search

bcgov / moh-keycloak-client-configurations

Apache License 2.0
1 stars 2 forks source link

update posit and itsb group permissions #610

Closed filipflorek closed 3 weeks ago

filipflorek commented 1 month ago

Changes being made

Add permissions to POSIT group, so that admins can add each other to the group. Remove incomplete POSIT permissions from the ITSB Access Team.

Context

ITSB Team request.

Quality Check

github-actions[bot] commented 1 month ago

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Terraform Plan 📖success

Show Plan ``` module.KEYCLOAK_TEST.module.moh_applications.module.PLR-SHOPPERS.module.service-account-roles.keycloak_openid_client_service_account_role.ROLE["PLR_FLVR/CONSUMER"]: Refreshing state... [id=daf9d1e7-bea6-4eb7-9ce5-26ef14ee10e0/055145d3-f83a-43ac-9b95-2161351f89c9] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-SHOPPERS.module.service-account-roles.keycloak_openid_client_service_account_role.ROLE["PLR_STG/CONSUMER"]: Refreshing state... [id=daf9d1e7-bea6-4eb7-9ce5-26ef14ee10e0/4a4e1d44-f80f-4dc5-9c42-1d37c9aa16e9] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-SHOPPERS.module.service-account-roles.keycloak_openid_client_service_account_role.ROLE["PLR_SIT/CONSUMER"]: Refreshing state... [id=daf9d1e7-bea6-4eb7-9ce5-26ef14ee10e0/6578e80a-fbe5-4866-830d-76ac324c298c] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-SHOPPERS.module.service-account-roles.keycloak_openid_client_service_account_role.ROLE["PLR_UAT/CONSUMER"]: Refreshing state... [id=daf9d1e7-bea6-4eb7-9ce5-26ef14ee10e0/d8799ef3-97b8-4f85-8f04-fb39cc8b813a] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-SHOPPERS.module.service-account-roles.keycloak_openid_client_service_account_role.ROLE["PLR_CONF/CONSUMER"]: Refreshing state... [id=daf9d1e7-bea6-4eb7-9ce5-26ef14ee10e0/52caf85e-e771-4fa4-8274-1afc8d170cd2] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-SHOPPERS.module.service-account-roles.keycloak_openid_client_service_account_role.ROLE["PLR_IAT/CONSUMER"]: Refreshing state... [id=daf9d1e7-bea6-4eb7-9ce5-26ef14ee10e0/1251650d-4190-4cda-a00b-011cf1cbffc7] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-SHOPPERS.module.service-account-roles.keycloak_openid_client_service_account_role.ROLE["PLR_REV/CONSUMER"]: Refreshing state... [id=daf9d1e7-bea6-4eb7-9ce5-26ef14ee10e0/d3dc70e8-af0e-4cb9-9e79-3706c94fd8da] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-QA-REGADMIN.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PLR_CONF/REG_ADMIN"]: Refreshing state... [id=moh_applications/client/c2d45ac3-fd76-4dfd-a309-034eb83f7555/scope-mappings/c0fe2e9f-6937-4ffa-9296-d786d9b0a98b/92a2dc0e-0595-4d15-b5a3-87e56140e441] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-QA-REGADMIN.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PLR_REV/REG_ADMIN"]: Refreshing state... [id=moh_applications/client/c2d45ac3-fd76-4dfd-a309-034eb83f7555/scope-mappings/20e896f4-bf43-43ed-9441-d166e0513f34/eac35713-072d-4453-9ef1-084ea6e54eda] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-QA-REGADMIN.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PLR_SIT/REG_ADMIN"]: Refreshing state... [id=moh_applications/client/c2d45ac3-fd76-4dfd-a309-034eb83f7555/scope-mappings/1197df69-9199-49a5-a49a-c7d43d35551c/2d61a029-76fa-4abc-a07d-b07caac5a438] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-QA-REGADMIN.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PLR_UAT/REG_ADMIN"]: Refreshing state... [id=moh_applications/client/c2d45ac3-fd76-4dfd-a309-034eb83f7555/scope-mappings/045f3224-9637-4785-a661-fc6f028804d2/620734a9-4036-47f9-8cf6-64e9698f004e] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-QA-REGADMIN.