resource "keycloak_user" "newUser" { for_each = var.usernames realm_id = var.realm_id username = each.key email = each.value.email first_name = each.value.first_name enabled = true initial_password { value = random_password.initial_password[each.key].result temporary = true } required_actions = [ "UPDATE_PASSWORD" ] } resource "random_password" "initial_password" { for_each = var.usernames length = 16 # 16 Zeichen sind ein guter Standard # special = true # Sonderzeichen erlauben # override_special = "!@#%&*" # Welche Sonderzeichen verwendet werden dürfen upper = true # Großbuchstaben lower = true # Kleinbuchstaben numeric = true # Zahlen } resource "keycloak_role" "client_role" { realm_id = var.realm_id client_id = var.target_client_id name = "my-client-role" description = "My Client Role" } resource "keycloak_user_roles" "assigned_client_role" { for_each = var.usernames # <-- Iteriert über alle 15 Benutzer realm_id = var.realm_id # Holt die ID der Benutzerinstanz, die der Client-Schlüssel ist user_id = keycloak_user.newUser[each.key].id role_ids = [ keycloak_role.client_role.id, ] }