Dateien nach "keycloak-tf-projekt/modules/clients" hochladen
This commit is contained in:
@@ -1,49 +1,25 @@
|
||||
resource "keycloak_user" "newUser" {
|
||||
for_each = var.usernames
|
||||
|
||||
realm_id = var.realm_id
|
||||
username = each.key
|
||||
email = each.value.email
|
||||
first_name = each.value.first_name
|
||||
enabled = true
|
||||
|
||||
initial_password {
|
||||
value = random_password.initial_password[each.key].result
|
||||
temporary = true
|
||||
}
|
||||
|
||||
required_actions = [
|
||||
"UPDATE_PASSWORD"
|
||||
]
|
||||
}
|
||||
|
||||
resource "random_password" "initial_password" {
|
||||
for_each = var.usernames
|
||||
|
||||
length = 16 # 16 Zeichen sind ein guter Standard
|
||||
# special = true # Sonderzeichen erlauben
|
||||
# override_special = "!@#%&*" # Welche Sonderzeichen verwendet werden dürfen
|
||||
upper = true # Großbuchstaben
|
||||
lower = true # Kleinbuchstaben
|
||||
numeric = true # Zahlen
|
||||
}
|
||||
|
||||
resource "keycloak_role" "client_role" {
|
||||
resource "keycloak_openid_client" "web_app_client" {
|
||||
realm_id = var.realm_id
|
||||
client_id = var.target_client_id
|
||||
name = "my-client-role"
|
||||
description = "My Client Role"
|
||||
}
|
||||
|
||||
resource "keycloak_user_roles" "assigned_client_role" {
|
||||
for_each = var.usernames # <-- Iteriert über alle 15 Benutzer
|
||||
|
||||
realm_id = var.realm_id
|
||||
client_id = "my-web-app-client"
|
||||
name = "My Secure Web Application"
|
||||
access_type = "CONFIDENTIAL" # Benötigt ein Client Secret
|
||||
|
||||
# Holt die ID der Benutzerinstanz, die der Client-Schlüssel ist
|
||||
user_id = keycloak_user.newUser[each.key].id
|
||||
role_ids = [
|
||||
keycloak_role.client_role.id,
|
||||
|
||||
// Callback URLs, wohin Keycloak den Benutzer nach dem Login umleiten darf
|
||||
valid_redirect_uris = [
|
||||
"http://localhost:8081/*"
|
||||
]
|
||||
|
||||
// Standard-Aktionen, die der Client ausführen darf
|
||||
standard_flow_enabled = true
|
||||
|
||||
// Deaktiviert das direkte Zugriffstoken-Erteilung
|
||||
implicit_flow_enabled = false
|
||||
service_accounts_enabled = false
|
||||
}
|
||||
|
||||
resource "keycloak_openid_client" "einfachter_test" {
|
||||
realm_id = var.realm_id
|
||||
client_id = "einfachter_test"
|
||||
access_type = "CONFIDENTIAL" # Benötigt ein Client Secret
|
||||
}
|
||||
Reference in New Issue
Block a user