---
- name: "Load cleanup routine for '{{ application_id }}'"
  include_tasks: 01_cleanup.yml

- name: "Load init routine for '{{ application_id }}'"
  include_tasks: 02_initialize.yml

- name: "Load the depdendencies required by '{{ application_id }}'"
  include_tasks: 03_load_dependencies.yml

- name: "Wait until '{{ KEYCLOAK_CONTAINER }}' container is healthy"
  community.docker.docker_container_info:
    name: "{{ KEYCLOAK_CONTAINER }}"
  register: kc_info
  retries: 60
  delay: 5
  until: >
    kc_info is succeeded and
    (kc_info.container | default({})) != {} and
    (kc_info.container.State | default({})) != {} and
    (kc_info.container.State.Health | default({})) != {} and
    (kc_info.container.State.Health.Status | default('')) == 'healthy'

- name: kcadm login (master)
  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
  shell: >
    {{ KEYCLOAK_EXEC_KCADM }} config credentials
    --server {{ KEYCLOAK_SERVER_INTERNAL_URL }}
    --realm master
    --user {{ KEYCLOAK_MASTER_API_USER_NAME }}
    --password {{ KEYCLOAK_MASTER_API_USER_PASSWORD }}
  changed_when: false

- name: "Update Client settings"
  vars:
    kc_object_kind:  "client"
    kc_lookup_value: "{{ KEYCLOAK_CLIENT_ID }}"
    kc_desired: >-
      {{
        KEYCLOAK_DICTIONARY_REALM.clients
          | selectattr('clientId','equalto', KEYCLOAK_CLIENT_ID)
          | list | first
      }}
    kc_force_attrs:
      frontchannelLogout: true
      attributes: >-
        {{
          ( (KEYCLOAK_DICTIONARY_REALM.clients
              | selectattr('clientId','equalto', KEYCLOAK_CLIENT_ID)
              | list | first | default({}) ).attributes | default({}) )
          | combine({'frontchannel.logout.url': KEYCLOAK_FRONTCHANNEL_LOGOUT_URL}, recursive=True)
        }}
  include_tasks: 03_update.yml

- include_tasks: 04_rbac_client_scope.yml

- include_tasks: 05_ldap.yml
  when: KEYCLOAK_LDAP_ENABLED | bool