Without this, terraform wants to recreate the resource, just because we
do /not/ want to delete the default mappers:
```
  # keycloak_ldap_user_federation.tvl_ldap must be replaced
-/+ resource "keycloak_ldap_user_federation" "tvl_ldap" {
      + delete_default_mappers          = false # forces replacement
      ~ id                              = "4e68e9f0-7aba-4465-8357-f2af6a55fd0e" -> (known after apply)
        name                            = "tvl-ldap"
      ~ use_truststore_spi              = "ALWAYS" -> "ONLY_FOR_LDAPS"
        # (27 unchanged attributes hidden)
    }
```
Keycloak lists the a few mappers. which are likely the default ones,
but in any case, we don't want to recreate this resource.
Change-Id: I170a91a44b2efa426fae268cf7fc97a7f28a5760
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12412
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
Autosubmit: flokli <flokli@flokli.de>
		
	
			
		
			
				
	
	
		
			51 lines
		
	
	
	
		
			1.5 KiB
		
	
	
	
		
			HCL
		
	
	
	
	
	
			
		
		
	
	
			51 lines
		
	
	
	
		
			1.5 KiB
		
	
	
	
		
			HCL
		
	
	
	
	
	
| # All user sources, that is services from which Keycloak gets user
 | |
| # information (either by accessing a system like LDAP or integration
 | |
| # through protocols like OIDC).
 | |
| 
 | |
| variable "github_client_secret" {
 | |
|   type = string
 | |
| }
 | |
| 
 | |
| resource "keycloak_ldap_user_federation" "tvl_ldap" {
 | |
|   name                    = "tvl-ldap"
 | |
|   realm_id                = keycloak_realm.tvl.id
 | |
|   enabled                 = true
 | |
|   connection_url          = "ldap://localhost"
 | |
|   users_dn                = "ou=users,dc=tvl,dc=fyi"
 | |
|   username_ldap_attribute = "cn"
 | |
|   uuid_ldap_attribute     = "cn"
 | |
|   rdn_ldap_attribute      = "cn"
 | |
|   full_sync_period        = 86400
 | |
|   trust_email             = true
 | |
| 
 | |
|   user_object_classes = [
 | |
|     "inetOrgPerson",
 | |
|     "organizationalPerson",
 | |
|   ]
 | |
| 
 | |
|   lifecycle {
 | |
|     # Without this, terraform wants to recreate the resource.
 | |
|     ignore_changes = [
 | |
|       delete_default_mappers
 | |
|     ]
 | |
|   }
 | |
| }
 | |
| 
 | |
| # keycloak_oidc_identity_provider.github will be destroyed
 | |
| # (because keycloak_oidc_identity_provider.github is not in configuration)
 | |
| resource "keycloak_oidc_identity_provider" "github" {
 | |
|   alias                 = "github"
 | |
|   provider_id           = "github"
 | |
|   client_id             = "6d7f8bb2e82bb6739556"
 | |
|   client_secret         = var.github_client_secret
 | |
|   realm                 = keycloak_realm.tvl.id
 | |
|   backchannel_supported = false
 | |
|   gui_order             = "1"
 | |
|   store_token           = false
 | |
|   sync_mode             = "IMPORT"
 | |
|   trust_email           = true
 | |
| 
 | |
|   # These default to built-in values for the `github` provider_id.
 | |
|   authorization_url = ""
 | |
|   token_url         = ""
 | |
| }
 |