~xenrox/ansible: keycloak: Add peertube oidc client to terraform

1 files changed, 44 insertions(+), 1 deletions(-)

M terraform_keycloak/keycloak.tf

M terraform_keycloak/keycloak.tf => terraform_keycloak/keycloak.tf +44 -1

@@ 85,7 85,21 @@ resource "keycloak_group_roles" "admin" {
   realm_id = "xenrox"
   group_id = keycloak_group.admin.id
   role_ids = [
-    keycloak_role.vault_admin.id
+    keycloak_role.vault_admin.id,
+    keycloak_role.peertube.id
+  ]
+}
+
+resource "keycloak_group" "peertube" {
+  realm_id = "xenrox"
+  name     = "Peertube"
+}
+
+resource "keycloak_group_roles" "peertube" {
+  realm_id = "xenrox"
+  group_id = keycloak_group.peertube.id
+  role_ids = [
+    keycloak_role.peertube.id
   ]
 }
 


@@ 120,3 134,32 @@ resource "keycloak_role" "vault_admin" {
   name        = "vault_admin"
   description = "Vault admin"
 }
+
+resource "keycloak_openid_client" "peertube_openid_client" {
+  realm_id      = "xenrox"
+  client_id     = "openid_peertube"
+  client_secret = data.external.vault_oidc.result.vault_oidc_peertube_secret
+
+  name                  = "Peertube"
+  enabled               = true
+  standard_flow_enabled = true
+
+  access_type = "CONFIDENTIAL"
+  valid_redirect_uris = [
+    "https://tube.xenrox.net/*"
+  ]
+}
+
+resource "keycloak_openid_user_realm_role_protocol_mapper" "peertube_user_realm_role_mapper" {
+  realm_id    = "xenrox"
+  client_id   = keycloak_openid_client.peertube_openid_client.id
+  name        = "user realm role mapper"
+  claim_name  = "roles"
+  multivalued = true
+}
+
+resource "keycloak_role" "peertube" {
+  realm_id    = "xenrox"
+  name        = "peertube"
+  description = "Peertube user"
+}