This message was deleted.

Ah, found out: no need to fetch the principal, just add this to the

rancher2_project_role_template_binding

resource:

group_principal_id = "keycloakoidc_<group://whatevergroupname>"

Maybe this should be documented somewhere, could not find it..