Semi bsr for applications[] to prevent heavy to debug bugs in j2 - part 1

roles/web-app-keycloak/templates/docker-compose.yml.j2

@@ -1,9 +1,9 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
 
   application:
-    image: "{{ applications[application_id].images.keycloak }}"
+    image: "{{ applications | get_app_conf(application_id, 'images.keycloak', True) }}"
     container_name: {{container_name}}
-    command: start {% if applications[application_id].import_realm | bool %}--import-realm{% endif %}
+    command: start {% if applications | get_app_conf(application_id, 'import_realm', True) | bool %}--import-realm{% endif %}
     {% include 'roles/docker-container/templates/base.yml.j2' %}
     ports:
       - "{{ keycloak_server_host }}:8080"

roles/web-app-keycloak/templates/env.j2

@@ -11,8 +11,8 @@ KC_HEALTH_ENABLED=              true
 KC_METRICS_ENABLED=             true
 
 # Administrator
-KEYCLOAK_ADMIN=                 "{{applications[application_id].users.administrator.username}}"
-KEYCLOAK_ADMIN_PASSWORD=        "{{applications[application_id].credentials.administrator_password}}"
+KEYCLOAK_ADMIN=                 "{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}"
+KEYCLOAK_ADMIN_PASSWORD=        "{{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}}"
 
 # Database
 KC_DB=                          postgres
@@ -21,5 +21,5 @@ KC_DB_USERNAME=                 {{database_username}}
 KC_DB_PASSWORD=                 {{database_password}}
 
 # If the initial administrator already exists and the environment variables are still present at startup, an error message stating the failed creation of the initial administrator is shown in the logs. Keycloak ignores the values and starts up correctly.
-KC_BOOTSTRAP_ADMIN_USERNAME=    "{{applications[application_id].users.administrator.username}}"
-KC_BOOTSTRAP_ADMIN_PASSWORD=    "{{applications[application_id].credentials.administrator_password}}"
+KC_BOOTSTRAP_ADMIN_USERNAME=    "{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}"
+KC_BOOTSTRAP_ADMIN_PASSWORD=    "{{applications | get_app_conf(application_id, 'credentials.administrator_password', True)}}"

roles/web-app-keycloak/templates/import/realm.json.j2

@@ -890,8 +890,8 @@
         "organization",
         "offline_access",
         "microprofile-jwt",
-        "{{ applications[application_id].scopes.rbac_roles }}",
-        "{{ applications[application_id].scopes.nextcloud }}"
+        "{{ applications | get_app_conf(application_id, 'scopes.rbac_roles', True) }}",
+        "{{ applications | get_app_conf(application_id, 'scopes.nextcloud', True) }}"
 
       ]
     }
@@ -1197,7 +1197,7 @@
     },
     {
       "id": "15dd4961-5b4f-4635-a3f1-a21e1fa7bf3a",
-      "name": "{{ applications[application_id].scopes.nextcloud }}",
+      "name": "{{ applications | get_app_conf(application_id, 'scopes.nextcloud', True) }}",
       "description": "Optimized mappers for nextcloud oidc_login with ldap.",
       "protocol": "openid-connect",
       "attributes": {
@@ -1249,7 +1249,7 @@
     },
     {
       "id": "59917c48-a7ef-464a-a8b0-ea24316db18e",
-      "name": "{{ applications[application_id].scopes.rbac_roles }}",
+      "name": "{{ applications | get_app_conf(application_id, 'scopes.rbac_roles', True) }}",
       "description": "RBAC Groups",
       "protocol": "openid-connect",
       "attributes": {
@@ -1675,8 +1675,8 @@
     "phone",
     "microprofile-jwt",
     "organization",
-    "{{ applications[application_id].scopes.rbac_roles }}",
-    "{{ applications[application_id].scopes.nextcloud }}"
+    "{{ applications | get_app_conf(application_id, 'scopes.rbac_roles', True) }}",
+    "{{ applications | get_app_conf(application_id, 'scopes.nextcloud', True) }}"
   ],
   "browserSecurityHeaders": {
     "contentSecurityPolicyReportOnly": "",
@@ -1994,7 +1994,7 @@
                   "false"
                 ],
                 "groups.path": [
-                  "{{ applications[application_id].rbac_groups }}"
+                  "{{ applications | get_app_conf(application_id, 'rbac_groups', True) }}"
                 ]
               }
             },
@@ -2920,8 +2920,8 @@
         "action": "register",
         "useRecaptchaNet": "false",
         "recaptcha.v3": "true",
-        "secret.key": "{{ applications[application_id].credentials.recaptcha.secret_key }}",
-        "site.key": "{{ applications[application_id].credentials.recaptcha.website_key }}"
+        "secret.key": "{{ applications | get_app_conf(application_id, 'credentials.recaptcha.secret_key', True) }}",
+        "site.key": "{{ applications | get_app_conf(application_id, 'credentials.recaptcha.website_key', True) }}"
       }
     },
 {%- endif %}

roles/web-app-keycloak/vars/main.yml

@@ -4,7 +4,7 @@ container_name:                   "{{application_id}}_application"
 import_directory_host:            "{{docker_compose.directories.volumes}}import/"           # Directory in which keycloack import files are placed on the host
 import_directory_docker:          "/opt/keycloak/data/import/"                              # Directory in which keycloack import files are placed in the running docker container
 keycloak_realm:                   "{{ primary_domain}}"                                     # This is the name of the default realm which is used by the applications
-keycloak_administrator:           "{{ applications[application_id].users.administrator }}"  # Master Administrator
+keycloak_administrator:           "{{ applications | get_app_conf(application_id, 'users.administrator', True) }}"  # Master Administrator
 keycloak_administrator_username:  "{{ keycloak_administrator.username}}"                    # Master Administrator Username
 keycloak_administrator_password:  "{{ keycloak_administrator.password}}"                    # Master Administrator Password
 keycloak_kcadm_path:              "docker exec -i {{ container_name }} /opt/keycloak/bin/kcadm.sh"