From a1452a1636f86ba781fa865dfe0eddad27842b34 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorben=20G=C3=BCnther?= <admin@xenrox.net>
Date: Fri, 2 Jul 2021 22:32:57 +0200
Subject: [PATCH] keycloak: Use terraform to create users with groups

Iterate over user list so that the process does not get too complex.
---
 terraform_keycloak/users.tf | 54 +++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 terraform_keycloak/users.tf

diff --git a/terraform_keycloak/users.tf b/terraform_keycloak/users.tf
new file mode 100644
index 0000000..7f46173
--- /dev/null
+++ b/terraform_keycloak/users.tf
@@ -0,0 +1,54 @@
+locals {
+  users = {
+    xenrox = {
+      name   = "xenrox",
+      groups = [keycloak_group.admin.id]
+    },
+    seeguen = {
+      name   = "seeguen",
+      groups = []
+    },
+    test = {
+      name   = "test",
+      groups = []
+    }
+  }
+}
+
+data "vault_generic_secret" "users" {
+  for_each = local.users
+  path     = "ansible/users/${each.value["name"]}"
+}
+
+resource "keycloak_user" "users" {
+  for_each = local.users
+
+  realm_id = keycloak_realm.xenrox.id
+  username = data.vault_generic_secret.users[each.key].data["username"]
+  enabled  = true
+
+  email      = data.vault_generic_secret.users[each.key].data["email"]
+  first_name = data.vault_generic_secret.users[each.key].data["first"]
+  last_name  = data.vault_generic_secret.users[each.key].data["last"]
+
+  initial_password {
+    value     = data.vault_generic_secret.users[each.key].data["password"]
+    temporary = true
+  }
+
+  lifecycle {
+    ignore_changes = [email_verified]
+  }
+}
+
+resource "keycloak_user_groups" "groups" {
+  for_each = local.users
+
+  realm_id = "xenrox"
+  user_id  = keycloak_user.users[each.key].id
+
+  group_ids = [
+    for group in each.value.groups :
+    group
+  ]
+}
-- 
2.44.0