---

- name: "harbor BASE settings"
  block:
  - name: "BLOCK: Login with keycloak-admin"
    include_role:
      name: keycloak
      tasks_from: _authenticate

  - name: "GET available clients from <<{{ harbor_base_configuration.oidc_name }}>>-realm"
    delegate_to: localhost
    become: False
    uri:
      url: "{{ keycloak_server_url }}/auth/admin/realms/{{ harbor_base_configuration.oidc_name }}/clients"
      method: GET
      headers:
        Content-Type: "application/json"
        Authorization: "Bearer {{ access_token }}"
      status_code: [200]
    register: realm_clients

  # available clients: get needed ID
  - set_fact:
      id_of_client: '{{ ( realm_clients.json | selectattr("clientId","equalto", harbor_base_configuration.oidc_client_id ) | first ).id }}'

  - name: "BLOCK: GET client-secret for client <<{{ harbor_base_configuration.oidc_client_id }}>> in realm <<{{ harbor_base_configuration.oidc_name }}>>"
    delegate_to: localhost
    become: False
    uri:
      url: "{{ keycloak_server_url }}/auth/admin/realms/{{ harbor_base_configuration.oidc_name }}/clients/{{ id_of_client }}/client-secret"
      method: GET
      headers:
        Content-Type: "application/json"
        Authorization: "Bearer {{ access_token }}"
      status_code: [200]
    register: client_secret

  - set_fact:
      dict:
        oidc_client_secret: '{{ client_secret.json.value }}'

  - set_fact:
      harbor_base_configuration_merged: '{{ harbor_base_configuration | combine( dict ,recursive=True ) }}'

  - name: "BLOCK: Configure harbor BASE settings"
    include_tasks: configure_base_config.yml
    vars:
      base_configuration: '{{ harbor_base_configuration_merged }}'
    args:
      apply:
        tags:
          - harbor-configure-base
# end of block for base settings

- name: "Create object of templated harbor projects"
  set_fact:
    projects_templated: "{{ ( projects_templated | default([]) ) + [ project_object_template ] }}"
  loop: '{{ harbor_projects_smardigo_default }}'
  loop_control:
    loop_var: elem
  when:
    - harbor_projects_smardigo_default is defined

- name: "CRUD - projects"
  include_tasks: configure_projects.yml
  loop: '{{ harbor_projects + projects_templated }}'
  loop_control:
    loop_var: project

- name: "CRUD - robot tokens"
  include_tasks: configure_robot_tokens.yml
  loop: '{{ harbor_robot_tokens }}'
  loop_control:
    loop_var: robot_token

- name: "CRUD - scanall schedule"
  include_tasks: configure_scanall_schedule.yml
  loop: '{{ harbor_scanall }}'
  loop_control:
    loop_var: scanschedule