Requirements

Name	Version
keycloak	4.4.0

Providers

Name	Version
keycloak	4.4.0

Modules

No modules.

Resources

Name	Type
keycloak_group.project_group	resource
keycloak_group.role_groups	resource
keycloak_group.tenant_group	data source
keycloak_realm.realm	data source

Inputs

Name	Description	Type	Default	Required
custom_login_url	URL of custom login page/app.	string	null	no
kc_base_url	Base URL of KeyCloak instance to interact with.	string	n/a	yes
kc_iam_auth_client_id	Client ID of client where KC roles corresponding to AWS roles will be created.	string	n/a	yes
kc_realm	KeyCloak realm where terraform client has been created and where users/groups to be created/manipulated exist.	string	n/a	yes
kc_terraform_auth_client_id	Client ID of client that terraform will authenticate against in order to do its work.	string	n/a	yes
kc_terraform_auth_client_secret	Client secret used by Terraform KeyCloak provider authenticate against KeyCloak.	string	n/a	yes
project_accounts	A map of the project accounts (with structure matching output of aws_organizations_account) for which we will be creating roles and IDP resources, keyed by the name of the envrionment.	map(any)	n/a	yes
project_spec	List of projects/(accounts) that product teams' workloads run within.	object({ identifier = string name = string tags = object({ account_coding = string # ministry_name = string admin_contact_email = string admin_contact_name = string billing_group = string additional_contacts = optional(list(object({ name = optional(string, null) email = optional(string, null) }))) }) accounts = list(object({ name = string environment = string })) })	n/a	yes
tenancy_root_group_name	n/a	string	"Project Team Groups"	no
workload_account_role_config	A mapping of role names to be created to (existing) policy arns.	list(object({ aws_role_name = string aws_policy_arns = list(string) keycloak_group_name = string environments = list(string) }))	n/a	yes

Outputs

No outputs.