computer-playbook/roles/web-app-keycloak/tasks/update/07_userprofile.yml

---
# Update the Declarative User Profile provider using the configuration
# from KEYCLOAK_DICTIONARY_REALM.components (same pattern as LDAP).

- name: "Update UserProfileProvider component (merge kc.user.profile.config)"
  keycloak_kcadm_update:
    object_kind: "component"                     # <-- singular, as in your module choices
    lookup_field: "providerId"                   # or "name", both are "declarative-user-profile"
    lookup_value: "declarative-user-profile"
    desired: "{{ KEYCLOAK_USER_PROFILE_CONFIG_PAYLOAD }}"   # <-- REQUIRED
    merge_path: "config"
    kcadm_exec: "{{ KEYCLOAK_EXEC_KCADM }}"
    realm: "{{ KEYCLOAK_REALM }}"
    assert_mode: "{{ MODE_ASSERT }}"
    force_attrs:
      parentId: "{{ KEYCLOAK_REALM }}"
      providerType: "org.keycloak.userprofile.UserProfileProvider"
      providerId: "declarative-user-profile"
  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
  poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"