From 941563f2f35fcb2ba70559088fa0cc2f5d37ff71 Mon Sep 17 00:00:00 2001
From: Leonidas Spyropoulos <artafinde@archlinux.org>
Date: Sun, 5 Feb 2023 20:03:40 +0000
Subject: [PATCH] terraform: add junior packager groups and roles for
 core/extra

Signed-off-by: Leonidas Spyropoulos <artafinde@gmail.com>
---
 tf-stage2/keycloak.tf | 91 ++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 90 insertions(+), 1 deletion(-)

diff --git a/tf-stage2/keycloak.tf b/tf-stage2/keycloak.tf
index 6a30fff36..f42204b72 100644
--- a/tf-stage2/keycloak.tf
+++ b/tf-stage2/keycloak.tf
@@ -323,6 +323,11 @@ resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_username" {
 // |- Security Team
 // |  |- Admins
 // |  |- Members
+// |- Package Maintainer Team
+// |  |- Core Package Maintainers
+// |  |- Junior Core Package Maintainers
+// |  |- Package Maintainers
+// |  |- Junior Package Maintainers
 // |- IRC
 // |  |- Ops
 // |- Archweb
@@ -340,7 +345,7 @@ resource "keycloak_group" "staff" {
 }
 
 resource "keycloak_group" "staff_groups" {
-  for_each = toset(["DevOps", "Developers", "Trusted Users", "Wiki", "Forum", "Security Team", "IRC", "Archweb", "Bug Wranglers", "Project Maintainers"])
+  for_each = toset(["DevOps", "Developers", "Trusted Users", "Wiki", "Forum", "Security Team", "IRC", "Archweb", "Bug Wranglers", "Project Maintainers", "Package Maintainer Team"])
 
   realm_id  = "archlinux"
   parent_id = keycloak_group.staff.id
@@ -371,6 +376,14 @@ resource "keycloak_group" "staff_securityteam_groups" {
   name      = each.value
 }
 
+resource "keycloak_group" "staff_packagersteams_groups" {
+  for_each = toset(["Core Package Maintainers", "Junior Core Package Maintainers", "Package Maintainers", "Junior Package Maintainers"])
+
+  realm_id  = "archlinux"
+  parent_id = keycloak_group.staff_groups["Package Maintainer Team"].id
+  name      = each.value
+}
+
 resource "keycloak_group" "staff_irc_groups" {
   for_each = toset(["Ops"])
 
@@ -392,6 +405,26 @@ resource "keycloak_group" "externalcontributors" {
   name     = "External Contributors"
 }
 
+resource "keycloak_group" "core_package_maintainers" {
+  realm_id = "archlinux"
+  name     = "Core Package Maintainers"
+}
+
+resource "keycloak_group" "junior_core_package_maintainers" {
+  realm_id = "archlinux"
+  name     = "Junior Core Package Maintainers"
+}
+
+resource "keycloak_group" "package_maintainers" {
+  realm_id = "archlinux"
+  name     = "Package Maintainers"
+}
+
+resource "keycloak_group" "junior_package_maintainers" {
+  realm_id = "archlinux"
+  name     = "Junior Package Maintainers"
+}
+
 resource "keycloak_group" "externalcontributors_groups" {
   for_each = toset(["Security Team", "Archweb"])
 
@@ -434,6 +467,30 @@ resource "keycloak_role" "externalcontributor" {
   description = "Role held by external contributors working on Arch Linux projects without further access"
 }
 
+resource "keycloak_role" "core_package_maintainer" {
+  realm_id    = "archlinux"
+  name        = "Core Package Maintainer"
+  description = "Role held by packagers of core repository"
+}
+
+resource "keycloak_role" "junior_core_package_maintainer" {
+  realm_id    = "archlinux"
+  name        = "Junior Core Package Maintainer"
+  description = "Junior Role held by packagers of core repository "
+}
+
+resource "keycloak_role" "package_maintainer" {
+  realm_id    = "archlinux"
+  name        = "Package Maintainer"
+  description = "Role held by packagers of extra repository"
+}
+
+resource "keycloak_role" "junior_package_maintainer" {
+  realm_id    = "archlinux"
+  name        = "Junior Package Maintainer"
+  description = "Junior Role held by packagers of extra repository "
+}
+
 resource "keycloak_group_roles" "devops" {
   realm_id = "archlinux"
   group_id = keycloak_group.staff_groups["DevOps"].id
@@ -458,6 +515,38 @@ resource "keycloak_group_roles" "externalcontributor" {
   ]
 }
 
+resource "keycloak_group_roles" "core_package_maintainer" {
+  realm_id = "archlinux"
+  group_id = keycloak_group.core_package_maintainers.id
+  role_ids = [
+    keycloak_role.core_package_maintainer.id
+  ]
+}
+
+resource "keycloak_group_roles" "junior_core_package_maintainer" {
+  realm_id = "archlinux"
+  group_id = keycloak_group.junior_core_package_maintainers.id
+  role_ids = [
+    keycloak_role.junior_core_package_maintainer.id
+  ]
+}
+
+resource "keycloak_group_roles" "package_maintainer" {
+  realm_id = "archlinux"
+  group_id = keycloak_group.package_maintainers.id
+  role_ids = [
+    keycloak_role.package_maintainer.id
+  ]
+}
+
+resource "keycloak_group_roles" "junior_package_maintainer" {
+  realm_id = "archlinux"
+  group_id = keycloak_group.junior_package_maintainers.id
+  role_ids = [
+    keycloak_role.junior_package_maintainer.id
+  ]
+}
+
 // Add new custom registration flow with reCAPTCHA
 resource "keycloak_authentication_flow" "arch_registration_flow" {
   realm_id    = "archlinux"
-- 
GitLab