apiVersion: v1
kind: List
items:
{% for user in sso_users %}
  - apiVersion: keycloak.org/v1alpha1
    kind: KeycloakUser
    metadata:
      name: user-{{ user.name }}
      namespace: openshift-sso
    spec:
      realmSelector:
        matchLabels:
          app: sso
      user:
        username: {{ user.name }}
        credentials:
          - temporary: False
            type: password
            value: redhat
        firstName: {{ user.first }}
        lastName: {{ user.last }}
        email: {{ user.name }}@example.com
        enabled: True
        emailVerified: True
        groups:
{% for role in user.roles %}
          - {{ role }}
{% endfor %}
{% endfor %}