/terraform-keycloak-role-group-simplification

A Terraform module to create roles, groups, and mappings based on a set of simple conventions. This is of particular use where KeyCloak is being used to control access to a system which has a large number of resources, each requiring a unique set of role definitions. For example, access to a public cloud environment where KeyCloak is used as the SSO identity provider.

Primary LanguageHCLApache License 2.0Apache-2.0

<application_license_badge>

BC Gov Terraform Template

This repo provides a starting point for users who want to create valid Terraform modules stored in GitHub.

Third-Party Products/Libraries used and the licenses they are covered by

Project Status

  • Development
  • Production/Maintenance

Documentation

Requirements

Name Version
keycloak >= 2.0.0

Providers

Name Version
keycloak >= 2.0.0

Modules

No modules.

Resources

Name Type
keycloak_role.roles resource

Inputs

Name Description Type Default Required
accounts List of accounts that product teams' workloads run within.
list(object({
project_identifier = string
project_name = string
name = string
environment = string
account_number = string
}))
n/a yes
iam_auth_client_id Client ID of client where IAM roles will be created. string n/a yes
idp_name Name of configured IDP in AWS. string "BCGovKeyCloak" no
realm KeyCloak realm where terraform client has been created and where users/groups to be created/manipulated exist. string n/a yes
role_names A list of the role names in the IAM system. These will be used along with other elelments to construct the KC role names. list(string) n/a yes

Outputs

Name Description
roles n/a

Getting Started

Getting Help or Reporting an Issue

To report bugs/issues/feature requests, please file an issue.

How to Contribute

If you would like to contribute, please see our CONTRIBUTING guidelines.

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.

License

Copyright 2018 Province of British Columbia

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.