Support impersonate in keycloak-auth

palagdan · palagdan · commit a0a7750fb4c4 · 2025-10-23T14:00:44.000+02:00
diff --git a/deploy/keycloak-auth/keycloak-config/roles.tf b/deploy/keycloak-auth/keycloak-config/roles.tf
@@ -61,11 +61,30 @@ EOT
   }
 }
 
-
 resource "keycloak_role" "realm_roles" {
   for_each  = var.roles
 
   realm_id    = var.kc_realm
   name        = each.key
   description = length(each.value) > 0 ? each.value : null
-}
+}
+
+# --- Impersonation role composite ---
+data "keycloak_openid_client" "realm_management" {
+  realm_id = var.kc_realm
+  client_id = "realm-management"
+}
+
+data "keycloak_role" "realm_management_impersonation" {
+  realm_id  = var.kc_realm
+  client_id = data.keycloak_openid_client.realm_management.id
+  name      = "impersonation"
+}
+
+resource "keycloak_role" "impersonate_role_composite" {
+  realm_id = var.kc_realm
+  name     = "impersonate-role"
+  composite_roles = [
+    data.keycloak_role.realm_management_impersonation.id
+  ]
+}
