BCSCP-11 Added client configuration for onboarding demo app

simensma-fresh commented 2 years ago

Summary

Added client configuration for onboarding demo app

Changes

Added demo-app-onboarding.tf
Notes

github-actions[bot] commented 2 years ago

Terraform plan in terraform/demo-app

Plan: 2 to add, 2 to change, 0 to destroy.

```hcl Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create ~ update in-place Terraform will perform the following actions: # module.demo_app_1.kubernetes_deployment.app_deployment will be updated in-place ~ resource "kubernetes_deployment" "app_deployment" { id = "b0f542-dev/ssag-demo-app-1" # (1 unchanged attribute hidden) ~ spec { # (5 unchanged attributes hidden) ~ template { ~ spec { # (11 unchanged attributes hidden) ~ container { ~ image = "roysagar11/ssag:v0.0.4" -> "roysagar11/ssag" name = "ssag-demo-app-1" # (8 unchanged attributes hidden) # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # (1 unchanged block hidden) } # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # module.demo_app_1.kubernetes_ingress.app_ingress will be created + resource "kubernetes_ingress" "app_ingress" { + id = (known after apply) + status = (known after apply) + metadata { + annotations = { + "route.openshift.io/termination" = "edge" } + generation = (known after apply) + name = "ssag-demo-app-1" + namespace = "b0f542-dev" + resource_version = (known after apply) + uid = (known after apply) } + spec { + backend { + service_name = "ssag-demo-app-1" + service_port = "80" } + rule { + host = "demo-app-1.apps.silver.devops.gov.bc.ca" + http { + path { + path = "/" + backend { + service_name = "ssag-demo-app-1" + service_port = "80" } } } } } } # module.demo_app_2.kubernetes_deployment.app_deployment will be updated in-place ~ resource "kubernetes_deployment" "app_deployment" { id = "b0f542-dev/ssag-demo-app-2" # (1 unchanged attribute hidden) ~ spec { # (5 unchanged attributes hidden) ~ template { ~ spec { # (11 unchanged attributes hidden) ~ container { ~ image = "roysagar11/ssag:v0.0.4" -> "roysagar11/ssag" name = "ssag-demo-app-2" # (8 unchanged attributes hidden) # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # (1 unchanged block hidden) } # (2 unchanged blocks hidden) } # (1 unchanged block hidden) } # module.demo_app_2.kubernetes_ingress.app_ingress will be created + resource "kubernetes_ingress" "app_ingress" { + id = (known after apply) + status = (known after apply) + metadata { + annotations = { + "route.openshift.io/termination" = "edge" } + generation = (known after apply) + name = "ssag-demo-app-2" + namespace = "b0f542-dev" + resource_version = (known after apply) + uid = (known after apply) } + spec { + backend { + service_name = "ssag-demo-app-2" + service_port = "80" } + rule { + host = "demo-app-2.apps.silver.devops.gov.bc.ca" + http { + path { + path = "/" + backend { + service_name = "ssag-demo-app-2" + service_port = "80" } } } } } } Plan: 2 to add, 2 to change, 0 to destroy. ```

:memo: Plan generated in Runs Demo applications terraform plan #38

github-actions[bot] commented 2 years ago

Terraform plan in terraform/keycloak

Plan: 55 to add, 3 to change, 0 to destroy.

