From 55f20a14e1ed3ba06dd3c1e0c592f2a4c1ee8763 Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutrelis.com>
Date: Wed, 1 Jun 2022 16:20:17 +0300
Subject: [PATCH] tf/keycloak: add "Configure OTP" to default actions

When signing into GitLab, opting to create a new keycloak account
results in being able to sign into GitLab without setting up OTP.

Since any subsequent login will require configuring OTP, it seems
well advised to prompt for it as part of the registration process.
---
 tf-stage2/keycloak.tf | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/tf-stage2/keycloak.tf b/tf-stage2/keycloak.tf
index ce4413fc2..fa57f6cc5 100644
--- a/tf-stage2/keycloak.tf
+++ b/tf-stage2/keycloak.tf
@@ -138,11 +138,12 @@ resource "keycloak_required_action" "custom-terms-and-conditions" {
 }
 
 resource "keycloak_required_action" "configure_otp" {
-  realm_id = "archlinux"
-  alias    = "CONFIGURE_TOTP"
-  enabled  = true
-  name     = "Configure OTP"
-  priority = 0
+  realm_id       = "archlinux"
+  alias          = "CONFIGURE_TOTP"
+  default_action = true
+  enabled        = true
+  name           = "Configure OTP"
+  priority       = 0
 }
 
 resource "keycloak_required_action" "update_password" {
-- 
GitLab