search

bcgov / social-access-portal

access portal POC for social sector apps
Apache License 2.0
0 stars 0 forks source link

Passing in idp displaynames for standard realm #35

Closed roy-sagar11 closed 2 years ago

roy-sagar11 commented 2 years ago

Summary

Passing in data for idp display names variables

Changes

Screenshots (if applicable)

Notes

Changes does not include display name update for BCSC idp for standard realm

github-actions[bot] commented 2 years ago

Terraform plan in terraform/demo-app

Plan: 2 to add, 2 to change, 0 to destroy. ```hcl Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create ~ update in-place Terraform will perform the following actions: # module.demo_app_1.kubernetes_deployment.app_deployment will be updated in-place ~ resource "kubernetes_deployment" "app_deployment" { id = "b0f542-dev/ssag-demo-app-1" # (1 unchanged attribute hidden) ~ spec { # (5 unchanged attributes hidden) ~ template { ~ spec { # (11 unchanged attributes hidden) ~ container { ~ image = "roysagar11/ssag:v0.0.4" -> "roysagar11/ssag" name = "ssag-demo-app-1" # (8 unchanged attributes hidden) # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # (1 unchanged block hidden) } # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # module.demo_app_1.kubernetes_ingress.app_ingress will be created + resource "kubernetes_ingress" "app_ingress" { + id = (known after apply) + status = (known after apply) + metadata { + annotations = { + "route.openshift.io/termination" = "edge" } + generation = (known after apply) + name = "ssag-demo-app-1" + namespace = "b0f542-dev" + resource_version = (known after apply) + uid = (known after apply) } + spec { + backend { + service_name = "ssag-demo-app-1" + service_port = "80" } + rule { + host = "demo-app-1.apps.silver.devops.gov.bc.ca" + http { + path { + path = "/" + backend { + service_name = "ssag-demo-app-1" + service_port = "80" } } } } } } # module.demo_app_2.kubernetes_deployment.app_deployment will be updated in-place ~ resource "kubernetes_deployment" "app_deployment" { id = "b0f542-dev/ssag-demo-app-2" # (1 unchanged attribute hidden) ~ spec { # (5 unchanged attributes hidden) ~ template { ~ spec { # (11 unchanged attributes hidden) ~ container { ~ image = "roysagar11/ssag:v0.0.4" -> "roysagar11/ssag" name = "ssag-demo-app-2" # (8 unchanged attributes hidden) # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # (1 unchanged block hidden) } # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # module.demo_app_2.kubernetes_ingress.app_ingress will be created + resource "kubernetes_ingress" "app_ingress" { + id = (known after apply) + status = (known after apply) + metadata { + annotations = { + "route.openshift.io/termination" = "edge" } + generation = (known after apply) + name = "ssag-demo-app-2" + namespace = "b0f542-dev" + resource_version = (known after apply) + uid = (known after apply) } + spec { + backend { + service_name = "ssag-demo-app-2" + service_port = "80" } + rule { + host = "demo-app-2.apps.silver.devops.gov.bc.ca" + http { + path { + path = "/" + backend { + service_name = "ssag-demo-app-2" + service_port = "80" } } } } } } Plan: 2 to add, 2 to change, 0 to destroy. ```

