---
- name: Converge
  hosts: all
  vars:
    keycloak_admin_password: "remembertochangeme"
    keycloak_jvm_package: java-11-openjdk-headless
    keycloak_modcluster_enabled: True
    keycloak_modcluster_urls:
      - host: myhost1
        port: 16667
      - host: myhost2
        port: 16668
    keycloak_jboss_port_offset: 10
    keycloak_log_target: /tmp/keycloak
  roles:
    - role: keycloak
  tasks:
    - name: Keycloak Realm Role
      ansible.builtin.include_role:
        name: keycloak_realm
      vars:
        keycloak_client_default_roles:
          - TestRoleAdmin
          - TestRoleUser
        keycloak_client_users:
          - username: TestUser
            password: password
            client_roles:
              - client: TestClient
                role: TestRoleUser
                realm: "{{ keycloak_realm }}"
          - username: TestAdmin
            password: password
            client_roles:
              - client: TestClient
                role: TestRoleUser
                realm: "{{ keycloak_realm }}"
              - client: TestClient
                role: TestRoleAdmin
                realm: "{{ keycloak_realm }}"
        keycloak_realm: TestRealm
        keycloak_clients:
          - name: TestClient
            roles: "{{ keycloak_client_default_roles }}"
            realm: "{{ keycloak_realm }}"
            public_client: "{{ keycloak_client_public }}"
            web_origins: "{{ keycloak_client_web_origins }}"
            users: "{{ keycloak_client_users }}"
            client_id: TestClient
            attributes:
              post.logout.redirect.uris: '/public/logout'
  pre_tasks:
    - name: "Retrieve assets server from env"
      ansible.builtin.set_fact:
        assets_server: "{{ lookup('env', 'MIDDLEWARE_DOWNLOAD_RELEASE_SERVER_URL') }}"

    - name: "Set offline when assets server from env is defined"
      ansible.builtin.set_fact:
        sso_offline_install: True
      when:
        - assets_server is defined
        - assets_server | length > 0