As I’m pretty new to Terraform, I’m not sure if Terraform is suitable for the problem I’d like to solve. Here is the scenario…
We are using Keycloak as our Identity & Access Management tool. Currently, we’re running dedicated Keycloak instances in different environments:
- (locally - on each developer’s machine)
- dev
- preproduction
- production
The configuration is done completely via the web UI which is, no surprise, cumbersome and error-prone.
Example
For adding a Keycloak client or adding roles, the workflow is similar to the following:
- A developer makes the configuration changes on her local Keycloak instance.
- If things are working, the same configuration needs to be applied to the
dev
instance. - Then on the
preproduction
instance… - Finally, on the
production
instance.
I was able to create a basic Terraform main.tf
which successfully performs all the configuration on my local machine. But thinking this further, I have some difficulties…
The above workflow is not “cloud-centric”, that is, it’s not our goal to apply the same Keycloak configuration to different environments, but rather applying different Keycloak configurations depending on their stage to a dedicated environment. For example, a Keycloak role app_admin
may exist in the dev
stage but not yet in the preprod
and prod
stage.
The most basic question:
Is Terraform a suitable tool to cover the above workflow?