:memo: Plan generated in Runs Demo applications terraform plan #39

github-actions[bot] commented 2 years ago

Terraform plan in terraform/keycloak

Plan: 3 to add, 8 to change, 3 to destroy. ```hcl Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place -/+ destroy and then create replacement <= read (data resources) Terraform will perform the following actions: # module.keycloak_dev.module.master_viewer_role.data.keycloak_openid_client.clients["azureidir"] will be read during apply # (config refers to values not yet known) <= data "keycloak_openid_client" "clients" { + access_token_lifespan = (known after apply) + access_type = (known after apply) + admin_url = (known after apply) + authentication_flow_binding_overrides = (known after apply) + authorization = (known after apply) + backchannel_logout_revoke_offline_sessions = (known after apply) + backchannel_logout_session_required = (known after apply) + backchannel_logout_url = (known after apply) + base_url = (known after apply) + client_authenticator_type = (known after apply) + client_id = "***************" + client_offline_session_idle_timeout = (known after apply) + client_offline_session_max_lifespan = (known after apply) + client_secret = (sensitive value) + client_session_idle_timeout = (known after apply) + client_session_max_lifespan = (known after apply) + consent_required = (known after apply) + description = (known after apply) + direct_access_grants_enabled = (known after apply) + enabled = (known after apply) + exclude_session_state_from_auth_response = (known after apply) + extra_config = (known after apply) + frontchannel_logout_enabled = (known after apply) + frontchannel_logout_url = (known after apply) + full_scope_allowed = (known after apply) + id = (known after apply) + implicit_flow_enabled = (known after apply) + login_theme = (known after apply) + name = (known after apply) + pkce_code_challenge_method = (known after apply) + realm_id = (known after apply) + resource_server_id = (known after apply) + root_url = (known after apply) + service_account_user_id = (known after apply) + service_accounts_enabled = (known after apply) + standard_flow_enabled = (known after apply) + use_refresh_tokens = (known after apply) + use_refresh_tokens_client_credentials = (known after apply) + valid_redirect_uris = (known after apply) + web_origins = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_openid_client.clients["bceidbasic"] will be read during apply # (config refers to values not yet known) <= data "keycloak_openid_client" "clients" { + access_token_lifespan = (known after apply) + access_type = (known after apply) + admin_url = (known after apply) + authentication_flow_binding_overrides = (known after apply) + authorization = (known after apply) + backchannel_logout_revoke_offline_sessions = (known after apply) + backchannel_logout_session_required = (known after apply) + backchannel_logout_url = (known after apply) + base_url = (known after apply) + client_authenticator_type = (known after apply) + client_id = "****************" + client_offline_session_idle_timeout = (known after apply) + client_offline_session_max_lifespan = (known after apply) + client_secret = (sensitive value) + client_session_idle_timeout = (known after apply) + client_session_max_lifespan = (known after apply) + consent_required = (known after apply) + description = (known after apply) + direct_access_grants_enabled = (known after apply) + enabled = (known after apply) + exclude_session_state_from_auth_response = (known after apply) + extra_config = (known after apply) + frontchannel_logout_enabled = (known after apply) + frontchannel_logout_url = (known after apply) + full_scope_allowed = (known after apply) + id = (known after apply) + implicit_flow_enabled = (known after apply) + login_theme = (known after apply) + name = (known after apply) + pkce_code_challenge_method = (known after apply) + realm_id = (known after apply) + resource_server_id = (known after apply) + root_url = (known after apply) + service_account_user_id = (known after apply) + service_accounts_enabled = (known after apply) + standard_flow_enabled = (known after apply) + use_refresh_tokens = (known after apply) + use_refresh_tokens_client_credentials = (known after apply) + valid_redirect_uris = (known after apply) + web_origins = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_openid_client.clients["bceidboth"] will be read during apply # (config refers to values not yet known) <= data "keycloak_openid_client" "clients" { + access_token_lifespan = (known after apply) + access_type = (known after apply) + admin_url = (known after apply) + authentication_flow_binding_overrides = (known after apply) + authorization = (known after apply) + backchannel_logout_revoke_offline_sessions = (known after apply) + backchannel_logout_session_required = (known after apply) + backchannel_logout_url = (known after apply) + base_url = (known after apply) + client_authenticator_type = (known after apply) + client_id = "***************" + client_offline_session_idle_timeout = (known after apply) + client_offline_session_max_lifespan = (known after apply) + client_secret = (sensitive value) + client_session_idle_timeout = (known after apply) + client_session_max_lifespan = (known after apply) + consent_required = (known after apply) + description = (known after apply) + direct_access_grants_enabled = (known after apply) + enabled = (known after apply) + exclude_session_state_from_auth_response = (known after apply) + extra_config = (known after apply) + frontchannel_logout_enabled = (known after apply) + frontchannel_logout_url = (known after apply) + full_scope_allowed = (known after apply) + id = (known after apply) + implicit_flow_enabled = (known after apply) + login_theme = (known after apply) + name = (known after apply) + pkce_code_challenge_method = (known after apply) + realm_id = (known after apply) + resource_server_id = (known after apply) + root_url = (known after apply) + service_account_user_id = (known after apply) + service_accounts_enabled = (known after apply) + standard_flow_enabled = (known after apply) + use_refresh_tokens = (known after apply) + use_refresh_tokens_client_credentials = (known after apply) + valid_redirect_uris = (known after apply) + web_origins = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_openid_client.clients["bceidbusiness"] will be read during apply # (config refers to values not yet known) <= data "keycloak_openid_client" "clients" { + access_token_lifespan = (known after apply) + access_type = (known after apply) + admin_url = (known after apply) + authentication_flow_binding_overrides = (known after apply) + authorization = (known after apply) + backchannel_logout_revoke_offline_sessions = (known after apply) + backchannel_logout_session_required = (known after apply) + backchannel_logout_url = (known after apply) + base_url = (known after apply) + client_authenticator_type = (known after apply) + client_id = "*******************" + client_offline_session_idle_timeout = (known after apply) + client_offline_session_max_lifespan = (known after apply) + client_secret = (sensitive value) + client_session_idle_timeout = (known after apply) + client_session_max_lifespan = (known after apply) + consent_required = (known after apply) + description = (known after apply) + direct_access_grants_enabled = (known after apply) + enabled = (known after apply) + exclude_session_state_from_auth_response = (known after apply) + extra_config = (known after apply) + frontchannel_logout_enabled = (known after apply) + frontchannel_logout_url = (known after apply) + full_scope_allowed = (known after apply) + id = (known after apply) + implicit_flow_enabled = (known after apply) + login_theme = (known after apply) + name = (known after apply) + pkce_code_challenge_method = (known after apply) + realm_id = (known after apply) + resource_server_id = (known after apply) + root_url = (known after apply) + service_account_user_id = (known after apply) + service_accounts_enabled = (known after apply) + standard_flow_enabled = (known after apply) + use_refresh_tokens = (known after apply) + use_refresh_tokens_client_credentials = (known after apply) + valid_redirect_uris = (known after apply) + web_origins = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_openid_client.clients["idir"] will be read during apply # (config refers to values not yet known) <= data "keycloak_openid_client" "clients" { + access_token_lifespan = (known after apply) + access_type = (known after apply) + admin_url = (known after apply) + authentication_flow_binding_overrides = (known after apply) + authorization = (known after apply) + backchannel_logout_revoke_offline_sessions = (known after apply) + backchannel_logout_session_required = (known after apply) + backchannel_logout_url = (known after apply) + base_url = (known after apply) + client_authenticator_type = (known after apply) + client_id = "**********" + client_offline_session_idle_timeout = (known after apply) + client_offline_session_max_lifespan = (known after apply) + client_secret = (sensitive value) + client_session_idle_timeout = (known after apply) + client_session_max_lifespan = (known after apply) + consent_required = (known after apply) + description = (known after apply) + direct_access_grants_enabled = (known after apply) + enabled = (known after apply) + exclude_session_state_from_auth_response = (known after apply) + extra_config = (known after apply) + frontchannel_logout_enabled = (known after apply) + frontchannel_logout_url = (known after apply) + full_scope_allowed = (known after apply) + id = (known after apply) + implicit_flow_enabled = (known after apply) + login_theme = (known after apply) + name = (known after apply) + pkce_code_challenge_method = (known after apply) + realm_id = (known after apply) + resource_server_id = (known after apply) + root_url = (known after apply) + service_account_user_id = (known after apply) + service_accounts_enabled = (known after apply) + standard_flow_enabled = (known after apply) + use_refresh_tokens = (known after apply) + use_refresh_tokens_client_credentials = (known after apply) + valid_redirect_uris = (known after apply) + web_origins = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_openid_client.clients["master"] will be read during apply # (config refers to values not yet known) <= data "keycloak_openid_client" "clients" { + access_token_lifespan = (known after apply) + access_type = (known after apply) + admin_url = (known after apply) + authentication_flow_binding_overrides = (known after