```hcl Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create ~ update in-place Terraform will perform the following actions: # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.keycloak_openid_client.this will be updated in-place ~ resource "keycloak_openid_client" "this" { ~ access_type = "PUBLIC" -> "CONFIDENTIAL" id = "964536b8-fd89-4a03-a14a-e8275c700515" name = "demo-app-1-5-31-2477" ~ valid_redirect_uris = [ - "*", # (2 unchanged elements hidden) ] # (21 unchanged attributes hidden) # (1 unchanged block hidden) } # module.keycloak_dev.module.standard_clients.module.demo-app-2-6-01-2477.keycloak_openid_client.this will be updated in-place ~ resource "keycloak_openid_client" "this" { ~ access_type = "PUBLIC" -> "CONFIDENTIAL" id = "204c75b0-9d12-4b60-acfc-6c6207294bca" name = "demo-app-2-6-01-2477" ~ valid_redirect_uris = [ - "*", - "http://localhost:3000/*", # (2 unchanged elements hidden) ] ~ web_origins = [ - "http://localhost:3000", # (3 unchanged elements hidden) ] # (20 unchanged attributes hidden) # (1 unchanged block hidden) } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.keycloak_generic_client_protocol_mapper.access_token_aud will be created + resource "keycloak_generic_client_protocol_mapper" "access_token_aud" { + client_id = (known after apply) + config = { + "access.token.claim" = "****" + "id.token.claim" = "*****" + "included.client.audience" = "demo-app-onboarding" } + id = (known after apply) + name = "access_token_aud" + protocol = "openid-connect" + protocol_mapper = "oidc-audience-mapper" + realm_id = "********" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.keycloak_generic_client_protocol_mapper.client_roles_mapper will be created + resource "keycloak_generic_client_protocol_mapper" "client_roles_mapper" { + client_id = (known after apply) + config = { + "access.token.claim" = "****" + "claim.name" = "client_roles" + "id.token.claim" = "****" + "jsonType.label" = "String" + "multivalued" = "true" + "userinfo.token.claim" = "****" + "usermodel.clientRoleMapping.clientId" = "demo-app-onboarding" } + id = (known after apply) + name = "client_roles" + protocol = "openid-connect" + protocol_mapper = "oidc-usermodel-client-role-mapper" + realm_id = "********" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.keycloak_openid_client.this will be created + resource "keycloak_openid_client" "this" { + access_type = "CONFIDENTIAL" + backchannel_logout_session_required = true + client_authenticator_type = "client-secret" + client_id = "*******************" + client_secret = (sensitive value) + consent_required = false + description = "Social Sector Access Portal App to demo onboarding" + direct_access_grants_enabled = false + display_on_consent_screen = false + enabled = true + exclude_session_state_from_auth_response = false + frontchannel_logout_enabled = false + full_scope_allowed = false + id = (known after apply) + implicit_flow_enabled = true + name = "demo-app-onboarding" + oauth2_device_authorization_grant_enabled = false + realm_id = "********" + resource_server_id = (known after apply) + service_account_user_id = (known after apply) + service_accounts_enabled = false + standard_flow_enabled = true + use_refresh_tokens = true + use_refresh_tokens_client_credentials = false + valid_redirect_uris = [ + "https://demo-app-1.apps.silver.devops.gov.bc.ca/*", ] + web_origins = [ + "+", + "https://demo-app-1.apps.silver.devops.gov.bc.ca/*", ] + authentication_flow_binding_overrides { + browser_id = "************************************" } } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.keycloak_openid_client_default_scopes.idp_scopes will be created + resource "keycloak_openid_client_default_scopes" "idp_scopes" { + client_id = (known after apply) + default_scopes = [ + "bceidbasic", + "bceidboth", + "bceidbusiness", + "bcsconboarding", + "common", + "email", + "idir", + "profile", ] + id = (known after apply) + realm_id = "********" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.keycloak_openid_client_optional_scopes.client_optional_scopes will be created + resource "keycloak_openid_client_optional_scopes" "client_optional_scopes" { + client_id = (known after apply) + id = (known after apply) + optional_scopes = [ + "offline_access", ] + realm_id = "********" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].keycloak_authentication_execution_config.browser_identity_provider_redirector_config will be created + resource "keycloak_authentication_execution_config" "browser_identity_provider_redirector_config" { + alias = "bcsconboarding" + config = { + "defaultProvider" = "bcsconboarding" } + execution_id = "************************************" + id = (known after apply) + realm_id = "*****" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_address will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_address" { + extra_config = { + "claim" = "address" + "syncMode" = "INHERIT" + "user.attribute" = "address" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "address" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_age will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_age" { + extra_config = { + "claim" = "age" + "syncMode" = "INHERIT" + "user.attribute" = "age" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "age" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_age19orover will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_age19orover" { + extra_config = { + "claim" = "age_19_or_over" + "syncMode" = "INHERIT" + "user.attribute" = "age19OrOver" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "age_19_or_over" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_birthdate will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_birthdate" { + extra_config = { + "claim" = "birthdate" + "syncMode" = "INHERIT" + "user.attribute" = "birthDate" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "birth_date" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_country will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_country" { + extra_config = { + "claim" = "country" + "syncMode" = "INHERIT" + "user.attribute" = "country" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "country" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_displayname will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_displayname" { + extra_config = { + "claim" = "display_name" + "syncMode" = "INHERIT" + "user.attribute" = "display_name" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "display_name" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_email will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_email" { + extra_config = { + "claim" = "email" + "syncMode" = "INHERIT" + "user.attribute" = "email" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "email" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_firstname will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_firstname" { + extra_config = { + "claim" = "given_name" + "syncMode" = "INHERIT" + "user.attribute" = "firstName" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "first_name" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_lastname will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_lastname" { + extra_config = { + "claim" = "family_name" + "syncMode" = "INHERIT" + "user.attribute" = "lastName" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "last_name" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_locality will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_locality" { + extra_config = { + "claim" = "locality" + "syncMode" = "INHERIT" + "user.attribute" = "locality" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "locality" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_postal_code will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_postal_code" { + extra_config = { + "claim" = "postal_code" + "syncMode" = "INHERIT" + "user.attribute" = "postalCode" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "postal_code" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_sex will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_sex" { + extra_config = { + "claim" = "gender" + "syncMode" = "INHERIT" + "user.attribute" = "gender" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "sex" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_state_or_province will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_state_or_province" { + extra_config = { + "claim" = "region" + "syncMode" = "INHERIT" + "user.attribute" = "region" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "state_or_province" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_street_address will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_street_address" { + extra_config = { + "claim" = "street_address" + "syncMode" = "INHERIT" + "user.attribute" = "streetAddress" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "street_address" + realm = "bcsc1" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].keycloak_custom_identity_provider_mapper.bcsc_username will be created + resource "keycloak_custom_identity_provider_mapper" "bcsc_username" { + extra_config = { + "syncMode" = "INHERIT" + "template" = "${CLAIM.preferred_username}@${ALIAS}" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-username-idp-mapper" + name = "username" + realm = "standard" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].keycloak_openid_client_scope.idp_scope will be created + resource "keycloak_openid_client_scope" "idp_scope" { + description = "bcsconboarding idp client scope" + id = (known after apply) + include_in_token_scope = false + name = "bcsconboarding" + realm_id = "********" } # module.keycloak_dev.module.standard_clients.module.demo-app-1-5-31-2477.module.bcsc-idp[0].module.bcsc_idp_standard.keycloak_oidc_identity_provider.this