feat(ops/keycloak): configure Forgejo Roles

There's two Roles for the Forgejo application, "Admin" and "Contributors". Everyone gets the "Contributor" role assigned automatically (it doesn't really give you a ton of privileges). Regarding mapping Gerrit groups, it seems there's no support for this in the `gerrit-oauth-provider` plugin (yet) - see https://github.com/davido/gerrit-oauth-provider/issues/170. Fixes #73. Change-Id: I3cbb968e664125b1f08235db3008d1dbf778922a Reviewed-on: https://cl.snix.dev/c/snix/+/30477 Tested-by: besadii Reviewed-by: Jonas Chevalier <zimbatm@zimbatm.com> Autosubmit: Florian Klink <flokli@flokli.de>
2025-05-05 01:56:03 +03:00 · 2025-05-05 01:56:03 +03:00 · d9ca20a5cc
commit d9ca20a5cc
parent e20ff4cb60
3 changed files with 46 additions and 12 deletions
--- a/ops/keycloak/permissions.tf
+++ b/ops/keycloak/permissions.tf
@ -28,7 +28,7 @@ resource "keycloak_group_roles" "snix_core_team_roles" {
    # keycloak_role.is_local_admin,
    # keycloak_role.can_manage_snix,
    keycloak_role.grafana_admin.id,
-    # keycloak_role.forgejo_admin.id,
+    keycloak_role.forgejo_admin.id,
    # keycloak_role.gerrit_admin.id
  ]
 }