Replies: 1 comment
-
|
Thanks for asking. This question opens a larger discussion on the keycloak_realm role. Initially, it was supposed to be a test facility, limited to verifying in CI the results of a deployment. Later on, it was enlarged a bit in scope, adopting/forking few keycloak_* modules from communty.general (reason for that: we cannot support community.general downstream in a product, so we offer only the modules we actually use). It was mainly used to setup integration between keycloak and other runtimes like wildfly. My final thought was to turn the role into a configuration-first declarative way to configure a keycloak realm using a tree-like yaml object; in that way, distancing from the ansible modules (and also the terraform resources, for instance), which follow an imperative rest-call like behaviour, that adheres to the keycloak API: ie. user object -> create a user, role object -> create a role and so on). |
Beta Was this translation helpful? Give feedback.
-
I was wondering why the creation of user accounts is part of the client structure. In my opinion it shoud be a part of the realm creation, because an user account is valid for multiple clients.
Beta Was this translation helpful? Give feedback.
All reactions