From cf92da9e940568ccdfc67ce8dc1f58558ff39070 Mon Sep 17 00:00:00 2001
From: Guido Grazioli <ggraziol@redhat.com>
Date: Thu, 7 Apr 2022 14:07:28 +0200
Subject: [PATCH] update keycloak_realm to test nicely with keycloak_quarkus

---
 roles/keycloak_realm/defaults/main.yml                 |  1 +
 roles/keycloak_realm/meta/argument_specs.yml           |  7 ++++++-
 roles/keycloak_realm/tasks/main.yml                    | 10 +++++-----
 roles/keycloak_realm/tasks/manage_client_roles.yml     |  2 +-
 roles/keycloak_realm/tasks/manage_user.yml             |  8 ++++----
 .../keycloak_realm/tasks/manage_user_client_roles.yml  |  6 +++---
 roles/keycloak_realm/tasks/manage_user_roles.yml       |  4 ++--
 7 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/roles/keycloak_realm/defaults/main.yml b/roles/keycloak_realm/defaults/main.yml
index 2f33e57..4975380 100644
--- a/roles/keycloak_realm/defaults/main.yml
+++ b/roles/keycloak_realm/defaults/main.yml
@@ -10,6 +10,7 @@ keycloak_rhsso_enable: False
 keycloak_admin_user: admin
 keycloak_auth_realm: master
 keycloak_auth_client: admin-cli
+keycloak_context: /auth
 
 # administrator console password, this is a required variable
 keycloak_admin_password: ''
diff --git a/roles/keycloak_realm/meta/argument_specs.yml b/roles/keycloak_realm/meta/argument_specs.yml
index 8f951b4..45b5998 100644
--- a/roles/keycloak_realm/meta/argument_specs.yml
+++ b/roles/keycloak_realm/meta/argument_specs.yml
@@ -4,8 +4,13 @@ argument_specs:
             keycloak_host:
                 # line 3 of keycloak_realm/defaults/main.yml
                 default: "localhost"
-                description: "hostname for rest calls"
+                description: "Hostname for rest calls"
                 type: "str"
+            keycloak_context:
+                # line 5 of keycloak_realm/defaults/main.yml
+                default: "/auth"
+                description: "Context path for rest calls"
+                type: "str"                
             keycloak_http_port:
                 # line 4 of keycloak_realm/defaults/main.yml
                 default: 8080
diff --git a/roles/keycloak_realm/tasks/main.yml b/roles/keycloak_realm/tasks/main.yml
index 8659fd3..2554958 100644
--- a/roles/keycloak_realm/tasks/main.yml
+++ b/roles/keycloak_realm/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 - name: Generate keycloak auth token
   ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/realms/master/protocol/openid-connect/token"
     method: POST
     body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
     validate_certs: no
@@ -13,7 +13,7 @@
 
 - name: "Determine if realm exists"
   ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}"
     method: GET
     status_code:
       - 200
@@ -25,7 +25,7 @@
 
 - name: Create Realm
   ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms"
     method: POST
     body: "{{ lookup('template','realm.json.j2') }}"
     validate_certs: no
@@ -37,7 +37,7 @@
 
 - name: Create user federation
   community.general.keycloak_user_federation:
-    auth_keycloak_url: "{{ keycloak_url }}/auth"
+    auth_keycloak_url: "{{ keycloak_url }}{{ keycloak_context }}"
     auth_realm: "{{ keycloak_auth_realm }}"
     auth_username: "{{ keycloak_admin_user }}"
     auth_password: "{{ keycloak_admin_password }}"
@@ -56,7 +56,7 @@
 - name: Create or update a Keycloak client
   community.general.keycloak_client:
     auth_client_id: "{{ keycloak_auth_client }}"
-    auth_keycloak_url: "{{ keycloak_url }}/auth"
+    auth_keycloak_url: "{{ keycloak_url }}{{ keycloak_context }}"
     auth_realm: "{{ keycloak_auth_realm }}"
     auth_username: "{{ keycloak_admin_user }}"
     auth_password: "{{ keycloak_admin_password }}"
diff --git a/roles/keycloak_realm/tasks/manage_client_roles.yml b/roles/keycloak_realm/tasks/manage_client_roles.yml
index dd47eb3..04cf2fa 100644
--- a/roles/keycloak_realm/tasks/manage_client_roles.yml
+++ b/roles/keycloak_realm/tasks/manage_client_roles.yml
@@ -4,7 +4,7 @@
     realm: "{{ client.realm }}"
     client_id: "{{ client.name }}"
     auth_client_id: "{{ keycloak_auth_client }}"
-    auth_keycloak_url: "{{ keycloak_url }}/auth"
+    auth_keycloak_url: "{{ keycloak_url }}{{ keycloak_context }}"
     auth_realm: "{{ keycloak_auth_realm }}"
     auth_username: "{{ keycloak_admin_user }}"
     auth_password: "{{ keycloak_admin_password }}"
diff --git a/roles/keycloak_realm/tasks/manage_user.yml b/roles/keycloak_realm/tasks/manage_user.yml
index d304e13..840c738 100644
--- a/roles/keycloak_realm/tasks/manage_user.yml
+++ b/roles/keycloak_realm/tasks/manage_user.yml
@@ -1,7 +1,7 @@
 ---
 - name: "Check if User Already Exists"
   ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
     validate_certs: no
     headers:
       Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
@@ -9,7 +9,7 @@
 
 - name: "Create User"
   ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users"
     method: POST
     body:
       enabled: true
@@ -27,7 +27,7 @@
 
 - name: "Get User"
   ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
     validate_certs: no
     headers:
       Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
@@ -35,7 +35,7 @@
 
 - name: "Update User Password"
   ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users/{{ (keycloak_user.json | first).id }}/reset-password"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users/{{ (keycloak_user.json | first).id }}/reset-password"
     method: PUT
     body:
       type: password
diff --git a/roles/keycloak_realm/tasks/manage_user_client_roles.yml b/roles/keycloak_realm/tasks/manage_user_client_roles.yml
index f29bbc6..5369094 100644
--- a/roles/keycloak_realm/tasks/manage_user_client_roles.yml
+++ b/roles/keycloak_realm/tasks/manage_user_client_roles.yml
@@ -1,7 +1,7 @@
 ---
 - name: "Get Realm for role"
   ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm }}"
     method: GET
     status_code:
       - 200
@@ -12,7 +12,7 @@
 
 - name: Check if Mapping is available
   ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}/available"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}/available"
     method: GET
     status_code:
       - 200
@@ -23,7 +23,7 @@
 
 - name: "Create Role Mapping"
   ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}"
     method: POST
     body:
       - id: "{{ item.id }}"
diff --git a/roles/keycloak_realm/tasks/manage_user_roles.yml b/roles/keycloak_realm/tasks/manage_user_roles.yml
index 2d50f8b..e9d18b7 100644
--- a/roles/keycloak_realm/tasks/manage_user_roles.yml
+++ b/roles/keycloak_realm/tasks/manage_user_roles.yml
@@ -1,7 +1,7 @@
 ---
 - name: "Get User {{ user.username }}"
   ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
     headers:
       validate_certs: no
       Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
@@ -9,7 +9,7 @@
 
 - name: Refresh keycloak auth token
   ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/realms/master/protocol/openid-connect/token"
     method: POST
     body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
     validate_certs: no