will be updated in-place ~ resource "keycloak_oidc_identity_provider" "this" { ~ backchannel_supported = false -> true id = "bcsc" # (30 unchanged attributes hidden) } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.bcsc_idp.keycloak_oidc_identity_provider.this will be created + resource "keycloak_oidc_identity_provider" "this" { + accepts_prompt_none_forward_from_client = false + add_read_token_role_on_create = false + alias = "bcsconboarding" + authenticate_by_default = false + authorization_url = "https://idtest.gov.bc.ca/login/oidc/authorize" + backchannel_supported = true + client_id = (sensitive) + client_secret = (sensitive value) + default_scopes = "openid profile email address" + disable_user_info = false + display_name = "bcsconboarding" + enabled = true + extra_config = { + "clientAuthMethod" = "client_secret_post" } + first_broker_login_flow_alias = "first broker login" + gui_order = "" + hide_on_login_page = false + id = (known after apply) + internal_id = (known after apply) + jwks_url = "https://idtest.gov.bc.ca/oauth2/jwk" + link_only = false + login_hint = "false" + logout_url = "" + post_broker_login_flow_alias = "" + provider_id = "****" + realm = "bcsc1" + store_token = false + sync_mode = "FORCE" + token_url = "https://idtest.gov.bc.ca/oauth2/token" + trust_email = false + ui_locales = false + user_info_url = "https://idtest.gov.bc.ca/oauth2/userinfo" + validate_signature = true } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.bcsc_idp_mappers.keycloak_custom_identity_provider_mapper.this["address"] will be created + resource "keycloak_custom_identity_provider_mapper" "this" { + extra_config = { + "claim" = "address" + "syncMode" = "INHERIT" + "user.attribute" = "address" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "address" + realm = "standard" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.bcsc_idp_mappers.keycloak_custom_identity_provider_mapper.this["age"] will be created + resource "keycloak_custom_identity_provider_mapper" "this" { + extra_config = { + "claim" = "age" + "syncMode" = "INHERIT" + "user.attribute" = "age" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "age" + realm = "standard" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.bcsc_idp_mappers.keycloak_custom_identity_provider_mapper.this["age19OrOver"] will be created + resource "keycloak_custom_identity_provider_mapper" "this" { + extra_config = { + "claim" = "age19OrOver" + "syncMode" = "INHERIT" + "user.attribute" = "age19OrOver" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "age19OrOver" + realm = "standard" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.bcsc_idp_mappers.keycloak_custom_identity_provider_mapper.this["birthDate"] will be created + resource "keycloak_custom_identity_provider_mapper" "this" { + extra_config = { + "claim" = "birthDate" + "syncMode" = "INHERIT" + "user.attribute" = "birthDate" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "birthDate" + realm = "standard" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.bcsc_idp_mappers.keycloak_custom_identity_provider_mapper.this["country"] will be created + resource "keycloak_custom_identity_provider_mapper" "this" { + extra_config = { + "claim" = "country" + "syncMode" = "INHERIT" + "user.attribute" = "country" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "country" + realm = "standard" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.bcsc_idp_mappers.keycloak_custom_identity_provider_mapper.this["display_name"] will be created + resource "keycloak_custom_identity_provider_mapper" "this" { + extra_config = { + "claim" = "display_name" + "syncMode" = "INHERIT" + "user.attribute" = "display_name" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "display_name" + realm = "standard" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.bcsc_idp_mappers.keycloak_custom_identity_provider_mapper.this["email"] will be created + resource "keycloak_custom_identity_provider_mapper" "this" { + extra_config = { + "claim" = "email" + "syncMode" = "INHERIT" + "user.attribute" = "email" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "email" + realm = "standard" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.bcsc_idp_mappers.keycloak_custom_identity_provider_mapper.this["firstName"] will be created + resource "keycloak_custom_identity_provider_mapper" "this" { + extra_config = { + "claim" = "firstName" + "syncMode" = "INHERIT" + "user.attribute" = "firstName" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "firstName" + realm = "standard" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.bcsc_idp_mappers.keycloak_custom_identity_provider_mapper.this["gender"] will be created + resource "keycloak_custom_identity_provider_mapper" "this" { + extra_config = { + "claim" = "gender" + "syncMode" = "INHERIT" + "user.attribute" = "gender" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "gender" + realm = "standard" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.bcsc_idp_mappers.keycloak_custom_identity_provider_mapper.this["lastName"] will be created + resource "keycloak_custom_identity_provider_mapper" "this" { + extra_config = { + "claim" = "lastName" + "syncMode" = "INHERIT" + "user.attribute" = "lastName" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "lastName" + realm = "standard" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.bcsc_idp_mappers.keycloak_custom_identity_provider_mapper.this["locality"] will be created + resource "keycloak_custom_identity_provider_mapper" "this" { + extra_config = { + "claim" = "locality" + "syncMode" = "INHERIT" + "user.attribute" = "locality" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "locality" + realm = "standard" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.bcsc_idp_mappers.keycloak_custom_identity_provider_mapper.this["postalCode"] will be created + resource "keycloak_custom_identity_provider_mapper" "this" { + extra_config = { + "claim" = "postalCode" + "syncMode" = "INHERIT" + "user.attribute" = "postalCode" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "postalCode" + realm = "standard" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.bcsc_idp_mappers.keycloak_custom_identity_provider_mapper.this["region"] will be created + resource "keycloak_custom_identity_provider_mapper" "this" { + extra_config = { + "claim" = "region" + "syncMode" = "INHERIT" + "user.attribute" = "region" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "region" + realm = "standard" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.bcsc_idp_mappers.keycloak_custom_identity_provider_mapper.this["streetAddress"] will be created + resource "keycloak_custom_identity_provider_mapper" "this" { + extra_config = { + "claim" = "streetAddress" + "syncMode" = "INHERIT" + "user.attribute" = "streetAddress" } + id = (known after apply) + identity_provider_alias = "bcsconboarding" + identity_provider_mapper = "oidc-user-attribute-idp-mapper" + name = "streetAddress" + realm = "standard" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.bcsc_idp_standard.keycloak_oidc_identity_provider.this will be created + resource "keycloak_oidc_identity_provider" "this" { + accepts_prompt_none_forward_from_client = false + add_read_token_role_on_create = false + alias = "bcsconboarding" + authenticate_by_default = false + authorization_url = "https://social-sector-access-gateway-dev.apps.silver.devops.gov.bc.ca/realms/bcsc1/protocol/openid-connect/auth?kc_idp_hint=bcsconboarding" + backchannel_supported = true + client_id = "*****************************" + client_secret = (sensitive value) + default_scopes = "openid" + disable_user_info = false + display_name = "bcsconboarding" + enabled = true + extra_config = { + "clientAuthMethod" = "client_secret_post" } + first_broker_login_flow_alias = "first broker login" + gui_order = "" + hide_on_login_page = false + id = (known after apply) + internal_id = (known after apply) + jwks_url = "https://social-sector-access-gateway-dev.apps.silver.devops.gov.bc.ca/realms/bcsc1/protocol/openid-connect/certs" + link_only = false + login_hint = "false" + logout_url = "" + post_broker_login_flow_alias = "" + provider_id = "****" + realm = "standard" + store_token = false + sync_mode = "FORCE" + token_url = "https://social-sector-access-gateway-dev.apps.silver.devops.gov.bc.ca/realms/bcsc1/protocol/openid-connect/token" + trust_email = false + ui_locales = false + user_info_url = "https://social-sector-access-gateway-dev.apps.silver.devops.gov.bc.ca/realms/bcsc1/protocol/openid-connect/userinfo" + validate_signature = true } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.standard_client.keycloak_openid_client.this will be created + resource "keycloak_openid_client" "this" { + access_type = "CONFIDENTIAL" + backchannel_logout_session_required = true + client_authenticator_type = "client-secret" + client_id = "*****************************" + client_secret = (sensitive value) + consent_required = false + direct_access_grants_enabled = false + display_on_consent_screen = false + enabled = true + exclude_session_state_from_auth_response = false + frontchannel_logout_enabled = false + full_scope_allowed = true + id = (known after apply) + implicit_flow_enabled = false + name = "standard-realm-bcsconboarding" + oauth2_device_authorization_grant_enabled = false + realm_id = "*****" + resource_server_id = (known after apply) + service_account_user_id = (known after apply) + service_accounts_enabled = false + standard_flow_enabled = true + use_refresh_tokens = true + use_refresh_tokens_client_credentials = false + valid_redirect_uris = [ + "https://social-sector-access-gateway-dev.apps.silver.devops.gov.bc.ca/realms/standard/broker/bcsconboarding/endpoint", ] } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.standard_client.keycloak_openid_client_default_scopes.client_default_scopes