keycloak / terraform-provider-keycloak

Terraform provider for Keycloak
https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs
Apache License 2.0
647 stars 316 forks source link

[authz] unable to create a scope-based permission #420

Open semangard opened 4 years ago

semangard commented 4 years ago

Hello,

I used the following code :

image

And here is what I got into KC console :

image

The permission is resource-based despite having declared a scope into the TF code.

How to make it work ?

diamondq commented 3 years ago

I realize that this is old, but since it's not closed...

To create a scope based permission, you need to add the type="scope" element.

resource "keycloak_openid_client_authorization_permission" "testdata_permissions_READAccess" {
    resource_server_id                 = keycloak_openid_client.backend.id
    realm_id                           = keycloak_realm.realm.id
    type                               = "scope"
    name                               = "/dms/object/testdata/permissions/READAccess[READ,TAGLINE]"
    description                        = "Provides READ,TAGLINE access to the /dms/object/testdata/permissions/READAccess resource"
    resources                          = [
        keycloak_openid_client_authorization_resource.testdata_permissions_READAccess[count.index].id
    ]
    policies                           = [
        keycloak_openid_client_user_policy.dev_user[count.index].id
    ]
    scopes                             = [
        keycloak_openid_client_authorization_scope.READ.id,
        keycloak_openid_client_authorization_scope.TAGLINE.id
    ]
}