afnix/infra
0
1
Fork 6
Code Issues 47 Pull requests 11 Projects 1 Releases Packages Wiki Activity

terraform/afnix/keycloak: Factorize org-groups #355

Merged
raito merged 2 commits from tf-org_groups into main 2025-09-21 19:33:00 +00:00
Conversation 2 Commits 2 Files changed 2 +53 -66
thubrecht commented 2025-09-21 18:00:56 +00:00
Owner
Copy link

The same pattern is used for each org, so just define the memberships
and generate the rest

The same pattern is used for each org, so just define the memberships and generate the rest
The same pattern is used for each org, so just define the memberships
and generate the rest
raito reviewed 2025-09-21 18:12:39 +00:00
terraform/afnix_superadmin/keycloak/org-groups.nix Outdated
@ -74,3 +46,1 @@
];
};
};
resource.keycloak_group_memberships = genAttrs' projects (name: {
raito commented 2025-09-21 18:12:39 +00:00
Owner
Copy link

No nameValuePair here. This won't eval.

No nameValuePair here. This won't eval.
thubrecht marked this conversation as resolved
raito reviewed 2025-09-21 18:43:04 +00:00
terraform/afnix_superadmin/keycloak/org-groups.nix Outdated
@ -23,2 +39,2 @@
resource.keycloak_group = {
afnix-org = {
resource.keycloak_group = genAttrs' projects (
name: nameValuePair "${name}-org" { inherit name realm_id; }
raito commented 2025-09-21 18:43:04 +00:00
Owner
Copy link

Do note that afnix-org is a bit special, it's a parent group with children groups like infra or superadmins or board.

Should we bestow org ownership on afnix-org? I think there's inheritance (but we could disable it).

Do note that afnix-org is a bit special, it's a parent group with children groups like infra or superadmins or board. Should we bestow org ownership on afnix-org? I think there's inheritance (but we could disable it).
thubrecht commented 2025-09-21 18:58:50 +00:00
Author
Owner
Copy link

For now, it seems that the only subgroups are afnix-superadmin and afnix-board, and it makes sense to me that they would be owners of the forgejo org as well

For now, it seems that the only subgroups are `afnix-superadmin` and `afnix-board`, and it makes sense to me that they would be owners of the forgejo org as well
raito commented 2025-09-21 19:06:53 +00:00
Owner
Copy link

right

right
raito commented 2025-09-21 19:07:12 +00:00
Owner
Copy link

let's leave it like this for now, but let's add a giga warning "DO NOT ADD ANYONE to afnix/ WHO ARE NOT SUPERADMINS"

let's leave it like this for now, but let's add a giga warning "DO NOT ADD ANYONE to afnix/ WHO ARE NOT SUPERADMINS"
👍 1
raito marked this conversation as resolved
raito force-pushed tf-org_groups from 07623061c5 to b67648c9fb 2025-09-21 19:32:49 +00:00 Compare
raito merged commit 658d29814b into main 2025-09-21 19:33:00 +00:00
raito deleted branch tf-org_groups 2025-09-21 19:33:00 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
afnix/Owners
Labels
Clear labels   
Compat/Breaking

Breaking change that won't be backward compatible

  
Difficulty/Architectural

Requires changes in multiple pieces of the stack: the Nix interpreter, etc.

  
Difficulty/Easy

Infrastructure beginner friendly tasks

  
Difficulty/Hard

Requires prior knowledge, research and design

  
Help Wanted

Looking for a first task to pick? This one is looking for somefew to do it as well!

  
Kind/Bug

Something is not working

  
Kind/Documentation

Documentation changes

  
Kind/Enhancement

Improve existing functionality

  
Kind/Feature

New functionality

  
Kind/Testing

Issue or pull request related to testing

  
Priority/Critical

The priority is critical

  
Priority/High

The priority is high

  
Priority/Low

The priority is low

  
Priority/Medium

The priority is medium

  
Reviewed/Confirmed

Issue has been confirmed

  
Reviewed/Duplicate

This issue or pull request already exists

  
Reviewed/Invalid

Invalid issue

  
Reviewed/Won't Fix

This issue won't be fixed

  
Security

This is a security issue

  
Silenced Alert

This issue was created to track a silenced alert which needs remediation work.

  
Status/Abandoned

Somebody has started to work on this but abandoned work

  
Status/Blocked

Something is blocking this issue or pull request

  
Status/Need More Info

Feedback is required to reproduce issue or to continue work

  
Status/Postponed

We can do this later

  
Tracking Issue

Umbrella issue of many things at the same time

No labels
Compat/Breaking
Difficulty/Architectural
Difficulty/Easy
Difficulty/Hard
Help Wanted
Kind/Bug
Kind/Documentation
Kind/Enhancement
Kind/Feature
Kind/Testing
Priority/Critical
Priority/High
Priority/Low
Priority/Medium
Reviewed/Confirmed
Reviewed/Duplicate
Reviewed/Invalid
Reviewed/Won't Fix
Security
Silenced Alert
Status/Abandoned
Status/Blocked
Status/Need More Info
Status/Postponed
Tracking Issue
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
afnix/infra!355
No description provided.