bcgov / moh-keycloak-client-configurations

Apache License 2.0
1 stars 2 forks source link

apply idp restriction module to DEV IEN #639

Closed filipflorek closed 3 weeks ago

filipflorek commented 3 weeks ago

Changes being made

Removing login with IDIR option of IEN by applying IDP restriction module.

Quality Check

github-actions[bot] commented 3 weeks ago

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖success

Terraform Plan 📖success

Show Plan ``` module.KEYCLOAK_DEV.module.moh_applications.module.CGI-MID-TIER.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/4e3d322a-fbe7-438d-8ee7-95a1707d40dc] module.KEYCLOAK_DEV.module.moh_applications.module.CGI-AM-TEAM.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/053fa749-b569-4258-bc9e-bc8ca0541dfe] module.KEYCLOAK_DEV.module.moh_applications.module.CGI-DEVELOPER.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/27967216-03f7-4259-b50a-955b995d51ad] module.KEYCLOAK_TEST.module.moh_applications.module.CGI-QA.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/658f081c-a8b0-4c1b-b9ee-7e8901158ce7] module.KEYCLOAK_DEV.module.moh_applications.module.CGI-QA.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/1798203d-027f-4856-a445-8a90c1dc9756] module.KEYCLOAK_TEST.module.moh_applications.module.CGI-MIDTIER.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/782fe94e-79a2-438f-9bc1-28717395b28d] module.KEYCLOAK_PROD.module.moh_applications.module.CGI-AM-TEAM.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/270966e6-985c-4d55-a35c-53e32ab4cf46] module.KEYCLOAK_TEST.module.moh_applications.module.CGI-AM-TEAM.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/eb2dce73-6fe7-4b63-8b7a-c5995a530714] module.KEYCLOAK_TEST.module.moh_applications.module.CGI-DEVELOPER.keycloak_group_roles.GROUP_ROLES: Refreshing state... [id=moh_applications/ba2aead8-cd2d-4519-991b-3bd44c71c057] Note: Objects have changed outside of Terraform Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan: # module.KEYCLOAK_TEST.module.moh_citizen.module.EMACCS.module.client-roles.keycloak_role.ROLES["CA"] has changed ~ resource "keycloak_role" "ROLES" { + attributes = {} id = "76710301-40e3-4bbf-a2cb-26b624e54814" name = "CA" # (2 unchanged attributes hidden) } # module.KEYCLOAK_TEST.module.moh_citizen.module.EMACCS.module.client-roles.keycloak_role.ROLES["CCA"] has changed ~ resource "keycloak_role" "ROLES" { + attributes = {} id = "072b5fa4-f94f-4660-99af-83475b044139" name = "CCA" # (2 unchanged attributes hidden) } # module.KEYCLOAK_TEST.module.moh_citizen.module.EMACCS.module.client-roles.keycloak_role.ROLES["DIRECTOR"] has changed ~ resource "keycloak_role" "ROLES" { + attributes = {} id = "9cd03b9a-7b63-49da-80a6-efcb1942e78e" name = "DIRECTOR" # (2 unchanged attributes hidden) } # module.KEYCLOAK_TEST.module.moh_citizen.module.EMACCS.module.client-roles.keycloak_role.ROLES["READONLY"] has changed ~ resource "keycloak_role" "ROLES" { + attributes = {} id = "de8fe6db-22d4-4239-b5b9-4fc0a00209c6" name = "READONLY" # (2 unchanged attributes hidden) } Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these changes. ───────────────────────────────────────────────────────────────────────────── Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create ~ update in-place Terraform will perform the following actions: # module.KEYCLOAK_DEV.module.moh_applications.module.IEN.keycloak_openid_client.CLIENT will be updated in-place ~ resource "keycloak_openid_client" "CLIENT" { id = "f58456b0-4fe2-46d4-9f05-be965253b205" + login_theme = "moh-app-realm-idp-restriction" name = "IEN" # (24 unchanged attributes hidden) + authentication_flow_binding_overrides { + browser_id = "9caca0f9-1c0c-4def-85c6-637d1c8a4d24" } } # module.KEYCLOAK_DEV.module.moh_applications.module.IEN.keycloak_openid_client_default_scopes.client_default_scopes will be created + resource "keycloak_openid_client_default_scopes" "client_default_scopes" { + client_id = "f58456b0-4fe2-46d4-9f05-be965253b205" + default_scopes = [ + "bceid_business", + "bcprovider_aad", + "email", + "fnha_aad", + "idir_aad", + "moh_idp", + "phsa", + "phsa_aad", + "profile", + "roles", + "web-origins", ] + id = (known after apply) + realm_id = "moh_applications" } Plan: 1 to add, 1 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now. ```

Pushed by: @filipflorek, Action: pull_request