---
- name: Converge
  hosts: all
  vars:
    keycloak_quarkus_show_deprecation_warnings: false
    keycloak_quarkus_admin_pass: "remembertochangeme"
    keycloak_admin_password: "remembertochangeme"
    keycloak_realm: TestRealm
    keycloak_quarkus_host: instance
    keycloak_quarkus_log: file
    keycloak_quarkus_log_level: debug # needed for the verify step
    keycloak_quarkus_https_key_file_enabled: true
    keycloak_quarkus_key_file_copy_enabled: true
    keycloak_quarkus_key_content: "{{ lookup('file', 'key.pem') }}"
    keycloak_quarkus_cert_file_copy_enabled: true
    keycloak_quarkus_cert_file_src: cert.pem
    keycloak_quarkus_log_target: /tmp/keycloak
    keycloak_quarkus_ks_vault_enabled: true
    keycloak_quarkus_ks_vault_file: "/opt/keycloak/vault/keystore.p12"
    keycloak_quarkus_ks_vault_pass: keystorepassword
    keycloak_quarkus_systemd_wait_for_port: true
    keycloak_quarkus_systemd_wait_for_timeout: 20
    keycloak_quarkus_systemd_wait_for_delay: 2
    keycloak_quarkus_systemd_wait_for_log: true
    keycloak_quarkus_providers:
      - id: http-client
        spi: connections
        default: true
        restart: true
        properties:
          - key: default-connection-pool-size
            value: 10
      - id: spid-saml
        url: https://github.com/italia/spid-keycloak-provider/releases/download/24.0.2/spid-provider.jar
      - id: keycloak-kerberos-federation
        maven:
          repository_url: https://repo1.maven.org/maven2/ # https://mvnrepository.com/artifact/org.keycloak/keycloak-kerberos-federation/24.0.4
          group_id: org.keycloak
          artifact_id: keycloak-kerberos-federation
          version: 24.0.4 # optional
          # username: myUser # optional
          # password: myPAT # optional
      # - id: my-static-theme
      #   local_path: /tmp/my-static-theme.jar
    keycloak_quarkus_policies:
      - name: "xato-net-10-million-passwords.txt"
        url: "https://github.com/danielmiessler/SecLists/raw/master/Passwords/xato-net-10-million-passwords.txt"
      - name: "xato-net-10-million-passwords-10.txt"
        url: "https://github.com/danielmiessler/SecLists/raw/master/Passwords/xato-net-10-million-passwords-10.txt"
        type: password-blacklists
  roles:
    - role: keycloak_quarkus
    - role: keycloak_realm
      keycloak_context: ''
      keycloak_client_default_roles:
        - TestRoleAdmin
        - TestRoleUser
      keycloak_client_users:
        - username: TestUser
          password: password
          client_roles:
            - client: TestClient
              role: TestRoleUser
              realm: "{{ keycloak_realm }}"
        - username: TestAdmin
          password: password
          client_roles:
            - client: TestClient
              role: TestRoleUser
              realm: "{{ keycloak_realm }}"
            - client: TestClient
              role: TestRoleAdmin
              realm: "{{ keycloak_realm }}"
      keycloak_realm: TestRealm
      keycloak_clients:
        - name: TestClient
          roles: "{{ keycloak_client_default_roles }}"
          realm: "{{ keycloak_realm }}"
          public_client: "{{ keycloak_client_public }}"
          web_origins: "{{ keycloak_client_web_origins }}"
          users: "{{ keycloak_client_users }}"
          client_id: TestClient