As I’m pretty new to Terraform, I’m not sure if Terraform is suitable for the problem I’d like to solve. Here is the scenario…
We are using Keycloak as our Identity & Access Management tool. Currently, we’re running dedicated Keycloak instances in different environments:
- (locally - on each developer’s machine)
- dev
- preproduction
- production
The configuration is done completely via the web UI which is, no surprise, cumbersome and error-prone.
Example
For adding a Keycloak client or adding roles, the workflow is similar to the following:
- A developer makes the configuration changes on her local Keycloak instance.
- If things are working, the same configuration needs to be applied to the
devinstance. - Then on the
preproductioninstance… - Finally, on the
productioninstance.
I was able to create a basic Terraform main.tf which successfully performs all the configuration on my local machine. But thinking this further, I have some difficulties…
The above workflow is not “cloud-centric”, that is, it’s not our goal to apply the same Keycloak configuration to different environments, but rather applying different Keycloak configurations depending on their stage to a dedicated environment. For example, a Keycloak role app_admin may exist in the dev stage but not yet in the preprod and prod stage.
The most basic question:
Is Terraform a suitable tool to cover the above workflow?