Reactivated keycloak docker and webserver tasks and implemented correct logic for element and synapse redirect handling

roles/web-app-keycloak/filter_plugins/redirect_uris.py

@@ -29,6 +29,23 @@ def _stable_dedup(items: Sequence[str]) -> list[str]:
             out.append(x)
     return out
 
+def _iter_domains(v) -> Iterable[str]:
+    """Yield domains from str | list/tuple[str] | dict[*, str|list|tuple]."""
+    if v is None:
+        return
+    if isinstance(v, str):
+        yield v
+    elif isinstance(v, dict):
+        for val in v.values():
+            yield from _iter_domains(val)
+    elif isinstance(v, (list, tuple)):
+        for val in v:
+            yield from _iter_domains(val)
+    else:
+        raise AnsibleFilterError(
+            "redirect_uris: domain_value must be str, list/tuple[str], or dict mapping to those"
+        )
+
 def redirect_uris(domains: dict,
                   applications: dict,
                   web_protocol: str = "https",
@@ -60,7 +77,7 @@ def redirect_uris(domains: dict,
             continue
 
         # Normalize to iterable of domains
-        doms = [domain_value] if isinstance(domain_value, str) else list(domain_value or [])
+        doms = list(_iter_domains(domain_value))
 
         for d in doms:
             # Use get_url() to produce "<proto>://<domain>"

roles/web-app-keycloak/tasks/main.yml

@@ -1,10 +1,10 @@
 ---
-#- name: "create import files for {{application_id}}"
+- name: "create import files for {{application_id}}"
-#  include_tasks: 01_import.yml
+  include_tasks: 01_import.yml
-#
+
-#- name: "load docker, db and proxy for {{application_id}}"
+- name: "load docker, db and proxy for {{application_id}}"
-#  include_role: 
+  include_role: 
-#    name: cmp-db-docker-proxy
+    name: cmp-db-docker-proxy
 
 - name: "Apply client redirects without realm import"
   include_tasks: 02_update_client_redirects.yml

tests/unit/roles/web-app-keycloak/filter_plugins/test_redirect_uris.py

@@ -154,6 +154,28 @@ class RedirectUrisTest(unittest.TestCase):
         result = self.plugin.redirect_uris(domains, applications)
         self.assertEqual(result, [])
 
+    def test_domain_value_dict_is_flattened_in_order(self):
+        # Dict with mixed value types and a duplicate to verify stable dedup
+        domains = {
+            "app1": {
+                "primary": "a.example.org",
+                "alt": ["b.example.org", "b.example.org"],
+                "nested": {"x": "c.example.org", "y": ["d.example.org"]},
+            }
+        }
+        applications = {"app1": {"features": {"oauth2": True}}}
+    
+        result = self.plugin.redirect_uris(domains, applications)
+    
+        self.assertEqual(
+            result,
+            [
+                "https://a.example.org/*",
+                "https://b.example.org/*",  # duplicate trimmed
+                "https://c.example.org/*",
+                "https://d.example.org/*",
+            ],
+        )
 
 if __name__ == "__main__":
     unittest.main()