From feec4d9f8b866150f759ae7eb9c9ace87df2ab4a Mon Sep 17 00:00:00 2001
From: Guido Grazioli <ggraziol@redhat.com>
Date: Fri, 3 May 2024 13:03:18 +0200
Subject: [PATCH] controller priv escalation

---
 roles/keycloak_quarkus/tasks/install.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/keycloak_quarkus/tasks/install.yml b/roles/keycloak_quarkus/tasks/install.yml
index d95887f..7155c3a 100644
--- a/roles/keycloak_quarkus/tasks/install.yml
+++ b/roles/keycloak_quarkus/tasks/install.yml
@@ -57,6 +57,7 @@
     path: "{{ lookup('env', 'PWD') }}"
   register: local_path
   delegate_to: localhost
+  run_once: true
   become: false
 
 - name: Download keycloak archive
@@ -108,15 +109,20 @@
         client_secret: "{{ rhn_password }}"
         product_id: "{{ (rhn_filtered_products | first).id }}"
         dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
+        mode: '0640'
+        owner: "{{ lookup('env', 'USER') | default(omit) }}"
       no_log: "{{ omit_rhn_output | default(true) }}"
       delegate_to: localhost
       run_once: true
+      become: false
 
 - name: Check downloaded archive
   ansible.builtin.stat:
     path: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
   register: local_archive_path
   delegate_to: localhost
+  become: false
+  run_once: true
 
 ## copy and unpack
 - name: Copy archive to target nodes