Create CGI Salesforce group in PROD. All ALR to group in TEST and PROD.

sharpedavid commented 1 month ago

Changes being made

Context

BCMOHAM-19928

Quality Check

[ ] Terraform plan contains only my changes, or other developers are aware that their manual changes can be overridden. [^2]

github-actions[bot] commented 1 month ago

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan

``` module.KEYCLOAK_DEV.module.moh_applications.module.CGI-DBA.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/9ada1d3b-be63-40a3-84f2-e4ec0e10be88] module.KEYCLOAK_TEST.module.moh_applications.module.CGI-AM-TEAM.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/eb2dce73-6fe7-4b63-8b7a-c5995a530714] module.KEYCLOAK_DEV.module.moh_applications.module.CGI-MID-TIER.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/4e3d322a-fbe7-438d-8ee7-95a1707d40dc] module.KEYCLOAK_TEST.module.moh_applications.module.CGI-DEVELOPER.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/ba2aead8-cd2d-4519-991b-3bd44c71c057] module.KEYCLOAK_PROD.module.moh_applications.module.CGI-AM-TEAM.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/270966e6-985c-4d55-a35c-53e32ab4cf46] module.KEYCLOAK_DEV.module.moh_applications.module.CGI-AM-TEAM.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/053fa749-b569-4258-bc9e-bc8ca0541dfe] module.KEYCLOAK_DEV.module.moh_applications.module.CGI-DEVELOPER.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/27967216-03f7-4259-b50a-955b995d51ad] module.KEYCLOAK_PROD.module.moh_applications.module.DMFT-SERVICE.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PIDP-SERVICE/view_endorsement_data"]: Refreshing state... [id=moh_applications/client/c87f3feb-3c06-4d61-a5c2-48c593cccd1b/scope-mappings/c55eb420-fd84-41a8-b653-6e1b3e291519/0c2d08b1-b900-4b0c-a4d3-9e6e3e1ef847] module.KEYCLOAK_PROD.module.moh_applications.module.PIDP-WEBAPP.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["account/view-profile"]: Refreshing state... [id=moh_applications/client/8021d870-8e65-46a4-8cef-40a3639edaac/scope-mappings/60dfb3b9-5ceb-4498-a24c-9641796bd991/43bf4fca-777a-4c9c-9127-f9677c654fef] module.KEYCLOAK_PROD.module.moh_applications.module.PIDP-WEBAPP.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PIDP-SERVICE/ADMIN"]: Refreshing state... [id=moh_applications/client/8021d870-8e65-46a4-8cef-40a3639edaac/scope-mappings/c55eb420-fd84-41a8-b653-6e1b3e291519/7489c26e-77c8-47ad-9c07-a9bb97a37d91] module.KEYCLOAK_PROD.module.moh_applications.module.PIDP-WEBAPP.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PIDP-SERVICE/USER"]: Refreshing state... [id=moh_applications/client/8021d870-8e65-46a4-8cef-40a3639edaac/scope-mappings/c55eb420-fd84-41a8-b653-6e1b3e291519/65d6f8b7-0703-46ed-9ced-55457bd6c14b] module.KEYCLOAK_PROD.module.moh_applications.module.PIDP-WEBAPP.