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PLR_IAT/REG_ADMIN"]: Refreshing state... [id=moh_applications/client/c2d45ac3-fd76-4dfd-a309-034eb83f7555/scope-mappings/a837283e-f96e-446d-9c51-5ac7d0eab773/d1edf467-3b43-45a5-be8d-482d1c0dd3ef] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-QA-SECONDARY-SOURCE.module.service-account-roles.keycloak_openid_client_service_account_role.ROLE["PLR_IAT/SECONDARY_SOURCE"]: Refreshing state... [id=5dd46afb-8767-45b7-979d-3c18a53ba565/4e6fc50d-7fe8-4538-ac58-7871aea011b8] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-QA-SECONDARY-SOURCE.module.service-account-roles.keycloak_openid_client_service_account_role.ROLE["PLR_SIT/SECONDARY_SOURCE"]: Refreshing state... [id=5dd46afb-8767-45b7-979d-3c18a53ba565/9c02e9eb-e774-4a31-8e43-3e54a54ea88f] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-QA-SECONDARY-SOURCE.module.service-account-roles.keycloak_openid_client_service_account_role.ROLE["PLR_UAT/SECONDARY_SOURCE"]: Refreshing state... [id=5dd46afb-8767-45b7-979d-3c18a53ba565/7da1617b-2d92-4c2c-8981-dd7151a76a85] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-QA-SECONDARY-SOURCE.module.service-account-roles.keycloak_openid_client_service_account_role.ROLE["PLR_CONF/SECONDARY_SOURCE"]: Refreshing state... [id=5dd46afb-8767-45b7-979d-3c18a53ba565/dcc3f917-a5aa-46f1-a7f7-3e9ed6e0e5ad] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-QA-SECONDARY-SOURCE.module.service-account-roles.keycloak_openid_client_service_account_role.ROLE["PLR_REV/SECONDARY_SOURCE"]: Refreshing state... [id=5dd46afb-8767-45b7-979d-3c18a53ba565/5438b8e8-4948-4446-a083-531ec9654913] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-QA-SECONDARY-SOURCE.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PLR_SIT/SECONDARY_SOURCE"]: Refreshing state... [id=moh_applications/client/ebf19db5-ab2e-4698-9a46-fa6b0138ab95/scope-mappings/1197df69-9199-49a5-a49a-c7d43d35551c/9c02e9eb-e774-4a31-8e43-3e54a54ea88f] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-QA-SECONDARY-SOURCE.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PLR_UAT/SECONDARY_SOURCE"]: Refreshing state... [id=moh_applications/client/ebf19db5-ab2e-4698-9a46-fa6b0138ab95/scope-mappings/045f3224-9637-4785-a661-fc6f028804d2/7da1617b-2d92-4c2c-8981-dd7151a76a85] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-QA-SECONDARY-SOURCE.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PLR_CONF/SECONDARY_SOURCE"]: Refreshing state... [id=moh_applications/client/ebf19db5-ab2e-4698-9a46-fa6b0138ab95/scope-mappings/c0fe2e9f-6937-4ffa-9296-d786d9b0a98b/dcc3f917-a5aa-46f1-a7f7-3e9ed6e0e5ad] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-QA-SECONDARY-SOURCE.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PLR_REV/SECONDARY_SOURCE"]: Refreshing state... [id=moh_applications/client/ebf19db5-ab2e-4698-9a46-fa6b0138ab95/scope-mappings/20e896f4-bf43-43ed-9441-d166e0513f34/5438b8e8-4948-4446-a083-531ec9654913] module.KEYCLOAK_TEST.module.moh_applications.module.PLR-QA-SECONDARY-SOURCE.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PLR_IAT/SECONDARY_SOURCE"]: Refreshing state... [id=moh_applications/client/ebf19db5-ab2e-4698-9a46-fa6b0138ab95/scope-mappings/a837283e-f96e-446d-9c51-5ac7d0eab773/4e6fc50d-7fe8-4538-ac58-7871aea011b8] module.KEYCLOAK_DEV.module.moh_applications.module.DMFT-SERVICE.module.service-account-roles.keycloak_openid_client_service_account_role.ROLE["PIDP-SERVICE/view_endorsement_data"]: Refreshing state... [id=a0553301-93f9-4017-8c3b-fd34d9ab6f0f/493df53a-c656-4a24-a516-5708b51b7101] module.KEYCLOAK_TEST.module.moh_applications.module.CGI-APPLICATION-SUPPORT.keycloak_role.REALM_ROLE: Refreshing state... [id=e32df0b2-2050-47f4-b692-cc6252ee274e] module.KEYCLOAK_DEV.module.moh_applications.module.PIDP-WEBAPP.