Use terraform to onboard/offboard staff in Keycloak
It is uncertain if group_vars/all/archusers.yml
and Keycloak are in sync. We also have very little traceability in group membership changes in Keycloak.
It would make onboarding and offboarding easier if the group memberships in Keycloak was handled with terraform, e.g. by using the keycloak_group_memberships
resource. archusers.yml
could then be our single source-of-truth.