will be created + resource "keycloak_openid_client_default_scopes" "client_default_scopes" { + client_id = (known after apply) + default_scopes = [ + "email", + "profile", ] + id = (known after apply) + realm_id = "*****" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.standard_client.keycloak_openid_client_optional_scopes.client_optional_scopes will be created + resource "keycloak_openid_client_optional_scopes" "client_optional_scopes" { + client_id = (known after apply) + id = (known after apply) + optional_scopes = [ + "offline_access", ] + realm_id = "*****" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.standard_client.module.client_mappers.keycloak_generic_client_protocol_mapper.this["address"] will be created + resource "keycloak_generic_client_protocol_mapper" "this" { + client_id = (known after apply) + config = { + "access.token.claim" = "****" + "claim.name" = "address" + "id.token.claim" = "****" + "jsonType.label" = "String" + "user.attribute" = "address" + "userinfo.token.claim" = "****" } + id = (known after apply) + name = "address" + protocol = "openid-connect" + protocol_mapper = "oidc-usermodel-attribute-mapper" + realm_id = "*****" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.standard_client.module.client_mappers.keycloak_generic_client_protocol_mapper.this["age"] will be created + resource "keycloak_generic_client_protocol_mapper" "this" { + client_id = (known after apply) + config = { + "access.token.claim" = "****" + "claim.name" = "age" + "id.token.claim" = "****" + "jsonType.label" = "String" + "user.attribute" = "age" + "userinfo.token.claim" = "****" } + id = (known after apply) + name = "age" + protocol = "openid-connect" + protocol_mapper = "oidc-usermodel-attribute-mapper" + realm_id = "*****" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.standard_client.module.client_mappers.keycloak_generic_client_protocol_mapper.this["age19OrOver"] will be created + resource "keycloak_generic_client_protocol_mapper" "this" { + client_id = (known after apply) + config = { + "access.token.claim" = "****" + "claim.name" = "age19OrOver" + "id.token.claim" = "****" + "jsonType.label" = "String" + "user.attribute" = "age19OrOver" + "userinfo.token.claim" = "****" } + id = (known after apply) + name = "age19OrOver" + protocol = "openid-connect" + protocol_mapper = "oidc-usermodel-attribute-mapper" + realm_id = "*****" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.standard_client.module.client_mappers.keycloak_generic_client_protocol_mapper.this["birthDate"] will be created + resource "keycloak_generic_client_protocol_mapper" "this" { + client_id = (known after apply) + config = { + "access.token.claim" = "****" + "claim.name" = "birthDate" + "id.token.claim" = "****" + "jsonType.label" = "String" + "user.attribute" = "birthDate" + "userinfo.token.claim" = "****" } + id = (known after apply) + name = "birthDate" + protocol = "openid-connect" + protocol_mapper = "oidc-usermodel-attribute-mapper" + realm_id = "*****" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.standard_client.module.client_mappers.keycloak_generic_client_protocol_mapper.this["country"] will be created + resource "keycloak_generic_client_protocol_mapper" "this" { + client_id = (known after apply) + config = { + "access.token.claim" = "****" + "claim.name" = "country" + "id.token.claim" = "****" + "jsonType.label" = "String" + "user.attribute" = "country" + "userinfo.token.claim" = "****" } + id = (known after apply) + name = "country" + protocol = "openid-connect" + protocol_mapper = "oidc-usermodel-attribute-mapper" + realm_id = "*****" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.standard_client.module.client_mappers.keycloak_generic_client_protocol_mapper.this["display_name"] will be created + resource "keycloak_generic_client_protocol_mapper" "this" { + client_id = (known after apply) + config = { + "access.token.claim" = "****" + "claim.name" = "display_name" + "id.token.claim" = "****" + "jsonType.label" = "String" + "user.attribute" = "display_name" + "userinfo.token.claim" = "****" } + id = (known after apply) + name = "display_name" + protocol = "openid-connect" + protocol_mapper = "oidc-usermodel-attribute-mapper" + realm_id = "*****" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.standard_client.module.client_mappers.keycloak_generic_client_protocol_mapper.this["email"] will be created + resource "keycloak_generic_client_protocol_mapper" "this" { + client_id = (known after apply) + config = { + "access.token.claim" = "****" + "claim.name" = "email" + "id.token.claim" = "****" + "jsonType.label" = "String" + "user.attribute" = "email" + "userinfo.token.claim" = "****" } + id = (known after apply) + name = "email" + protocol = "openid-connect" + protocol_mapper = "oidc-usermodel-attribute-mapper" + realm_id = "*****" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.standard_client.module.client_mappers.keycloak_generic_client_protocol_mapper.this["firstName"] will be created + resource "keycloak_generic_client_protocol_mapper" "this" { + client_id = (known after apply) + config = { + "access.token.claim" = "****" + "claim.name" = "firstName" + "id.token.claim" = "****" + "jsonType.label" = "String" + "user.attribute" = "firstName" + "userinfo.token.claim" = "****" } + id = (known after apply) + name = "firstName" + protocol = "openid-connect" + protocol_mapper = "oidc-usermodel-attribute-mapper" + realm_id = "*****" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.standard_client.module.client_mappers.keycloak_generic_client_protocol_mapper.this["gender"] will be created + resource "keycloak_generic_client_protocol_mapper" "this" { + client_id = (known after apply) + config = { + "access.token.claim" = "****" + "claim.name" = "gender" + "id.token.claim" = "****" + "jsonType.label" = "String" + "user.attribute" = "gender" + "userinfo.token.claim" = "****" } + id = (known after apply) + name = "gender" + protocol = "openid-connect" + protocol_mapper = "oidc-usermodel-attribute-mapper" + realm_id = "*****" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.standard_client.module.client_mappers.keycloak_generic_client_protocol_mapper.this["lastName"] will be created + resource "keycloak_generic_client_protocol_mapper" "this" { + client_id = (known after apply) + config = { + "access.token.claim" = "****" + "claim.name" = "lastName" + "id.token.claim" = "****" + "jsonType.label" = "String" + "user.attribute" = "lastName" + "userinfo.token.claim" = "****" } + id = (known after apply) + name = "lastName" + protocol = "openid-connect" + protocol_mapper = "oidc-usermodel-attribute-mapper" + realm_id = "*****" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.standard_client.module.client_mappers.keycloak_generic_client_protocol_mapper.this["locality"] will be created + resource "keycloak_generic_client_protocol_mapper" "this" { + client_id = (known after apply) + config = { + "access.token.claim" = "****" + "claim.name" = "locality" + "id.token.claim" = "****" + "jsonType.label" = "String" + "user.attribute" = "locality" + "userinfo.token.claim" = "****" } + id = (known after apply) + name = "locality" + protocol = "openid-connect" + protocol_mapper = "oidc-usermodel-attribute-mapper" + realm_id = "*****" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.standard_client.module.client_mappers.keycloak_generic_client_protocol_mapper.this["postalCode"] will be created + resource "keycloak_generic_client_protocol_mapper" "this" { + client_id = (known after apply) + config = { + "access.token.claim" = "****" + "claim.name" = "postalCode" + "id.token.claim" = "****" + "jsonType.label" = "String" + "user.attribute" = "postalCode" + "userinfo.token.claim" = "****" } + id = (known after apply) + name = "postalCode" + protocol = "openid-connect" + protocol_mapper = "oidc-usermodel-attribute-mapper" + realm_id = "*****" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.standard_client.module.client_mappers.keycloak_generic_client_protocol_mapper.this["region"] will be created + resource "keycloak_generic_client_protocol_mapper" "this" { + client_id = (known after apply) + config = { + "access.token.claim" = "****" + "claim.name" = "region" + "id.token.claim" = "****" + "jsonType.label" = "String" + "user.attribute" = "region" + "userinfo.token.claim" = "****" } + id = (known after apply) + name = "region" + protocol = "openid-connect" + protocol_mapper = "oidc-usermodel-attribute-mapper" + realm_id = "*****" } # module.keycloak_dev.module.standard_clients.module.demo-app-onboarding.module.bcsc-idp[0].module.standard_client.module.client_mappers.keycloak_generic_client_protocol_mapper.this["streetAddress"] will be created + resource "keycloak_generic_client_protocol_mapper" "this" { + client_id = (known after apply) + config = { + "access.token.claim" = "****" + "claim.name" = "streetAddress" + "id.token.claim" = "****" + "jsonType.label" = "String" + "user.attribute" = "streetAddress" + "userinfo.token.claim" = "****" } + id = (known after apply) + name = "streetAddress" + protocol = "openid-connect" + protocol_mapper = "oidc-usermodel-attribute-mapper" + realm_id = "*****" } Plan: 55 to add, 3 to change, 0 to destroy. ```

:memo: Plan generated in Runs KeyCloak terraform plan #56

github-actions[bot] commented 2 years ago

Terraform plan in terraform/infrastructure

No changes. Your infrastructure matches the configuration.

``` No changes. Your infrastructure matches the configuration. Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed. ```

:memo: Plan generated in Runs infrastructure terraform plan #104

bcgov / social-access-portal

BCSCP-11 Added client configuration for onboarding demo app #36

Summary

Changes

Notes