apply) + authorization = (known after apply) + backchannel_logout_revoke_offline_sessions = (known after apply) + backchannel_logout_session_required = (known after apply) + backchannel_logout_url = (known after apply) + base_url = (known after apply) + client_authenticator_type = (known after apply) + client_id = "************" + client_offline_session_idle_timeout = (known after apply) + client_offline_session_max_lifespan = (known after apply) + client_secret = (sensitive value) + client_session_idle_timeout = (known after apply) + client_session_max_lifespan = (known after apply) + consent_required = (known after apply) + description = (known after apply) + direct_access_grants_enabled = (known after apply) + enabled = (known after apply) + exclude_session_state_from_auth_response = (known after apply) + extra_config = (known after apply) + frontchannel_logout_enabled = (known after apply) + frontchannel_logout_url = (known after apply) + full_scope_allowed = (known after apply) + id = (known after apply) + implicit_flow_enabled = (known after apply) + login_theme = (known after apply) + name = (known after apply) + pkce_code_challenge_method = (known after apply) + realm_id = (known after apply) + resource_server_id = (known after apply) + root_url = (known after apply) + service_account_user_id = (known after apply) + service_accounts_enabled = (known after apply) + standard_flow_enabled = (known after apply) + use_refresh_tokens = (known after apply) + use_refresh_tokens_client_credentials = (known after apply) + valid_redirect_uris = (known after apply) + web_origins = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_openid_client.clients["standard"] will be read during apply # (config refers to values not yet known) <= data "keycloak_openid_client" "clients" { + access_token_lifespan = (known after apply) + access_type = (known after apply) + admin_url = (known after apply) + authentication_flow_binding_overrides = (known after apply) + authorization = (known after apply) + backchannel_logout_revoke_offline_sessions = (known after apply) + backchannel_logout_session_required = (known after apply) + backchannel_logout_url = (known after apply) + base_url = (known after apply) + client_authenticator_type = (known after apply) + client_id = "**************" + client_offline_session_idle_timeout = (known after apply) + client_offline_session_max_lifespan = (known after apply) + client_secret = (sensitive value) + client_session_idle_timeout = (known after apply) + client_session_max_lifespan = (known after apply) + consent_required = (known after apply) + description = (known after apply) + direct_access_grants_enabled = (known after apply) + enabled = (known after apply) + exclude_session_state_from_auth_response = (known after apply) + extra_config = (known after apply) + frontchannel_logout_enabled = (known after apply) + frontchannel_logout_url = (known after apply) + full_scope_allowed = (known after apply) + id = (known after apply) + implicit_flow_enabled = (known after apply) + login_theme = (known after apply) + name = (known after apply) + pkce_code_challenge_method = (known after apply) + realm_id = (known after apply) + resource_server_id = (known after apply) + root_url = (known after apply) + service_account_user_id = (known after apply) + service_accounts_enabled = (known after apply) + standard_flow_enabled = (known after apply) + use_refresh_tokens = (known after apply) + use_refresh_tokens_client_credentials = (known after apply) + valid_redirect_uris = (known after apply) + web_origins = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_realm.master will be read during apply # (depends on a resource or a module with changes pending) <= data "keycloak_realm" "master" { + access_code_lifespan = (known after apply) + access_code_lifespan_login = (known after apply) + access_code_lifespan_user_action = (known after apply) + access_token_lifespan = (known after apply) + access_token_lifespan_for_implicit_flow = (known after apply) + account_theme = (known after apply) + action_token_generated_by_admin_lifespan = (known after apply) + action_token_generated_by_user_lifespan = (known after apply) + admin_theme = (known after apply) + attributes = (known after apply) + browser_flow = (known after apply) + client_authentication_flow = (known after apply) + client_session_idle_timeout = (known after apply) + client_session_max_lifespan = (known after apply) + default_default_client_scopes = (known after apply) + default_optional_client_scopes = (known after apply) + default_signature_algorithm = (known after apply) + direct_grant_flow = (known after apply) + display_name = (known after apply) + docker_authentication_flow = (known after apply) + duplicate_emails_allowed = (known after apply) + edit_username_allowed = (known after apply) + email_theme = (known after apply) + enabled = (known after apply) + id = (known after apply) + internal_id = (known after apply) + login_theme = (known after apply) + login_with_email_allowed = (known after apply) + oauth2_device_code_lifespan = (known after apply) + oauth2_device_polling_interval = (known after apply) + offline_session_idle_timeout = (known after apply) + offline_session_max_lifespan = (known after apply) + offline_session_max_lifespan_enabled = (known