terraform: add junior packager groups and roles for core/extra

Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>

terraform: add junior packager groups and roles for core/extra
941563f2 · Leonidas Spyropoulos · Levente Polyak · 4ae73a93 · 941563f2
Verified Commit 941563f2 authored 2 years ago by Leonidas Spyropoulos Committed by Levente Polyak 1 year ago
--- a/tf-stage2/keycloak.tf
+++ b/tf-stage2/keycloak.tf
@@ -323,6 +323,11 @@ resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_username" {
 // |- Security Team
 // |  |- Admins
 // |  |- Members
+// |- Package Maintainer Team
+// |  |- Core Package Maintainers
+// |  |- Junior Core Package Maintainers
+// |  |- Package Maintainers
+// |  |- Junior Package Maintainers
 // |- IRC
 // |  |- Ops
 // |- Archweb
@@ -340,7 +345,7 @@ resource "keycloak_group" "staff" {
 }

 resource "keycloak_group" "staff_groups" {
-  for_each = toset(["DevOps", "Developers", "Trusted Users", "Wiki", "Forum", "Security Team", "IRC", "Archweb", "Bug Wranglers", "Project Maintainers"])
+  for_each = toset(["DevOps", "Developers", "Trusted Users", "Wiki", "Forum", "Security Team", "IRC", "Archweb", "Bug Wranglers", "Project Maintainers", "Package Maintainer Team"])

  realm_id  = "archlinux"
  parent_id = keycloak_group.staff.id
@@ -371,6 +376,14 @@ resource "keycloak_group" "staff_securityteam_groups" {
  name      = each.value
 }

+resource "keycloak_group" "staff_packagersteams_groups" {
+  for_each = toset(["Core Package Maintainers", "Junior Core Package Maintainers", "Package Maintainers", "Junior Package Maintainers"])
+
+  realm_id  = "archlinux"
+  parent_id = keycloak_group.staff_groups["Package Maintainer Team"].id
+  name      = each.value
+}
+
 resource "keycloak_group" "staff_irc_groups" {
  for_each = toset(["Ops"])

@@ -392,6 +405,26 @@ resource "keycloak_group" "externalcontributors" {
  name     = "External Contributors"
 }

+resource "keycloak_group" "core_package_maintainers" {
+  realm_id = "archlinux"
+  name     = "Core Package Maintainers"
+}
+
+resource "keycloak_group" "junior_core_package_maintainers" {
+  realm_id = "archlinux"
+  name     = "Junior Core Package Maintainers"
+}
+
+resource "keycloak_group" "package_maintainers" {
+  realm_id = "archlinux"
+  name     = "Package Maintainers"
+}
+
+resource "keycloak_group" "junior_package_maintainers" {
+  realm_id = "archlinux"
+  name     = "Junior Package Maintainers"
+}
+
 resource "keycloak_group" "externalcontributors_groups" {
  for_each = toset(["Security Team", "Archweb"])

@@ -434,6 +467,30 @@ resource "keycloak_role" "externalcontributor" {
  description = "Role held by external contributors working on Arch Linux projects without further access"
 }

+resource "keycloak_role" "core_package_maintainer" {
+  realm_id    = "archlinux"
+  name        = "Core Package Maintainer"
+  description = "Role held by packagers of core repository"
+}
+
+resource "keycloak_role" "junior_core_package_maintainer" {
+  realm_id    = "archlinux"
+  name        = "Junior Core Package Maintainer"
+  description = "Junior Role held by packagers of core repository "
+}
+
+resource "keycloak_role" "package_maintainer" {
+  realm_id    = "archlinux"
+  name        = "Package Maintainer"
+  description = "Role held by packagers of extra repository"
+}
+
+resource "keycloak_role" "junior_package_maintainer" {
+  realm_id    = "archlinux"
+  name        = "Junior Package Maintainer"
+  description = "Junior Role held by packagers of extra repository "
+}
+
 resource "keycloak_group_roles" "devops" {
  realm_id = "archlinux"
  group_id = keycloak_group.staff_groups["DevOps"].id
@@ -458,6 +515,38 @@ resource "keycloak_group_roles" "externalcontributor" {
  ]
 }

+resource "keycloak_group_roles" "core_package_maintainer" {
+  realm_id = "archlinux"
+  group_id = keycloak_group.core_package_maintainers.id
+  role_ids = [
+    keycloak_role.core_package_maintainer.id
+  ]
+}
+
+resource "keycloak_group_roles" "junior_core_package_maintainer" {
+  realm_id = "archlinux"
+  group_id = keycloak_group.junior_core_package_maintainers.id
+  role_ids = [
+    keycloak_role.junior_core_package_maintainer.id
+  ]
+}
+
+resource "keycloak_group_roles" "package_maintainer" {
+  realm_id = "archlinux"
+  group_id = keycloak_group.package_maintainers.id
+  role_ids = [
+    keycloak_role.package_maintainer.id
+  ]
+}
+
+resource "keycloak_group_roles" "junior_package_maintainer" {
+  realm_id = "archlinux"
+  group_id = keycloak_group.junior_package_maintainers.id
+  role_ids = [
+    keycloak_role.junior_package_maintainer.id
+  ]
+}
+
 // Add new custom registration flow with reCAPTCHA
 resource "keycloak_authentication_flow" "arch_registration_flow" {
  realm_id    = "archlinux"