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PIDP-SERVICE/feature_pidp_demo"]: Refreshing state... [id=moh_applications/client/8021d870-8e65-46a4-8cef-40a3639edaac/scope-mappings/c55eb420-fd84-41a8-b653-6e1b3e291519/86ec4f91-45fb-4e65-ae4f-e1b952fd4e47] module.KEYCLOAK_PROD.module.moh_applications.module.DMFT-SERVICE.module.service-account-roles.keycloak_openid_client_service_account_role.ROLE["PIDP-SERVICE/view_endorsement_data"]: Refreshing state... [id=68a46e0b-2861-4850-8cb3-dfae13e47ca3/0c2d08b1-b900-4b0c-a4d3-9e6e3e1ef847] Note: Objects have changed outside of Terraform Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan: # module.KEYCLOAK_PROD.module.moh_applications.module.EDRD-MANAGEMENT.keycloak_group.GROUP has changed ~ resource "keycloak_group" "GROUP" { + attributes = {} id = "721baa2d-9e3a-4af5-a53a-5bb7355f0510" name = "EDRD Management" # (2 unchanged attributes hidden) } # module.KEYCLOAK_PROD.module.moh_applications.module.USER-MANAGEMENT-SERVICE.module.client-roles.keycloak_role.ROLES["view-client-edrd"] has changed ~ resource "keycloak_role" "ROLES" { + attributes = {} id = "86611f66-63f2-44fb-b229-95b1066dfab0" name = "view-client-edrd" # (2 unchanged attributes hidden) } Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these changes. ───────────────────────────────────────────────────────────────────────────── Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create ~ update in-place Terraform will perform the following actions: # module.KEYCLOAK_PROD.module.moh_applications.module.CGI-SALESFORCE.keycloak_group.GROUP will be created + resource "keycloak_group" "GROUP" { + id = (known after apply) + name = "CGI Salesforce" + path = (known after apply) + realm_id = "moh_applications" } # module.KEYCLOAK_PROD.module.moh_applications.module.CGI-SALESFORCE.keycloak_group_roles.GROUP_ROLES will be created + resource "keycloak_group_roles" "GROUP_ROLES" { + exhaustive = true + group_id = (known after apply) + id = (known after apply) + realm_id = "moh_applications" + role_ids = [ + "024a5414-76a8-4937-b357-9881bd254972", + "0a96d3fa-66b7-4f16-8dd7-276ce53be553", + "0b6e1b8b-dcb3-4da5-be8c-c74a377426c1", + "197b2f83-cdec-4585-939f-bc19bebdf802", + "25b73a09-5c9f-40a7-914e-c1108c61cc2e", + "29a08227-99dd-4502-b932-820810642c93", + "30082a96-b600-4b97-83ee-8f622b28f6c7", + "3bb71b1f-ce6b-4341-b7ff-e392262065f7", + "3eec514d-4326-4361-918e-d574a82da8cf", + "414d1083-7d48-42e3-84d9-c9e6cf4b9b89", + "767bb2ee-f967-4718-ad7e-6414880253a2", + "79885676-48f2-43af-ade4-bc4f11d95f61", + "82462c02-ea0f-47e7-9c8e-321613f05cfe", + "86611f66-63f2-44fb-b229-95b1066dfab0", + "b11093b9-d350-4616-90ae-cd9a4af6d180", + "e71e62de-7350-42a8-8b60-3ca254972cae", ] } # module.KEYCLOAK_TEST.module.moh_applications.module.CGI-SALESFORCE.keycloak_group_roles.GROUP_ROLES will be updated in-place ~ resource "keycloak_group_roles" "GROUP_ROLES" { id = "moh_applications/4340f143-e47b-44e5-9a67-006bfcbdced4" ~ role_ids = [ + "8b965628-f076-4abc-80c4-5d85d01c86b7", # (15 unchanged elements hidden) ] # (3 unchanged attributes hidden) } Plan: 2 to add, 1 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now. ```

Pushed by: @sharpedavid, Action: pull_request

github-actions[bot] commented 1 month ago

Terraform Format and Style 🖌`success`

Terraform Initialization ⚙️`success`

Terraform Validation 🤖`success`

Terraform Plan 📖`success`

Show Plan