after apply) + password_policy = (known after apply) + realm = "master" + refresh_token_max_reuse = (known after apply) + registration_allowed = (known after apply) + registration_email_as_username = (known after apply) + registration_flow = (known after apply) + remember_me = (known after apply) + reset_credentials_flow = (known after apply) + reset_password_allowed = (known after apply) + revoke_refresh_token = (known after apply) + ssl_required = (known after apply) + sso_session_idle_timeout = (known after apply) + sso_session_idle_timeout_remember_me = (known after apply) + sso_session_max_lifespan = (known after apply) + sso_session_max_lifespan_remember_me = (known after apply) + user_managed_access = (known after apply) + verify_email = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_authorization["azureidir"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_authorization" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-authorization" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_authorization["bceidbasic"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_authorization" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-authorization" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_authorization["bceidboth"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_authorization" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-authorization" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_authorization["bceidbusiness"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_authorization" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-authorization" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_authorization["idir"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_authorization" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-authorization" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_authorization["master"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_authorization" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-authorization" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_authorization["standard"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_authorization" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-authorization" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_clients["azureidir"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_clients" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-clients" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_clients["bceidbasic"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_clients" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-clients" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_clients["bceidboth"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_clients" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-clients" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_clients["bceidbusiness"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_clients" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-clients" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_clients["idir"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_clients" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-clients" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_clients["master"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_clients" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-clients" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_clients["standard"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_clients" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-clients" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_events["azureidir"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_events" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-events" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_events["bceidbasic"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_events" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-events" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_events["bceidboth"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_events" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-events" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_events["bceidbusiness"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_events" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-events" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_events["idir"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_events" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-events" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_events["master"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_events" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-events" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_events["standard"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_events" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-events" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_identity_providers["azureidir"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_identity_providers" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-identity-providers" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_identity_providers["bceidbasic"