diamondq
commented
3 years ago I realize that this is old, but since it's not closed...
To create a scope based permission, you need to add the type="scope" element.
resource "keycloak_openid_client_authorization_permission" "testdata_permissions_READAccess" {
resource_server_id = keycloak_openid_client.backend.id
realm_id = keycloak_realm.realm.id
type = "scope"
name = "/dms/object/testdata/permissions/READAccess[READ,TAGLINE]"
description = "Provides READ,TAGLINE access to the /dms/object/testdata/permissions/READAccess resource"
resources = [
keycloak_openid_client_authorization_resource.testdata_permissions_READAccess[count.index].id
]
policies = [
keycloak_openid_client_user_policy.dev_user[count.index].id
]
scopes = [
keycloak_openid_client_authorization_scope.READ.id,
keycloak_openid_client_authorization_scope.TAGLINE.id
]
}
Hello,
I used the following code :
And here is what I got into KC console :
The permission is resource-based despite having declared a scope into the TF code.
How to make it work ?