``` module.KEYCLOAK_DEV.module.moh_applications.module.DMFT-SERVICE.module.service-account-roles.keycloak_openid_client_service_account_role.ROLE["PIDP-SERVICE/view_endorsement_data"]: Refreshing state... [id=a0553301-93f9-4017-8c3b-fd34d9ab6f0f/493df53a-c656-4a24-a516-5708b51b7101] module.KEYCLOAK_DEV.module.moh_applications.module.DMFT-SERVICE.module.scope-mappings.keycloak_generic_client_role_mapper.SCOPE-MAPPING["PIDP-SERVICE/view_endorsement_data"]: Refreshing state... [id=moh_applications/client/2fa5ed3f-39bd-4f67-84be-b1053bec576e/scope-mappings/f2d7cc73-3c77-44e0-b6fb-cec2ea545629/493df53a-c656-4a24-a516-5708b51b7101] module.KEYCLOAK_DEV.module.moh_applications.module.CGI-QA.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/1798203d-027f-4856-a445-8a90c1dc9756] module.KEYCLOAK_DEV.module.moh_applications.module.CGI-DBA.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/9ada1d3b-be63-40a3-84f2-e4ec0e10be88] module.KEYCLOAK_DEV.module.moh_applications.module.CGI-MID-TIER.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/4e3d322a-fbe7-438d-8ee7-95a1707d40dc] module.KEYCLOAK_DEV.module.moh_applications.module.CGI-DEVELOPER.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/27967216-03f7-4259-b50a-955b995d51ad] module.KEYCLOAK_PROD.module.moh_applications.module.MANAGE-USERS.keycloak_role.REALM_ROLE: Refreshing state... [id=eeac5c0a-7b1b-4607-ad95-1630769b5892] module.KEYCLOAK_TEST.module.moh_applications.module.CGI-MIDTIER.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/782fe94e-79a2-438f-9bc1-28717395b28d] module.KEYCLOAK_DEV.module.moh_applications.module.CGI-AM-TEAM.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/053fa749-b569-4258-bc9e-bc8ca0541dfe] module.KEYCLOAK_TEST.module.moh_applications.module.CGI-QA.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/658f081c-a8b0-4c1b-b9ee-7e8901158ce7] module.KEYCLOAK_TEST.module.moh_applications.module.CGI-AM-TEAM.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/eb2dce73-6fe7-4b63-8b7a-c5995a530714] module.KEYCLOAK_TEST.module.moh_applications.module.CGI-DEVELOPER.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/ba2aead8-cd2d-4519-991b-3bd44c71c057] module.KEYCLOAK_PROD.module.moh_applications.module.CGI-AM-TEAM.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/270966e6-985c-4d55-a35c-53e32ab4cf46] Note: Objects have changed outside of Terraform Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan: # module.KEYCLOAK_PROD.module.moh_applications.module.USER-MANAGEMENT-SERVICE.module.client-roles.keycloak_role.ROLES["bulk-removal"] has changed ~ resource "keycloak_role" "ROLES" { + attributes = {} id = "dae35314-00b4-40f0-9dc2-80f3e51aaa51" name = "bulk-removal" # (2 unchanged attributes hidden) } # module.KEYCLOAK_TEST.module.moh_applications.module.USER-MANAGEMENT-SERVICE.module.client-roles.keycloak_role.ROLES["bulk-removal"] has changed ~ resource "keycloak_role" "ROLES" { + attributes = {} id = "a12207f5-c312-46b7-a930-1a9e5bcba742" name = "bulk-removal" # (2 unchanged attributes hidden) } Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these changes. ───────────────────────────────────────────────────────────────────────────── Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create ~ update in-place Terraform will perform the following actions: # module.KEYCLOAK_PROD.module.moh_applications.module.CGI-SALESFORCE.keycloak_group.GROUP will be created + resource "keycloak_group" "GROUP" { + id = (known after apply) + name = "CGI Salesforce" + path = (known after apply) + realm_id = "moh_applications" } # module.KEYCLOAK_PROD.module.moh_applications.module.CGI-SALESFORCE.keycloak_group_roles.GROUP_ROLES will be created + resource "keycloak_group_roles" "GROUP_ROLES" { + exhaustive = true + group_id = (known after apply) + id = (known after apply) + realm_id = "moh_applications" + role_ids = [ + "024a5414-76a8-4937-b357-9881bd254972", + "0a96d3fa-66b7-4f16-8dd7-276ce53be553", + "0b6e1b8b-dcb3-4da5-be8c-c74a377426c1", + "197b2f83-cdec-4585-939f-bc19bebdf802", + "25b73a09-5c9f-40a7-914e-c1108c61cc2e", + "29a08227-99dd-4502-b932-820810642c93", + "30082a96-b600-4b97-83ee-8f622b28f6c7", + "3bb71b1f-ce6b-4341-b7ff-e392262065f7", + "3eec514d-4326-4361-918e-d574a82da8cf", + "414d1083-7d48-42e3-84d9-c9e6cf4b9b89", + "767bb2ee-f967-4718-ad7e-6414880253a2", + "79885676-48f2-43af-ade4-bc4f11d95f61", + "82462c02-ea0f-47e7-9c8e-321613f05cfe", + "86611f66-63f2-44fb-b229-95b1066dfab0", + "b11093b9-d350-4616-90ae-cd9a4af6d180", + "e71e62de-7350-42a8-8b60-3ca254972cae", ] } # module.KEYCLOAK_TEST.module.moh_applications.module.CGI-SALESFORCE.keycloak_group_roles.GROUP_ROLES will be updated in-place ~ resource "keycloak_group_roles" "GROUP_ROLES" { id = "moh_applications/4340f143-e47b-44e5-9a67-006bfcbdced4" ~ role_ids = [ + "8b965628-f076-4abc-80c4-5d85d01c86b7", # (15 unchanged elements hidden) ] # (3 unchanged attributes hidden) } Plan: 2 to add, 1 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now. ```

Pushed by: @sharpedavid, Action: pull_request

bcgov / moh-keycloak-client-configurations