---
- name: Verify
  hosts: instance
  tasks:
    - name: Populate service facts
      ansible.builtin.service_facts:

    - name: Check if keycloak service started
      ansible.builtin.assert:
        that:
          - ansible_facts.services["keycloak.service"]["state"] == "running"
          - ansible_facts.services["keycloak.service"]["status"] == "enabled"

    - name: Verify openid config
      block:
        - name: Fetch openID config # noqa blocked_modules command-instead-of-module
          ansible.builtin.uri:
            url: http://localhost:8080/realms/master/.well-known/openid-configuration
            validate_certs: false
            headers:
              Host: proxy
          register: openid_config
          changed_when: False
        - name: Verify endpoint URLs
          ansible.builtin.assert:
            that:
              - openid_config.json['issuer'] == 'https://proxy/realms/master'
              - openid_config.json['authorization_endpoint'] == 'https://proxy/realms/master/protocol/openid-connect/auth'