Skip to content
Snippets Groups Projects
Commit 6b33a0d4 authored by Sven-Hendrik Haase's avatar Sven-Hendrik Haase
Browse files

Implement new Keycloak group structure

parent 217593b3
No related branches found
No related tags found
1 merge request!86Implement new Keycloak group structure
Pipeline #1794 passed
Stage: test
Hide whitespace changes
Inline Side-by-side
Showing
with 55 additions and 43 deletions
tf-stage2/keycloak.tf
+ 55
43
View file @ 6b33a0d4
......@@ -240,90 +240,102 @@ resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_username" {
// |- Developers
// |- Trusted Users
// |- Wiki
// |- Admins
// | |- Admins
// |- Forum
// |- Admins
// |- Mods
// | |- Admins
// | |- Mods
// |- Security Team
// |- Admins
// |- Members
// |- Reporters
// | |- Admins
// | |- Members
// |- IRC
// | |- Ops
// |- Archweb
// |- Mirror Maintainers
// |- Testers
// | |- Mirrorlist Maintainers
// |- Bug Wranglers
// External Contributors
// |- Security Team
// | |- Reporters
// |- Archweb
// |- Testers
resource "keycloak_group" "staff" {
realm_id = "archlinux"
name = "Arch Linux Staff"
}
resource "keycloak_group" "externalcontributors" {
resource "keycloak_group" "staff_groups" {
for_each = toset(["DevOps", "Developers", "Trusted Users", "Wiki", "Forum", "Security Team", "IRC", "Archweb", "Bug Wranglers"])
realm_id = "archlinux"
name = "External Contributors"
parent_id = keycloak_group.staff.id
name = each.value
}
variable "arch_groups" {
type = set(string)
default = ["DevOps", "Developers", "Trusted Users", "Wiki", "Forum", "Security Team", "Archweb"]
}
resource "keycloak_group" "staff_wiki_groups" {
for_each = toset(["Admins"])
variable "arch_wiki_groups" {
type = set(string)
default = ["Admins"]
realm_id = "archlinux"
parent_id = keycloak_group.staff_groups["Wiki"].id
name = each.value
}
variable "arch_forum_groups" {
type = set(string)
default = ["Admins", "Mods"]
}
resource "keycloak_group" "staff_forum_groups" {
for_each = toset(["Admins", "Mods"])
variable "arch_securityteam_groups" {
type = set(string)
default = ["Admins", "Members", "Reporters"]
realm_id = "archlinux"
parent_id = keycloak_group.staff_groups["Forum"].id
name = each.value
}
variable "arch_archweb_groups" {
type = set(string)
default = ["Mirror Maintainers", "Testers"]
resource "keycloak_group" "staff_securityteam_groups" {
for_each = toset(["Admins", "Members"])
realm_id = "archlinux"
parent_id = keycloak_group.staff_groups["Security Team"].id
name = each.value
}
resource "keycloak_group" "arch_groups" {
for_each = var.arch_groups
resource "keycloak_group" "staff_irc_groups" {
for_each = toset(["Ops"])
realm_id = "archlinux"
parent_id = keycloak_group.staff.id
parent_id = keycloak_group.staff_groups["IRC"].id
name = each.value
}
resource "keycloak_group" "arch_wiki_groups" {
for_each = var.arch_wiki_groups
resource "keycloak_group" "staff_archweb_groups" {
for_each = toset(["Mirrorlist Maintainers"])
realm_id = "archlinux"
parent_id = keycloak_group.arch_groups["Wiki"].id
parent_id = keycloak_group.staff_groups["Archweb"].id
name = each.value
}
resource "keycloak_group" "arch_forum_groups" {
for_each = var.arch_forum_groups
resource "keycloak_group" "externalcontributors" {
realm_id = "archlinux"
name = "External Contributors"
}
resource "keycloak_group" "externalcontributors_groups" {
for_each = toset(["Security Team", "Archweb"])
realm_id = "archlinux"
parent_id = keycloak_group.arch_groups["Forum"].id
parent_id = keycloak_group.externalcontributors.id
name = each.value
}
resource "keycloak_group" "arch_securityteam_groups" {
for_each = var.arch_securityteam_groups
resource "keycloak_group" "externalcontributors_securityteam_groups" {
for_each = toset(["Reporters"])
realm_id = "archlinux"
parent_id = keycloak_group.arch_groups["Security Team"].id
parent_id = keycloak_group.externalcontributors_groups["Security Team"].id
name = each.value
}
resource "keycloak_group" "arch_archweb_groups" {
for_each = var.arch_archweb_groups
resource "keycloak_group" "externalcontributors_archweb_groups" {
for_each = toset(["Testers"])
realm_id = "archlinux"
parent_id = keycloak_group.arch_groups["Archweb"].id
parent_id = keycloak_group.externalcontributors_groups["Archweb"].id
name = each.value
}
......@@ -347,7 +359,7 @@ resource "keycloak_role" "externalcontributor" {
resource "keycloak_group_roles" "devops" {
realm_id = "archlinux"
group_id = keycloak_group.arch_groups["DevOps"].id
group_id = keycloak_group.staff_groups["DevOps"].id
role_ids = [
keycloak_role.devops.id
]
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment