---
- name: Converge
  hosts: all
  vars: 
    keycloak_admin_password: "remembertochangeme"
    keycloak_config_override_template: custom.xml.j2
    keycloak_http_port: 8081
    keycloak_management_http_port: 19990
    keycloak_service_runas: True
  roles:
    - role: keycloak
  tasks:
    - name: Keycloak Realm Role
      ansible.builtin.include_role:
        name: keycloak_realm
      vars:
        keycloak_client_default_roles:
          - TestRoleAdmin
          - TestRoleUser
        keycloak_client_users:
          - username: TestUser
            password: password
            client_roles:
              - client: TestClient
                role: TestRoleUser
                realm: "{{ keycloak_realm }}"
          - username: TestAdmin
            password: password
            client_roles:
              - client: TestClient
                role: TestRoleUser
                realm: "{{ keycloak_realm }}"
              - client: TestClient
                role: TestRoleAdmin
                realm: "{{ keycloak_realm }}"
        keycloak_realm: TestRealm
        keycloak_clients:
          - name: TestClient
            roles: "{{ keycloak_client_default_roles }}"
            realm: "{{ keycloak_realm }}"
            public_client: "{{ keycloak_client_public }}"
            web_origins: "{{ keycloak_client_web_origins }}"
            users: "{{ keycloak_client_users }}"
            client_id: TestClient
  pre_tasks:
    - name: "Retrieve assets server from env"
      ansible.builtin.set_fact:
        assets_server: "{{ lookup('env','MIDDLEWARE_DOWNLOAD_RELEASE_SERVER_URL') }}"

    - name: "Set offline when assets server from env is defined"
      ansible.builtin.set_fact:
        sso_offline_install: True
      when:
        - assets_server is defined
        - assets_server | length > 0