~xenrox/ansible: keycloak: Use terraform to create users with groups

a1452a1636f86ba781fa865dfe0eddad27842b34 — Thorben Günther 2 years ago d1764fd

keycloak: Use terraform to create users with groups

Iterate over user list so that the process does not get too complex.

patch browse .tar.gz

1 files changed, 54 insertions(+), 0 deletions(-)

A terraform_keycloak/users.tf

A terraform_keycloak/users.tf => terraform_keycloak/users.tf +54 -0

@@ 0,0 1,54 @@
+locals {
+  users = {
+    xenrox = {
+      name   = "xenrox",
+      groups = [keycloak_group.admin.id]
+    },
+    seeguen = {
+      name   = "seeguen",
+      groups = []
+    },
+    test = {
+      name   = "test",
+      groups = []
+    }
+  }
+}
+
+data "vault_generic_secret" "users" {
+  for_each = local.users
+  path     = "ansible/users/${each.value["name"]}"
+}
+
+resource "keycloak_user" "users" {
+  for_each = local.users
+
+  realm_id = keycloak_realm.xenrox.id
+  username = data.vault_generic_secret.users[each.key].data["username"]
+  enabled  = true
+
+  email      = data.vault_generic_secret.users[each.key].data["email"]
+  first_name = data.vault_generic_secret.users[each.key].data["first"]
+  last_name  = data.vault_generic_secret.users[each.key].data["last"]
+
+  initial_password {
+    value     = data.vault_generic_secret.users[each.key].data["password"]
+    temporary = true
+  }
+
+  lifecycle {
+    ignore_changes = [email_verified]
+  }
+}
+
+resource "keycloak_user_groups" "groups" {
+  for_each = local.users
+
+  realm_id = "xenrox"
+  user_id  = keycloak_user.users[each.key].id
+
+  group_ids = [
+    for group in each.value.groups :
+    group
+  ]
+}