---
- name: "Authenticate on keycloak for {{ inventory_hostname }}"
  include_role:
    name: keycloak
    tasks_from: _authenticate

- name: "Setup realm for {{ inventory_hostname }}"
  include_role:
    name: keycloak
    tasks_from: _configure_realm

- name: "Create realm users"
  include_role:
    name: keycloak
    tasks_from: _create_realm_users

- name: "Create realm admin users"
  include_role:
    name: keycloak
    tasks_from: _create_realm_admin

- name: "Create <internal-system-scope> client roles"
  include_role:
    name: connect_realm
    tasks_from: create_client_role
  with_items:
    - "internal-system-scope:system:admin"
    - "internal-system-scope:system:workflow-admin"
    - "internal-system-scope:system:process-data-reader"
  loop_control:
    loop_var: role

- name: "Assign <internal-system-scope> client roles to <{{ connect_client_admin_username }}>"
  include_role:
    name: connect_realm
    tasks_from: assign_client_roles
  vars:
    current_username: "{{ connect_client_admin_username }}"
    current_client_roles:
      - name: "internal-system-scope:system:admin"
      - name: "internal-system-scope:system:workflow-admin"
      - name: "internal-system-scope:system:process-data-reader"