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PIDP-SERVICE/USER"]: Refreshing state... [id=moh_applications/client/0a4aed42-f8c1-4004-8218-dc92b231dd70/scope-mappings/f2d7cc73-3c77-44e0-b6fb-cec2ea545629/7f31f194-bfcc-43fd-babe-bc9545292ede] module.KEYCLOAK_DEV.module.moh_applications.module.PIDP-WEBAPP.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["account/view-profile"]: Refreshing state... [id=moh_applications/client/0a4aed42-f8c1-4004-8218-dc92b231dd70/scope-mappings/2e52bc4c-f321-4bff-98d8-8ce89cd3e2e7/22f2f067-d74a-4108-bf1a-eb6bffd71736] module.KEYCLOAK_DEV.module.moh_applications.module.PIDP-WEBAPP.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PIDP-SERVICE/feature_pidp_demo"]: Refreshing state... [id=moh_applications/client/0a4aed42-f8c1-4004-8218-dc92b231dd70/scope-mappings/f2d7cc73-3c77-44e0-b6fb-cec2ea545629/a94bec86-0808-4f71-a947-b2049afc7d7e] module.KEYCLOAK_DEV.module.moh_applications.module.PIDP-WEBAPP.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PIDP-SERVICE/ADMIN"]: Refreshing state... [id=moh_applications/client/0a4aed42-f8c1-4004-8218-dc92b231dd70/scope-mappings/f2d7cc73-3c77-44e0-b6fb-cec2ea545629/9dbc8e8b-0e25-44cd-bd1b-34a1846ac269] module.KEYCLOAK_DEV.module.moh_applications.module.DMFT-SERVICE.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PIDP-SERVICE/view_endorsement_data"]: Refreshing state... [id=moh_applications/client/2fa5ed3f-39bd-4f67-84be-b1053bec576e/scope-mappings/f2d7cc73-3c77-44e0-b6fb-cec2ea545629/493df53a-c656-4a24-a516-5708b51b7101] module.KEYCLOAK_DEV.module.moh_applications.module.CGI-AM-TEAM.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/053fa749-b569-4258-bc9e-bc8ca0541dfe] module.KEYCLOAK_PROD.module.moh_applications.module.MANAGE-USERS.keycloak_role.REALM_ROLE: Refreshing state... [id=eeac5c0a-7b1b-4607-ad95-1630769b5892] module.KEYCLOAK_DEV.module.moh_applications.module.CGI-QA.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/1798203d-027f-4856-a445-8a90c1dc9756] module.KEYCLOAK_DEV.module.moh_applications.module.CGI-DBA.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/9ada1d3b-be63-40a3-84f2-e4ec0e10be88] module.KEYCLOAK_DEV.module.moh_applications.module.CGI-DEVELOPER.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/27967216-03f7-4259-b50a-955b995d51ad] module.KEYCLOAK_DEV.module.moh_applications.module.CGI-MID-TIER.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/4e3d322a-fbe7-438d-8ee7-95a1707d40dc] module.KEYCLOAK_PROD.module.moh_applications.module.DMFT-SERVICE.module.service-account-roles.keycloak_openid_client_service_account_role.ROLE["PIDP-SERVICE/view_endorsement_data"]: Refreshing state... [id=68a46e0b-2861-4850-8cb3-dfae13e47ca3/0c2d08b1-b900-4b0c-a4d3-9e6e3e1ef847] module.KEYCLOAK_PROD.module.moh_applications.module.PIDP-WEBAPP.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["account/view-profile"]: Refreshing state... [id=moh_applications/client/8021d870-8e65-46a4-8cef-40a3639edaac/scope-mappings/60dfb3b9-5ceb-4498-a24c-9641796bd991/43bf4fca-777a-4c9c-9127-f9677c654fef] module.KEYCLOAK_PROD.module.moh_applications.module.DMFT-SERVICE.