ansible-keycloak/roles/keycloak_realm/tasks/manage_client_roles.yml

- name: Create client roles
  community.general.keycloak_role:
    name: "{{ item }}"
    realm: "{{ client.realm }}"
    client_id: "{{ client.name }}"
    description: "{{ item.description | default(omit) }}"
    auth_client_id: "{{ keycloak_auth_client }}"
    auth_keycloak_url: "{{ keycloak_url }}/auth"
    auth_realm: "{{ keycloak_auth_realm }}"
    auth_username: "{{ keycloak_admin_user }}"
    auth_password: "{{ keycloak_admin_password }}"
    attributes: "{{ item.attributes | default(omit) }}"
    token: "{{ item.token | default(omit) }}"
    validate_certs: "{{ item.validate_certs | default(omit) }}"
    state: present
  loop: "{{ client.roles | flatten }}"
  when: "'roles' in client"