staff" {
+  realm_id = "archlinux"
+  name = "Staff"
+  description = "Role held by all Arch Linux staff"
+}
+
+resource "keycloak_group_roles" "devops" {
   realm_id = "archlinux"
   group_id = keycloak_group.arch_groups["DevOps"].id
   role_ids = [
@@ -188,6 +194,14 @@ resource "keycloak_group_roles" "group_roles" {
   ]
 }
 
+resource "keycloak_group_roles" "staff" {
+  realm_id = "archlinux"
+  group_id = keycloak_group.staff.id
+  role_ids = [
+    keycloak_role.staff.id
+  ]
+}
+
 output "gitlab_saml_configuration" {
   value = {
     issuer = keycloak_saml_client.saml_gitlab.client_id
-- 
GitLab