@@ 0,0 1,54 @@
+locals {
+ users = {
+ xenrox = {
+ name = "xenrox",
+ groups = [keycloak_group.admin.id]
+ },
+ seeguen = {
+ name = "seeguen",
+ groups = []
+ },
+ test = {
+ name = "test",
+ groups = []
+ }
+ }
+}
+
+data "vault_generic_secret" "users" {
+ for_each = local.users
+ path = "ansible/users/${each.value["name"]}"
+}
+
+resource "keycloak_user" "users" {
+ for_each = local.users
+
+ realm_id = keycloak_realm.xenrox.id
+ username = data.vault_generic_secret.users[each.key].data["username"]
+ enabled = true
+
+ email = data.vault_generic_secret.users[each.key].data["email"]
+ first_name = data.vault_generic_secret.users[each.key].data["first"]
+ last_name = data.vault_generic_secret.users[each.key].data["last"]
+
+ initial_password {
+ value = data.vault_generic_secret.users[each.key].data["password"]
+ temporary = true
+ }
+
+ lifecycle {
+ ignore_changes = [email_verified]
+ }
+}
+
+resource "keycloak_user_groups" "groups" {
+ for_each = local.users
+
+ realm_id = "xenrox"
+ user_id = keycloak_user.users[each.key].id
+
+ group_ids = [
+ for group in each.value.groups :
+ group
+ ]
+}