From b84f56ad0c2f29e0ea7701c82eda29d32db87a11 Mon Sep 17 00:00:00 2001
From: dadiorchen <dadiorchen@outlook.com>
Date: Tue, 31 Oct 2023 10:16:41 +0000
Subject: [PATCH] feat: keycloak schema

---
 database-grants/terraform/dev/main.tf         |  7 +++
 .../terraform/dev/schemas/keycloak            |  1 +
 .../terraform/prod/schemas/keycloak/main.tf   | 44 +++++++++++++++++++
 .../prod/schemas/keycloak/provider.tf         |  8 ++++
 4 files changed, 60 insertions(+)
 create mode 120000 database-grants/terraform/dev/schemas/keycloak
 create mode 100644 database-grants/terraform/prod/schemas/keycloak/main.tf
 create mode 100644 database-grants/terraform/prod/schemas/keycloak/provider.tf

diff --git a/database-grants/terraform/dev/main.tf b/database-grants/terraform/dev/main.tf
index 457642a..de732df 100644
--- a/database-grants/terraform/dev/main.tf
+++ b/database-grants/terraform/dev/main.tf
@@ -74,3 +74,10 @@ module "contracts_schema" {
     postgresql = postgresql.treetracker
   }
 }
+
+module "keycloak_schema" {
+  source = "./schemas/keycloak"
+  providers = {
+    postgresql = postgresql.treetracker
+  }
+}
diff --git a/database-grants/terraform/dev/schemas/keycloak b/database-grants/terraform/dev/schemas/keycloak
new file mode 120000
index 0000000..aedde5d
--- /dev/null
+++ b/database-grants/terraform/dev/schemas/keycloak
@@ -0,0 +1 @@
+../../prod/schemas/keycloak/
\ No newline at end of file
diff --git a/database-grants/terraform/prod/schemas/keycloak/main.tf b/database-grants/terraform/prod/schemas/keycloak/main.tf
new file mode 100644
index 0000000..208f9d8
--- /dev/null
+++ b/database-grants/terraform/prod/schemas/keycloak/main.tf
@@ -0,0 +1,44 @@
+resource "postgresql_schema" "keycloak_schema" {
+  name  = "keycloak"
+  owner = "doadmin"
+
+}
+
+resource "random_password" "s_password" {
+  length           = 16
+  special          = true
+  override_special = "_%@"
+}
+
+resource "postgresql_role" "service_user" {
+  name        = "s_keycloak"
+  login       = true
+  password    = random_password.s_password.result
+  search_path = ["keycloak", "public"]
+}
+
+
+resource "postgresql_grant" "service-user-usage" {
+  database    = "treetracker"
+  role        = "s_keycloak"
+  schema      = "keycloak"
+  object_type = "schema"
+  privileges  = ["USAGE", "CREATE"]
+}
+
+resource "postgresql_grant" "table-service-user" {
+  database    = "treetracker"
+  role        = "s_keycloak"
+  schema      = "keycloak"
+  object_type = "table"
+  privileges  = ["SELECT", "INSERT", "UPDATE", "DELETE"]
+}
+
+resource "postgresql_grant" "sequence-service-user" {
+  database    = "treetracker"
+  role        = "s_keycloak"
+  schema      = "keycloak"
+  object_type = "sequence"
+  privileges  = ["USAGE", "SELECT"]
+
+}
diff --git a/database-grants/terraform/prod/schemas/keycloak/provider.tf b/database-grants/terraform/prod/schemas/keycloak/provider.tf
new file mode 100644
index 0000000..7c80654
--- /dev/null
+++ b/database-grants/terraform/prod/schemas/keycloak/provider.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    postgresql = {
+      source  = "cyrilgdn/postgresql"
+      version = "1.11.0"
+    }
+  }
+}