From 59b69a6592d42e9d7188565f3a17882a4e187db5 Mon Sep 17 00:00:00 2001
From: Guido Grazioli <ggraziol@redhat.com>
Date: Fri, 10 Mar 2023 15:23:22 +0100
Subject: [PATCH] Downstream patching: add missing becomes

---
 roles/keycloak/tasks/rhsso_patch.yml | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/roles/keycloak/tasks/rhsso_patch.yml b/roles/keycloak/tasks/rhsso_patch.yml
index c6a2a0d..5678e11 100644
--- a/roles/keycloak/tasks/rhsso_patch.yml
+++ b/roles/keycloak/tasks/rhsso_patch.yml
@@ -82,6 +82,7 @@
   ansible.builtin.stat:
     path: "{{ patch_archive }}"
   register: patch_archive_path
+  become: yes
 
 ## copy and unpack
 - name: Copy patch archive to target nodes
@@ -102,9 +103,13 @@
   ansible.builtin.include_tasks: rhsso_cli.yml
   vars:
     query: "patch info"
+  args:
+    apply:
+      become: yes
+      become_user: "{{ keycloak_service_user }}"
 
 - name: "Perform patching"
-  when: 
+  when:
     - cli_result is defined
     - cli_result.stdout is defined
     - patch_version not in cli_result.stdout
@@ -113,6 +118,10 @@
       ansible.builtin.include_tasks: rhsso_cli.yml
       vars:
         query: "patch apply {{ patch_archive }}"
+      args:
+        apply:
+          become: yes
+          become_user: "{{ keycloak_service_user }}"
 
     - name: "Restart server to ensure patch content is running"
       ansible.builtin.include_tasks: rhsso_cli.yml
@@ -120,6 +129,10 @@
         query: "shutdown --restart"
       when:
         - cli_result.rc == 0
+      args:
+        apply:
+            become: yes
+            become_user: "{{ keycloak_service_user }}"
 
     - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"
       ansible.builtin.uri:
@@ -133,7 +146,11 @@
       ansible.builtin.include_tasks: rhsso_cli.yml
       vars:
         query: "patch info"
-  
+      args:
+        apply:
+            become: yes
+            become_user: "{{ keycloak_service_user }}"
+
     - name: "Verify installed patch version"
       ansible.builtin.assert:
         that:
@@ -144,3 +161,7 @@
 - name: "Skipping patch"
   ansible.builtin.debug:
     msg: "Cumulative patch {{ patch_version }} already installed, skipping patch installation."
+  when:
+    - cli_result is defined
+    - cli_result.stdout is defined
+    - patch_version in cli_result.stdout