From af869a8feab7044ffa2e7469140bb6835a273721 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorben=20G=C3=BCnther?= <admin@xenrox.net>
Date: Thu, 1 Jul 2021 01:37:29 +0200
Subject: [PATCH] keycloak: Add peertube oidc client to terraform

---
 terraform_keycloak/keycloak.tf | 45 +++++++++++++++++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

diff --git a/terraform_keycloak/keycloak.tf b/terraform_keycloak/keycloak.tf
index e0241ad..80ae76e 100644
--- a/terraform_keycloak/keycloak.tf
+++ b/terraform_keycloak/keycloak.tf
@@ -85,7 +85,21 @@ resource "keycloak_group_roles" "admin" {
   realm_id = "xenrox"
   group_id = keycloak_group.admin.id
   role_ids = [
-    keycloak_role.vault_admin.id
+    keycloak_role.vault_admin.id,
+    keycloak_role.peertube.id
+  ]
+}
+
+resource "keycloak_group" "peertube" {
+  realm_id = "xenrox"
+  name     = "Peertube"
+}
+
+resource "keycloak_group_roles" "peertube" {
+  realm_id = "xenrox"
+  group_id = keycloak_group.peertube.id
+  role_ids = [
+    keycloak_role.peertube.id
   ]
 }
 
@@ -120,3 +134,32 @@ resource "keycloak_role" "vault_admin" {
   name        = "vault_admin"
   description = "Vault admin"
 }
+
+resource "keycloak_openid_client" "peertube_openid_client" {
+  realm_id      = "xenrox"
+  client_id     = "openid_peertube"
+  client_secret = data.external.vault_oidc.result.vault_oidc_peertube_secret
+
+  name                  = "Peertube"
+  enabled               = true
+  standard_flow_enabled = true
+
+  access_type = "CONFIDENTIAL"
+  valid_redirect_uris = [
+    "https://tube.xenrox.net/*"
+  ]
+}
+
+resource "keycloak_openid_user_realm_role_protocol_mapper" "peertube_user_realm_role_mapper" {
+  realm_id    = "xenrox"
+  client_id   = keycloak_openid_client.peertube_openid_client.id
+  name        = "user realm role mapper"
+  claim_name  = "roles"
+  multivalued = true
+}
+
+resource "keycloak_role" "peertube" {
+  realm_id    = "xenrox"
+  name        = "peertube"
+  description = "Peertube user"
+}
-- 
2.44.0