1---
2- name: Create realm
3  community.general.keycloak_realm:
4    auth_keycloak_url: "{{ url }}"
5    auth_realm: "{{ admin_realm }}"
6    auth_username: "{{ admin_user }}"
7    auth_password: "{{ admin_password }}"
8    id: "{{ realm }}"
9    realm: "{{ realm }}"
10    state: present
11
12- name: Create new identity provider
13  community.general.keycloak_identity_provider:
14    auth_keycloak_url: "{{ url }}"
15    auth_realm: "{{ admin_realm }}"
16    auth_username: "{{ admin_user }}"
17    auth_password: "{{ admin_password }}"
18    realm: "{{ realm }}"
19    alias: "{{ idp }}"
20    display_name: OpenID Connect IdP
21    enabled: true
22    provider_id: oidc
23    config:
24      issuer: https://idp.example.com
25      authorizationUrl: https://idp.example.com/auth
26      tokenUrl: https://idp.example.com/token
27      userInfoUrl: https://idp.example.com/userinfo
28      clientAuthMethod: client_secret_post
29      clientId: clientid
30      clientSecret: clientsecret
31      syncMode: FORCE
32    mappers:
33      - name: "first_name"
34        identityProviderAlias: "oidc-idp"
35        identityProviderMapper: "oidc-user-attribute-idp-mapper"
36        config:
37          claim: "first_name"
38          user.attribute: "first_name"
39          syncMode: "INHERIT"
40      - name: "last_name"
41        identityProviderAlias: "oidc-idp"
42        identityProviderMapper: "oidc-user-attribute-idp-mapper"
43        config:
44          claim: "last_name"
45          user.attribute: "last_name"
46          syncMode: "INHERIT"
47    state: present
48  register: result
49
50- name: Debug
51  debug:
52    var: result
53
54- name: Assert identity provider created
55  assert:
56    that:
57      - result is changed
58      - result.existing == {}
59      - result.end_state.alias == "{{ idp }}"
60      - result.end_state.mappers != []
61
62- name: Update existing identity provider (no change)
63  community.general.keycloak_identity_provider:
64    auth_keycloak_url: "{{ url }}"
65    auth_realm: "{{ admin_realm }}"
66    auth_username: "{{ admin_user }}"
67    auth_password: "{{ admin_password }}"
68    realm: "{{ realm }}"
69    alias: "{{ idp }}"
70    enabled: true
71    provider_id: oidc
72    config:
73      issuer: https://idp.example.com
74      authorizationUrl: https://idp.example.com/auth
75      tokenUrl: https://idp.example.com/token
76      userInfoUrl: https://idp.example.com/userinfo
77      clientAuthMethod: client_secret_post
78      clientId: clientid
79      clientSecret: "**********"
80      syncMode: FORCE
81    mappers:
82      - name: "first_name"
83        identityProviderAlias: "oidc-idp"
84        identityProviderMapper: "oidc-user-attribute-idp-mapper"
85        config:
86          claim: "first_name"
87          user.attribute: "first_name"
88          syncMode: "INHERIT"
89      - name: "last_name"
90        identityProviderAlias: "oidc-idp"
91        identityProviderMapper: "oidc-user-attribute-idp-mapper"
92        config:
93          claim: "last_name"
94          user.attribute: "last_name"
95          syncMode: "INHERIT"
96    state: present
97  register: result
98
99- name: Debug
100  debug:
101    var: result
102
103- name: Assert identity provider unchanged
104  assert:
105    that:
106      - result is not changed
107
108- name: Update existing identity provider (with change)
109  community.general.keycloak_identity_provider:
110    auth_keycloak_url: "{{ url }}"
111    auth_realm: "{{ admin_realm }}"
112    auth_username: "{{ admin_user }}"
113    auth_password: "{{ admin_password }}"
114    realm: "{{ realm }}"
115    alias: "{{ idp }}"
116    enabled: false
117    state: present
118  register: result
119
120- name: Debug
121  debug:
122    var: result
123
124- name: Assert identity provider updated
125  assert:
126    that:
127      - result is changed
128      - result.existing.enabled == true
129      - result.end_state.enabled == false
130
131- name: Delete existing identity provider
132  community.general.keycloak_identity_provider:
133    auth_keycloak_url: "{{ url }}"
134    auth_realm: "{{ admin_realm }}"
135    auth_username: "{{ admin_user }}"
136    auth_password: "{{ admin_password }}"
137    realm: "{{ realm }}"
138    alias: "{{ idp }}"
139    state: absent
140  register: result
141
142- name: Debug
143  debug:
144    var: result
145
146- name: Assert identity provider deleted
147  assert:
148    that:
149      - result is changed
150      - result.end_state == {}
151
152- name: Delete absent identity provider
153  community.general.keycloak_identity_provider:
154    auth_keycloak_url: "{{ url }}"
155    auth_realm: "{{ admin_realm }}"
156    auth_username: "{{ admin_user }}"
157    auth_password: "{{ admin_password }}"
158    realm: "{{ realm }}"
159    alias: "{{ idp }}"
160    state: absent
161  register: result
162
163- name: Debug
164  debug:
165    var: result
166
167- name: Assert identity provider unchanged
168  assert:
169    that:
170      - result is not changed
171      - result.end_state == {}
172