hetzner-ansible/roles/keycloak/tasks/configure_realm.yml

---

- name: Read realms
  uri:
    url: "{{ keycloak_server_url }}/auth/admin/realms"
    method: GET
    headers:
      Authorization: "Bearer {{ access_token }}"
    status_code: [200]
  register: realms
  tags:
    - update_realms

- name: Save realms as variable (fact)
  set_fact: 
    realms_json: "{{ realms.json }}"
  tags:
    - update_realms

- name: Read realm ids
  set_fact:  
    realm_ids: "{{ realms_json | json_query(jmesquery) }}"
  vars:
    jmesquery: '[*].id'
  tags:
    - update_realms

- name: Create realm {{ current_realm_name }}
  uri:
    url: "{{ keycloak_server_url }}/auth/admin/realms"
    method: POST
    body_format: json
    body: "{{ lookup('template','keycloak-realm-create.json.j2') }}"
    headers:
      Authorization: "Bearer {{ access_token }}"
    status_code: [201]
  when: current_realm_name not in realm_ids
  tags:
    - update_realms

- name: Read clients from realm {{ current_realm_name }}
  uri:
    url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/clients"
    method: GET
    headers:
      Authorization: "Bearer {{ access_token }}"
    status_code: [200]
  register: realm_clients
  tags:
    - update_realms

- name: Save clients from realm as variable (fact)
  set_fact: 
    realm_clients_json: "{{ realm_clients.json }}"
  tags:
    - update_realms

- name: Save client ids from realm {{ current_realm_name }}
  set_fact:  
    realm_client_ids: "{{ realm_clients_json | json_query(jmesquery) }}"
  vars:
    jmesquery: '[*].{id: id, clientId: clientId}'
  tags:
    - update_realms

- name: Print client ids
  debug:
    msg: "{{ realm_client_ids }}"
  tags:
    - update_realms

- name: Create clients from realm {{ current_realm_name }}
  include_tasks: configure_client.yml
  vars:
    realm_name: '{{ current_realm_name }}'
    client_id: '{{ client.clientId }}'
    client_name: '{{ client.name }}'
    admin_url: '{{ client.admin_url }}'
    root_url: '{{ client.root_url }}'
    redirect_uris: '{{ client.redirect_uris }}'
    secret: '{{ client.secret }}'
    web_origins: '{{ client.web_origins }}'
    access_token: '{{ keycloak_authentication.json.access_token }}'
  with_items: "{{ current_realm_clients }}"
  loop_control:
    loop_var: client
  tags:
    - update_realms