From cbbe92d717566a6d4270627fc7e18976d6324ef4 Mon Sep 17 00:00:00 2001
From: Dan Lester <dan@ideonate.com>
Date: Thu, 24 Mar 2022 09:54:13 +0000
Subject: [PATCH] Upgrade mrparkers to 3.7.0, set some defaults (#1183)

---
 .../main.tf                                   | 26 +++++++++++++++++--
 .../social_auth.tf                            |  1 +
 .../versions.tf                               |  2 +-
 .../services/keycloak-client/versions.tf      |  2 +-
 .../stages/07-kubernetes-services/versions.tf |  2 +-
 .../modules/qhubextension/main.tf             |  2 +-
 .../stages/08-qhub-tf-extensions/versions.tf  |  2 +-
 7 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/qhub/template/stages/06-kubernetes-keycloak-configuration/main.tf b/qhub/template/stages/06-kubernetes-keycloak-configuration/main.tf
index 3b4309073..dfb99011d 100644
--- a/qhub/template/stages/06-kubernetes-keycloak-configuration/main.tf
+++ b/qhub/template/stages/06-kubernetes-keycloak-configuration/main.tf
@@ -1,14 +1,36 @@
 resource "keycloak_realm" "main" {
-  provider = keycloak
 
   realm        = var.realm
   display_name = var.realm_display_name
+  
+  direct_grant_flow    = "direct grant"
+  enabled              = true
+  browser_flow         = "browser"
+  revoke_refresh_token = false
+  user_managed_access  = false
+  ssl_required         = "external"
+  registration_flow    = "registration"
+    
+  refresh_token_max_reuse    = 0
+  reset_credentials_flow     = "reset credentials"
+  client_authentication_flow = "clients"
+  docker_authentication_flow = "docker auth"
+
+  offline_session_max_lifespan_enabled = false
+  
+  web_authn_policy { 
+  }
+  
+  web_authn_passwordless_policy {
+  }
+
 }
 
 resource "keycloak_group" "groups" {
   for_each = var.keycloak_groups
   realm_id = keycloak_realm.main.id
-  name     = each.value
+  name     = each.key
+  attributes = {}
 }
 
 resource "keycloak_default_groups" "default" {
diff --git a/qhub/template/stages/06-kubernetes-keycloak-configuration/social_auth.tf b/qhub/template/stages/06-kubernetes-keycloak-configuration/social_auth.tf
index 07070b1e9..1c9a3ce9d 100644
--- a/qhub/template/stages/06-kubernetes-keycloak-configuration/social_auth.tf
+++ b/qhub/template/stages/06-kubernetes-keycloak-configuration/social_auth.tf
@@ -2,6 +2,7 @@ resource "keycloak_authentication_flow" "flow" {
   realm_id    = keycloak_realm.main.id
   alias       = "detect-existing"
   provider_id = "basic-flow"
+  description = ""
 }
 
 resource "keycloak_authentication_execution" "idp-detect-existing-broker-user" {
diff --git a/qhub/template/stages/06-kubernetes-keycloak-configuration/versions.tf b/qhub/template/stages/06-kubernetes-keycloak-configuration/versions.tf
index 58de2ee13..22a7acfd8 100644
--- a/qhub/template/stages/06-kubernetes-keycloak-configuration/versions.tf
+++ b/qhub/template/stages/06-kubernetes-keycloak-configuration/versions.tf
@@ -10,7 +10,7 @@ terraform {
     }
     keycloak = {
       source  = "mrparkers/keycloak"
-      version = "3.3.0"
+      version = "3.7.0"
     }
   }
   required_version = ">= 1.0"
diff --git a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/keycloak-client/versions.tf b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/keycloak-client/versions.tf
index 4fcadfaa0..0ddb981e5 100644
--- a/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/keycloak-client/versions.tf
+++ b/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/keycloak-client/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     keycloak = {
       source  = "mrparkers/keycloak"
-      version = "3.3.0"
+      version = "3.7.0"
     }
   }
   required_version = ">= 1.0"
diff --git a/qhub/template/stages/07-kubernetes-services/versions.tf b/qhub/template/stages/07-kubernetes-services/versions.tf
index 58de2ee13..22a7acfd8 100644
--- a/qhub/template/stages/07-kubernetes-services/versions.tf
+++ b/qhub/template/stages/07-kubernetes-services/versions.tf
@@ -10,7 +10,7 @@ terraform {
     }
     keycloak = {
       source  = "mrparkers/keycloak"
-      version = "3.3.0"
+      version = "3.7.0"
     }
   }
   required_version = ">= 1.0"
diff --git a/qhub/template/stages/08-qhub-tf-extensions/modules/qhubextension/main.tf b/qhub/template/stages/08-qhub-tf-extensions/modules/qhubextension/main.tf
index f6c3f1688..ebb1dbc02 100644
--- a/qhub/template/stages/08-qhub-tf-extensions/modules/qhubextension/main.tf
+++ b/qhub/template/stages/08-qhub-tf-extensions/modules/qhubextension/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     keycloak = {
       source  = "mrparkers/keycloak"
-      version = "3.3.0"
+      version = "3.7.0"
     }
   }
 }
diff --git a/qhub/template/stages/08-qhub-tf-extensions/versions.tf b/qhub/template/stages/08-qhub-tf-extensions/versions.tf
index 58de2ee13..22a7acfd8 100644
--- a/qhub/template/stages/08-qhub-tf-extensions/versions.tf
+++ b/qhub/template/stages/08-qhub-tf-extensions/versions.tf
@@ -10,7 +10,7 @@ terraform {
     }
     keycloak = {
       source  = "mrparkers/keycloak"
-      version = "3.3.0"
+      version = "3.7.0"
     }
   }
   required_version = ">= 1.0"