---

- name: Read realms
  uri:
    url: http://localhost:{{ service_port_keycloak_external }}/auth/admin/realms
    method: GET
    headers:
      Authorization: "Bearer {{ access_token}} "
    status_code: [200]
  register: realms
  tags:
    - update_realms

#- name: Print realms
#  debug:
#    msg: "{{ realms }}"
#  tags:
#    - update_realms

- name: Save realms as variable (fact)
  set_fact: 
    realms_json: "{{ realms.json }}"
  tags:
    - update_realms

- name: Read realm ids
  set_fact:  
    realm_ids:  "{{ realms_json | json_query(jmesquery) }}"
  vars:
    jmesquery: '[*].id'
  tags:
    - update_realms

- name: Create realm {{ current_realm_name }}
  uri:
    url: http://localhost:{{ service_port_keycloak_external }}/auth/admin/realms
    method: POST
    body_format: json
    body: "{{ lookup('template','keycloak-realm-create.json.j2') }}"
    headers:
      Authorization: "Bearer {{ access_token}} "
    status_code: [201]
  when: current_realm_name not in realm_ids
  tags:
    - update_realms

- name: Read clients from realm {{ current_realm_name }}
  uri:
    url: http://localhost:{{ service_port_keycloak_external }}/auth/admin/realms/{{ current_realm_name }}/clients
    method: GET
    headers:
      Authorization: "Bearer {{ access_token}} "
    status_code: [200]
  register: realm_clients
  tags:
    - update_realms

#- name: Print clients from realm {{ current_realm_name }}
#  debug:
#    msg: "{{ realm_clients }}"
#  tags:
#    - update_realms

- name: Save clients from realm as variable (fact)
  set_fact: 
    realm_clients_json: "{{ realm_clients.json }}"
  tags:
    - update_realms

- name: Save client ids from realm {{ current_realm_name }}
  set_fact:  
    realm_client_ids:  "{{ realm_clients_json | json_query(jmesquery) }}"
  vars:
    jmesquery: '[*].{id: id, clientId: clientId}'
  tags:
    - update_realms

- name: Print client ids
  debug:
    msg: "{{ realm_client_ids }}"
  tags:
    - update_realms

- name: Create clients from realm {{ current_realm_name }}
  include_tasks: configure_client.yml
  vars:
    realm_name: '{{ current_realm_name }}'
    client_id: '{{ client.clientId }}'
    client_name: '{{ client.name }}'
    admin_url: '{{ client.admin_url }}'
    root_url: '{{ client.root_url }}'
    redirect_uris: '{{ client.redirect_uris }}'
    secret: '{{ client.secret }}'
    web_origins: '{{ client.web_origins }}'
    access_token: '{{ keycloak_authentication.json.access_token }}'
  with_items: "{{ current_realm_clients }}"
  loop_control:
    loop_var: client
  tags:
    - update_realms

- name: Create realm {{ current_realm_name }} LDAP user storage provider
  include_tasks: configure_user_storage_provider_ldap.yml
  vars:
    realm: '{{ current_realm_name }}'
    provider_name: '{{ provider.name }}'
    usersDn: '{{ provider.usersDn }}'
    ldap_username: '{{ provider.username }}'
    ldap_password: '{{ provider.password }}'
    ldap_connection_url: '{{ provider.connection_url }}'
    ldap_username_attribute: '{{ provider.username_attribute }}'
    custom_user_search_filter: '{{ provider.custom_user_search_filter }}'
    search_scope: '{{ provider.search_scope }}'
    access_token: '{{ keycloak_authentication.json.access_token }}'
  with_items: "{{ current_realm_ldaps }}"
  loop_control:
    loop_var: provider
  tags:
    - update_realms