hetzner-ansible/roles/keycloak/tasks/_delete_client.yml

---
- name: "KEYCLOAK: DELETE clients | Authenticate with Keycloak server"
  uri:
    url: "{{ keycloak_server_url }}/auth/realms/master/protocol/openid-connect/token"
    method: POST
    body_format: form-urlencoded
    body: 'username={{ keycloak_admin_username }}&password={{ keycloak_admin_password }}&client_id=admin-cli&grant_type=password'
  retries: 5
  delay: 5
  register: keycloak_authentication
  delegate_to: 127.0.0.1
  become: false

- name: "KEYCLOAK: DELETE clients | Read clients from realm {{ current_realm_name }}"
  uri:
    url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/clients"
    method: GET
    headers:
      Authorization: "Bearer {{ keycloak_authentication.json.access_token }}"
    status_code: [200]
  register: realm_clients
  delegate_to: 127.0.0.1
  become: false

- name: "KEYCLOAK: DELETE clients | Save clients from realm as variable (fact)"
  set_fact:
    realm_clients_json: "{{ realm_clients.json }}"
  delegate_to: 127.0.0.1
  become: false

- name: "KEYCLOAK: DELETE clients | Save client ids from realm <{{ current_realm_name }}>"
  set_fact:
    realm_client_ids: "{{ realm_clients_json | json_query(jmesquery) }}"
  vars:
    jmesquery: '[*].{id: id, clientId: clientId}'
  delegate_to: 127.0.0.1
  become: false

- set_fact:
    realm_client_id: '{{ realm_client_ids | selectattr("clientId", "equalto", cluster_name) }}' 
  delegate_to: 127.0.0.1

- assert:
    that: 'realm_client_id | length == 1 '

- name: "KEYCLOAK: DELETE client <{{ client_id }}> for realm <{{ current_realm_name }}>"
  uri:
    url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/clients/{{ realm_client_id[0].id }}"
    method: DELETE
    body_format: json
    headers:
      Authorization: "Bearer {{ keycloak_authentication.json.access_token }} "
    status_code: [204]
  changed_when: True
  delegate_to: 127.0.0.1
  become: false