---

### tags:
###   create_users
###   create_groups
###   update_realms
###   update_deployment
###   configure_container

- name: "Setup DNS configuration for {{ inventory_hostname }}"
  include_role:
    name: sma_digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ stage_server_ip }}"
    record_name: "{{ inventory_hostname }}"

- name: "Check if {{ inventory_hostname }}/docker-compose.yml exists"
  stat:
    path: '{{ service_base_path }}/{{ inventory_hostname }}/docker-compose.yml'
  register: check_docker_compose_file
  tags:
    - update_deployment

- name: "Stop {{ inventory_hostname }}"
  community.docker.docker_compose:
    project_src: '{{ service_base_path }}/{{ inventory_hostname }}'
    state: absent
  when: check_docker_compose_file.stat.exists
  tags:
    - update_deployment

- name: "Deploy docker templates for {{ inventory_hostname }}"
  include_role:
    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "_docker"
    current_base_path: "{{ service_base_path }}"
    current_destination: "{{ inventory_hostname }}"
    current_owner: "{{ docker_owner }}"
    current_group: "{{ docker_group }}"
    current_docker: "{{ keycloak_docker }}"

- name: "Deploy service templates for {{ inventory_hostname }}"
  include_role:
    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "keycloak"
    current_base_path: "{{ service_base_path }}"
    current_destination: "{{ inventory_hostname }}"
    current_owner: "{{ docker_owner }}"
    current_group: "{{ docker_group }}"

- name: "Start {{ inventory_hostname }}"
  community.docker.docker_compose:
    project_src: '{{ service_base_path }}/{{ inventory_hostname }}'
    state: present
    pull: yes
  tags:
    - update_deployment

- name: "Setting local keycloak url"
  set_fact:  
    keycloak_server_url: "http://localhost:{{ service_port_keycloak_external }}"
  when: "'keycloak' in group_names"

- name: "Wait for <localhost:{{ keycloak_server_url }}>"
  wait_for:
    host: "localhost"
    port: '{{ service_port_keycloak_external }}'
    delay: 60

- name: "Authenticate with Keycloak server"
  uri:
    url: "{{ keycloak_server_url }}/auth/realms/master/protocol/openid-connect/token"
    method: POST
    body_format: form-urlencoded
    body: 'username={{ keycloak_admin_username }}&password={{ keycloak_admin_password }}&client_id=admin-cli&grant_type=password'
  retries: 5
  delay: 5
  register: keycloak_authentication
  tags:
    - create_users
    - create_groups
    - update_realms

- name: "Printing master realm access_token"
  debug:
    msg: "{{ keycloak_authentication.json.access_token }}"
  tags:
    - always
  when:
    - debug

- name: "Setting smardigo-theme for master realm"
  community.general.keycloak_realm:
    id: "master"
    realm: "master"
    auth_realm: "master"
    auth_client_id: "admin-cli"
    auth_username: "{{ keycloak_admin_username }}"
    auth_password: "{{ keycloak_admin_password }}"
    auth_keycloak_url: "{{ keycloak_server_url }}/auth"
    account_theme: "smardigo-theme"
    admin_theme: "smardigo-theme"
    login_theme: "smardigo-theme"
    registration_allowed: no
    reset_password_allowed: no
    login_with_email_allowed: no
    duplicate_emails_allowed: yes
    internationalization_enabled: yes
    default_locale: "de"
    supported_locales:
    - "de"
    - "en"
    events_enabled: yes
    events_expiration: 604800
    admin_events_enabled: yes
    smtp_server:
      host: "{{ shared_service_mail_hostname }}"
      from: "{{ keycloak_id }}@smardigo.digital"
    events_listeners:
    - "jboss-logging"
    - "metrics-listener"
    state: present
  tags:
    - update_realms

- name: "Setup realms"
  include_tasks: configure_realm.yml
  vars:
    current_realm_name: '{{ current_realm.name }}'
    current_realm_display_name: '{{ current_realm.display_name }}'
    current_realm_clients: '{{ current_realm.clients | default([]) }}'
    access_token: "{{ keycloak_authentication.json.access_token }}"
  with_items: "{{ keycloak.realms }}"
  loop_control:
    loop_var: current_realm
  tags:
    - update_realms

- name: "Create realm users"
  include_tasks: create_realm_users.yml
  vars:
    current_realm_name: "{{ item.name }}"
    current_realm_users: "{{ item.users | default([]) }}"
    access_token: "{{ keycloak_authentication.json.access_token }}"
  with_items: "{{ keycloak.realms }}"
  tags:
    - create_users
    - update_realms

- name: "Create realm groups"
  include_tasks: create_realm_groups.yml
  vars:
    current_realm_name: "{{ item.name }}"
    current_realm_groups: "{{ item.groups | default([]) }}"
    access_token: "{{ keycloak_authentication.json.access_token }}"
  with_items: "{{ keycloak.realms }}"
  tags:
    - create_groups
    - update_realms