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_identity_providers" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-identity-providers" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_identity_providers["bceidboth"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_identity_providers" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-identity-providers" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_identity_providers["bceidbusiness"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_identity_providers" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-identity-providers" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_identity_providers["idir"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_identity_providers" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-identity-providers" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_identity_providers["master"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_identity_providers" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-identity-providers" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_identity_providers["standard"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_identity_providers" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-identity-providers" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_realm["azureidir"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_realm" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-realm" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_realm["bceidbasic"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_realm" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-realm" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_realm["bceidboth"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_realm" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-realm" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_realm["bceidbusiness"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_realm" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-realm" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_realm["idir"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_realm" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-realm" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_realm["master"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_realm" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-realm" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_realm["standard"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_realm" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-realm" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_users["azureidir"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_users" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-users" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_users["bceidbasic"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_users" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-users" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_users["bceidboth"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_users" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-users" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_users["bceidbusiness"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_users" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-users" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_users["idir"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_users" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-users" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_users["master"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_users" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-users" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.data.keycloak_role.view_users["standard"] will be read during apply # (config refers to values not yet known) <= data "keycloak_role" "view_users" { + attributes = (known after apply) + client_id = (known after apply) + composite_roles = (known after apply) + description = (known after apply) + id = (known after apply) + name = "view-users" + realm_id = (known after apply) } # module.keycloak_dev.module.master_viewer_role.keycloak_openid_client.viewer_service_account must be replaced -/+ resource "keycloak_openid_client" "viewer_service_account" { - backchannel_logout_revoke_offline_sessions = false -> null ~ client_secret = (sensitive value) - extra_config = {} -> null ~ id = "************************************" -> (known after apply) name = "viwer-cli" ~ realm_id = "******" -> (known after apply) # forces replacement + resource_server_id = (known after apply) ~ service_account_user_id = "************************************" -> (known after apply) - valid_redirect_uris = [] -> null - web_origins = [] -> null # (17 unchanged attributes hidden) } # module.keycloak_dev.module.master_viewer_role.keycloak_openid_client_service_account_realm_role.viewer_service_account_viewer_role must be replaced -/+ resource "keycloak_openid_client_service_account_realm_role" "viewer_service_account_viewer_role" { ~ id = "*************************************************************************" -> (known after apply) ~ realm_id = "******" -> (known after apply) # forces replacement ~ service_account_user_id = "************************************" -> (known after apply) # forces replacement # (1 unchanged attribute hidden) } # module.keycloak_dev.module.master_viewer_role.keycloak_role.viewer must be replaced -/+ resource "keycloak_role" "viewer" { - attributes = {} -> null ~ composite_roles = [ - "06ec1691-061a-49bd-8997-d66ee6e97ac3", - "0e14026c-ecb0-4727-a288-5ee083907a2b", - "0f5130ca-be0e-43c6-b923-4400a37f4dba", - "10a13789-48da-4769-b45d-c188e9a3fb8a", - "124ada00-627a-4561-a8a6-0f5af2b46ae7", - "1330209f-28f4-457f-9d2d-082fc67f40d6", - "177f8179-6866-4df7-ac41-45d1f35a92e1", - "181adb99-5f90-4b26-8cc8-e90e51158518", - "1adeb478-dee9-4e79-832d-35cee16a90f0", - "1d95dcc3-227e-4c2b-9a57-efb4b16b3519", - "38ef2f16-2913-4fd4-8958-e85d569ccb2e", - "4546e51b-8ccb-48b9-85e7-091ba37fc6af", - "4979cead-6ab4-4503-b696-18f5037031a4", - "4b28219a-1ffa-4cbe-9931-5e3833ec1959", - "4e379266-ae1f-4a90-a4b0-7fc00828ecf2", - "4e596f3e-d1f5-4046-b36a-3278553a1c1f", - "65131363-9986-4144-b8bc-b3f07261549a", - "65ab9393-bf34-4e6c-be8b-657736b1f339", - "6c888bac-a8b0-4099-9a6a-78c494f71dbd", - "7760db64-1068-429c-9833-44ac1e5ee4d1", - "7afa503e-deef-4180-a256-930b3be84b49", - "7d6fc9df-a9b5-4cd3-8a2b-29a4d4b3694d", - "83ca8807-7b4d-451f-a65e-6388d121a3f3", - "8ac1632e-b598-4dd5-9a45-7e7bebb4f8f3", - "8f092661-4c53-43e4-bfb7-64f4f8c43d3b", - "9b1c6766-137e-4088-9fb2-019955e35244", - "a0aee34b-2a47-4cf7-9ed9-ca200f0b640c", - "a0e0d62e-f445-444b-b8a7-216bb668a052", - "a465c19c-819c-4242-a3e5-59d65ea729ed", - "b004db88-4127-4133-80ce-fed9a2556a1c", - "bde3ec85-e92a-4542-a1f6-34cc2e369f8f", - "befa61a9-32e8-44a1-93cb-625fb70ef6f4", - "c4e6f47b-3b6d-4df1-9057-ee314160c282", - "c6834209-61ef-44d4-84fc-76a3db869c8a", - "cb8443d5-4909-4999-a943-6bd35b131ed1", - "cd4466cd-54bc-49e2-a19f-c4c054da2466", - "e1feebc9-cef0-4996-94bb-3ab6af543005", - "e772ee42-5b82-4951-b6ab-67c7d9508a85", - "e79c1833-e255-4c01-91d5-41dc1e69cbe3", - "ec345cb2-699a-443b-a20a-0395db729106", - "ed2fe752-ab07-45da-b526-1fa71487c867", - "f1f0f62e-cbb8-43a9-9be8-7c057bf5cfb1", ] -> (known after apply) ~ id = "************************************" -> (known after apply) name = "viewer" ~ realm_id = "******" -> (known after apply) # forces replacement } # module.keycloak_dev.module.standard.module.azureidir_idp.keycloak_oidc_identity_provider.this will be updated in-place ~ resource "keycloak_oidc_identity_provider" "this" { ~ display_name = "azureidir" -> "Azure IDIR" id = "azureidir" # (30 unchanged attributes hidden) } # module.keycloak_dev.module.standard.module.bceidbasic_idp.keycloak_oidc_identity_provider.this will be updated in-place ~ resource "keycloak_oidc_identity_provider" "this" { ~ display_name = "bceidbasic" -> "BCeID (Basic)" id = "bceidbasic" # (30 unchanged attributes hidden) } # module.keycloak_dev.module.standard.module.bceidboth_idp.keycloak_oidc_identity_provider.this will be updated in-place ~ resource "keycloak_oidc_identity_provider" "this" { ~ display_name = "bceidboth" -> "BCeID (Basic + Business)" id = "bceidboth" # (30 unchanged attributes hidden) } # module.keycloak_dev.module.standard.module.bceidbusiness_idp.keycloak_oidc_identity_provider.this will be updated in-place ~ resource "keycloak_oidc_identity_provider" "this" { ~ display_name = "bceidbusiness" -> "BCeID (Business" id = "bceidbusiness" # (30 unchanged attributes hidden) } # module.keycloak_dev.module.standard.module.idir_idp.keycloak_oidc_identity_provider.this will be updated in-place ~ resource "keycloak_oidc_identity_provider" "this" { ~ display_name = "idir" -> "IDIR" id = "idir" # (30 unchanged attributes hidden) } # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.keycloak_openid_client.this will be updated in-place ~ resource "keycloak_openid_client" "this" { ~ access_type = "PUBLIC" -> "CONFIDENTIAL" id = "964536b8-fd89-4a03-a14a-e8275c700515" name = "demo-app-1-5-31-2477" ~ valid_redirect_uris = [ - "*", # (2 unchanged elements hidden) ] # (21 unchanged attributes hidden) # (1 unchanged block hidden) } # module.keycloak_dev.module.standard_clients.module.demo-app-2-6-01-2477.keycloak_openid_client.this will be updated in-place ~ resource "keycloak_openid_client" "this" { ~ access_type = "PUBLIC" -> "CONFIDENTIAL" id = "204c75b0-9d12-4b60-acfc-6c6207294bca" name = "demo-app-2-6-01-2477" ~ valid_redirect_uris = [ - "*", - "http://localhost:3000/*", # (2 unchanged elements hidden) ] ~ web_origins = [ - "http://localhost:3000", # (3 unchanged elements hidden) ] # (20 unchanged attributes hidden) # (1 unchanged block hidden) } # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.module.bcsc-idp[0].module.bcsc_idp_standard.keycloak_oidc_identity_provider.this will be updated in-place ~ resource "keycloak_oidc_identity_provider" "this" { ~ backchannel_supported = false -> true id = "bcsc" # (30 unchanged attributes hidden) } Plan: 3 to add, 8 to change, 3 to destroy. ```

:x: Plan not applied in Apply KeyCloak terraform plan #24 (Plan has changed)

github-actions[bot] commented 2 years ago

Terraform plan in terraform/infrastructure

No changes. Your infrastructure matches the configuration. ``` No changes. Your infrastructure matches the configuration. Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed. ```

:white_check_mark: Plan applied in Apply infrastructure terraform plan #31