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PIDP-SERVICE/view_endorsement_data"]: Refreshing state... [id=moh_applications/client/c87f3feb-3c06-4d61-a5c2-48c593cccd1b/scope-mappings/c55eb420-fd84-41a8-b653-6e1b3e291519/0c2d08b1-b900-4b0c-a4d3-9e6e3e1ef847] module.KEYCLOAK_PROD.module.moh_applications.module.PIDP-WEBAPP.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PIDP-SERVICE/USER"]: Refreshing state... [id=moh_applications/client/8021d870-8e65-46a4-8cef-40a3639edaac/scope-mappings/c55eb420-fd84-41a8-b653-6e1b3e291519/65d6f8b7-0703-46ed-9ced-55457bd6c14b] module.KEYCLOAK_PROD.module.moh_applications.module.PIDP-WEBAPP.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PIDP-SERVICE/ADMIN"]: Refreshing state... [id=moh_applications/client/8021d870-8e65-46a4-8cef-40a3639edaac/scope-mappings/c55eb420-fd84-41a8-b653-6e1b3e291519/7489c26e-77c8-47ad-9c07-a9bb97a37d91] module.KEYCLOAK_PROD.module.moh_applications.module.PIDP-WEBAPP.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PIDP-SERVICE/feature_pidp_demo"]: Refreshing state... [id=moh_applications/client/8021d870-8e65-46a4-8cef-40a3639edaac/scope-mappings/c55eb420-fd84-41a8-b653-6e1b3e291519/86ec4f91-45fb-4e65-ae4f-e1b952fd4e47] module.KEYCLOAK_TEST.module.moh_applications.module.CGI-AM-TEAM.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/eb2dce73-6fe7-4b63-8b7a-c5995a530714] module.KEYCLOAK_TEST.module.moh_applications.module.CGI-MIDTIER.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/782fe94e-79a2-438f-9bc1-28717395b28d] module.KEYCLOAK_TEST.module.moh_applications.module.CGI-DEVELOPER.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/ba2aead8-cd2d-4519-991b-3bd44c71c057] module.KEYCLOAK_PROD.module.moh_applications.module.CGI-AM-TEAM.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/270966e6-985c-4d55-a35c-53e32ab4cf46] module.KEYCLOAK_TEST.module.moh_applications.module.CGI-QA.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/658f081c-a8b0-4c1b-b9ee-7e8901158ce7] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.KEYCLOAK_DEV.module.moh_applications.module.ITSB-ACCESS-TEAM.keycloak_group_roles.GROUP_ROLES will be updated in-place ~ resource "keycloak_group_roles" "GROUP_ROLES" { id = "moh_applications/5500e076-901b-4bb3-8939-0013ce4de1ea" ~ role_ids = [ - "44f14440-f320-4b49-aae8-c1e1a346f2a6", # (11 unchanged elements hidden) ] # (3 unchanged attributes hidden) } # module.KEYCLOAK_DEV.module.moh_applications.module.PHO-RSC-MANAGEMENT.keycloak_group_roles.GROUP_ROLES will be updated in-place ~ resource "keycloak_group_roles" "GROUP_ROLES" { id = "moh_applications/ec5b8feb-0e2c-4730-8133-2adce14ca84f" ~ role_ids = [ + "b5b9eb31-f41e-4a3d-ba8b-86ae9559969a", # (9 unchanged elements hidden) ] # (3 unchanged attributes hidden) } # module.KEYCLOAK_PROD.module.moh_applications.module.ITSB-ACCESS-TEAM.keycloak_group_roles.GROUP_ROLES will be updated in-place ~ resource "keycloak_group_roles" "GROUP_ROLES" { id = "moh_applications/bacfdf3a-00ca-4bb2-82da-d0269757d750" ~ role_ids = [ - "19de3901-4865-4d62-b1f4-b2814fe8a764", # (24 unchanged elements hidden) ] # (3 unchanged attributes hidden) } # module.KEYCLOAK_PROD.module.moh_applications.module.PHO-RSC-MANAGEMENT.keycloak_group_roles.GROUP_ROLES will be updated in-place ~ resource "keycloak_group_roles" "GROUP_ROLES" { id = "moh_applications/d298ecfa-b390-44d5-88d3-3002c1f16d13" ~ role_ids = [ + "79885676-48f2-43af-ade4-bc4f11d95f61", # (9 unchanged elements hidden) ] # (3 unchanged attributes hidden) } Plan: 0 to add, 4 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now. ```

Pushed by: @filipflorek, Action: pull_request