hetzner-ansible/roles/connect_realm/tasks/assign_client_roles.yml

---
- name: "Read keycloak user id for <{{ connect_client_admin_username }}>"
  include_role:
    name: keycloak
    tasks_from: _read_keycloak_user_id

- name: "Map client roles to <{{ connect_client_admin_username }}>"
  community.general.keycloak_user_rolemapping:
    auth_realm: "master"
    auth_client_id: "admin-cli"
    auth_username: "{{ keycloak_admin_username }}"
    auth_password: "{{ keycloak_admin_password }}"
    auth_keycloak_url: "{{ shared_service_url_keycloak }}/auth"
    state: present
    realm: "{{ current_realm_name }}"
    client_id: "{{ client.clientId }}"
    uid: "{{ keycloak_user_id }}"
    roles: "{{ current_client_roles }}"
  with_items: "{{ current_realm_clients | default([]) }}"
  loop_control:
    loop_var: client
  delegate_to: localhost