no-secrets-athq-ansible/roles/usermanagement/tasks/keycloak.yaml

- name: Create data-dir
  file:
    name: /data/
    state: directory

- name: Create keycloak psql mount
  file:
    name: /data/keycloak-postgres/
    state: directory

- name: Create compose directory keycloak
  file:
    name: "/opt/keycloak/"
    state: directory

- name: Copy compose templates keycloak
  template:
    src: "keycloak.yaml"
    dest: "/opt/keycloak/"

- name: Copy compose environment files keycloak
  template:
    src: "{{ item }}"
    dest: "/opt/keycloak/"
  with_items:
    - postgres_password

- name: Deploy compose templates
  community.docker.docker_compose:
    project_src: "/opt/keycloak/"
    pull: true
    files:
      - "keycloak.yaml"

- name: Check/Wait for Keycloak to be up
  uri:
    url: https://keycloak.atlantishq.de/health
    method: GET
    return_content: yes
    status_code: 200
    body_format: json
  register: result
  until: result.status and result.json.status == "UP"
  retries: 10
  delay: 20
  check_mode: false

- name: Create Keycloak Clients
  local_action:
    module: keycloak_client
    auth_client_id: admin-cli
    auth_keycloak_url: https://keycloak.atlantishq.de/
    auth_realm: master
    auth_username: admin
    auth_password: "{{ keycloak_admin_password }}"
    state: present
    realm: master
    client_id: '{{ keycloak_clients[item]["client_id"] }}'
    id: '{{ keycloak_clients[item]["keycloak_id"] }}'
    name: '{{ keycloak_clients[item]["client_id"] }}'
    description: '{{ keycloak_clients[item]["description"] }}'
    enabled: True
    client_authenticator_type: client-secret
    public_client: false
    secret: '{{ keycloak_clients[item]["client_secret"] }}'
    authorization_services_enabled: true
    service_accounts_enabled: true
    redirect_uris: '{{ keycloak_clients[item]["redirect_uris"] }}'
    web_origins: '{{ keycloak_clients[item]["redirect_uris"] }}'
    frontchannel_logout: False
    protocol: openid-connect
  with_items: "{{ keycloak_clients.keys() | list }}"

- name: Update master realm settings
  community.general.keycloak_realm:
    auth_client_id: admin-cli
    auth_keycloak_url: https://keycloak.atlantishq.de/
    auth_realm: master
    auth_username: admin
    auth_password: "{{ keycloak_admin_password }}"
    state: present
    realm: master
    smtpServer :
        password : "{{ smtp_service_pass }}"
        replyToDisplayName: ""
        starttls: "true"
        auth: "true"
        replyTo: ""
        envelopeFrom: ""
        from: "{{ smtp_service_user }}@atlantishq.de"
        fromDisplayName: ""
        host: "{{ smtp_internal_host }}"
        port: "{{ smtp_internal_host_port }}"
        ssl: "false"
        user: "{{ smtp_service_user }}"