- name: Create ldap user storage provider in realm {{ realm }}
  uri:
    url: http://localhost:{{ service_port_keycloak_external }}/auth/admin/realms/{{ realm }}/components
    method: POST
    body_format: json
    body: '{
      "name": "{{ provider_name }}",
      "providerId": "ldap",
      "providerType": "org.keycloak.storage.UserStorageProvider",
      "parentId": "{{ realm }}",
      "config": {
        "allowKerberosAuthentication": ["false"],
        "authType": ["simple"],
        "batchSizeForSync": ["1000"],
        "bindCredential": ["{{ ldap_password }}"],
        "bindDn": ["{{ ldap_username }}"],
        "cachePolicy": ["DEFAULT"],
        "changedSyncPeriod": ["86400"],
        "connectionPooling": ["true"],
        "connectionUrl": ["{{ ldap_connection_url }}"],
        "customUserSearchFilter": ["{{ custom_user_search_filter }}"],
        "debug": ["false"],
        "editMode": ["READ_ONLY"],
        "enabled": ["true"],
        "fullSyncPeriod": ["604800"],
        "importEnabled": ["true"],
        "pagination": ["true"],
        "priority": ["0"],
        "rdnLDAPAttribute": ["cn"],
        "searchScope": ["{{ search_scope }}"],
        "syncRegistrations": ["false"],
        "trustEmail": ["false"],
        "useKerberosForPasswordAuthentication": ["false"],
        "usernameLDAPAttribute": ["{{ ldap_username_attribute }}"],
        "userObjectClasses": ["person, organizationalPerson, user"],
        "usersDn": ["{{ usersDn }}"],
        "useTruststoreSpi": ["ldapsOnly"],
        "uuidLDAPAttribute": ["objectGUID"],
        "validatePasswordPolicy": ["false"],
        "vendor": ["ad"]
        }
      }'
    status_code: [201]
    headers:
      Authorization: "Bearer {{ access_token }}"
  register: response
  tags:
    - update_realms

- name: Get id of created user storage provider
  uri:
    url: "{{ response.location }}"
    method: GET
    headers:
      Authorization: "Bearer {{ access_token }}"
  register: response
  tags:
    - update_realms

- name: Create user attribute mapper for firstName
  uri:
    url: http://localhost:{{ service_port_keycloak_external }}/auth/admin/realms/{{ realm }}/components
    method: POST
    body_format: json
    body: '{
      "name": "first name",
      "providerId": "user-attribute-ldap-mapper",
      "providerType": "org.keycloak.storage.ldap.mappers.LDAPStorageMapper",
      "parentId": "{{ response.json.id }}",
      "config": {
        "ldap.attribute": ["givenName"],
        "is.mandatory.in.ldap": ["false"],
        "is.binary.attribute": ["false"],
        "read.only": ["true"],
        "always.read.value.from.ldap": ["false"],
        "user.model.attribute": ["firstName"]
      }
      }'
    headers:
      Authorization: "Bearer {{ access_token }}"
    status_code: [201]
  tags:
    - update_realms

- name: Create user role mappers
  uri:
    url: http://localhost:{{ service_port_keycloak_external }}/auth/admin/realms/{{ realm }}/components
    method: POST
    body_format: json
    body: '{
      "name": "{{ role.name }}",
      "providerId": "hardcoded-ldap-role-mapper",
      "providerType": "org.keycloak.storage.ldap.mappers.LDAPStorageMapper",
      "config": {
        "role": ["{{ role.role_id }}"],
      },
      "parentId": "{{ response.json.id }}",
    }'
    headers:
      Authorization: "Bearer {{ access_token }}"
    status_code: [201]
  when: hardcoded_user_roles is defined
  with_items: "{{ hardcoded_user_roles }}"
  loop_control:
    loop_var: role
  tags:
    - update_realms