---
- name: Create realm
  community.general.keycloak_realm:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    id: "{{ realm }}"
    realm: "{{ realm }}"
    state: present

- name: Create client
  community.general.keycloak_client:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    realm: "{{ realm }}"
    client_id: "{{ client_id }}"
    state: present
  register: client

- name: Create new realm role
  community.general.keycloak_role:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    realm: "{{ realm }}"
    name: "{{ role }}"
    description: "{{ description_1 }}"
    state: present
  register: result

- name: Debug
  debug:
    var: result

- name: Assert realm role created
  assert:
    that:
      - result is changed
      - result.existing == {}
      - result.end_state.name == "{{ role }}"
      - result.end_state.containerId == "{{ realm }}"

- name: Create existing realm role
  community.general.keycloak_role:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    realm: "{{ realm }}"
    name: "{{ role }}"
    description: "{{ description_1 }}"
    state: present
  register: result

- name: Debug
  debug:
    var: result

- name: Assert realm role unchanged
  assert:
    that:
      - result is not changed

- name: Update realm role
  community.general.keycloak_role:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    realm: "{{ realm }}"
    name: "{{ role }}"
    description: "{{ description_2 }}"
    state: present
  register: result

- name: Debug
  debug:
    var: result

- name: Assert realm role updated
  assert:
    that:
      - result is changed
      - result.existing.description == "{{ description_1 }}"
      - result.end_state.description == "{{ description_2 }}"

- name: Delete existing realm role
  community.general.keycloak_role:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    realm: "{{ realm }}"
    name: "{{ role }}"
    state: absent
  register: result

- name: Debug
  debug:
    var: result

- name: Assert realm role deleted
  assert:
    that:
      - result is changed
      - result.end_state == {}

- name: Delete absent realm role
  community.general.keycloak_role:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    realm: "{{ realm }}"
    name: "{{ role }}"
    state: absent
  register: result

- name: Debug
  debug:
    var: result

- name: Assert realm role unchanged
  assert:
    that:
      - result is not changed
      - result.end_state == {}

- name: Create new client role
  community.general.keycloak_role:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    realm: "{{ realm }}"
    client_id: "{{ client_id }}"
    name: "{{ role }}"
    description: "{{ description_1 }}"
    state: present
  register: result

- name: Debug
  debug:
    var: result

- name: Assert client role created
  assert:
    that:
      - result is changed
      - result.existing == {}
      - result.end_state.name == "{{ role }}"
      - result.end_state.containerId == "{{ client.end_state.id }}"

- name: Create existing client role
  community.general.keycloak_role:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    realm: "{{ realm }}"
    client_id: "{{ client_id }}"
    name: "{{ role }}"
    description: "{{ description_1 }}"
    state: present
  register: result

- name: Debug
  debug:
    var: result

- name: Assert client role unchanged
  assert:
    that:
      - result is not changed

- name: Update client role
  community.general.keycloak_role:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    realm: "{{ realm }}"
    client_id: "{{ client_id }}"
    name: "{{ role }}"
    description: "{{ description_2 }}"
    state: present
  register: result

- name: Debug
  debug:
    var: result

- name: Assert client role updated
  assert:
    that:
      - result is changed
      - result.existing.description == "{{ description_1 }}"
      - result.end_state.description == "{{ description_2 }}"

- name: Delete existing client role
  community.general.keycloak_role:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    realm: "{{ realm }}"
    client_id: "{{ client_id }}"
    name: "{{ role }}"
    state: absent
  register: result

- name: Debug
  debug:
    var: result

- name: Assert client role deleted
  assert:
    that:
      - result is changed
      - result.end_state == {}

- name: Delete absent client role
  community.general.keycloak_role:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    realm: "{{ realm }}"
    client_id: "{{ client_id }}"
    name: "{{ role }}"
    state: absent
  register: result

- name: Debug
  debug:
    var: result

- name: Assert client role unchanged
  assert:
    that:
      - result is not changed
      - result.end_state == {}