update variable structure, add tasks to create users

playbooks/roles/deploy-rhbk/tasks/main.yml

@@ -31,8 +31,9 @@
 #   users:          users to create in realm, no default (meaning no users)
 #     - username:     required (as it is key)
 #       password:     optional, defaults to "secret"
-#       fullname:     optional, set to username if empty
 #       email:        optional, set to username@example.com if empty
+#       firstname:    optional
+#       lastname:     optional
 #   state:            present (default) or absent (removes a RHBK instance if found)
 #
 # NOTE: Use rhbk_state to override rhbk.state from command line.

playbooks/roles/deploy-rhbk/tasks/present.yml

@@ -265,26 +265,9 @@
   retries: 24
   delay: 5
 
-- name: Get an auth token from Keycloak
-  ansible.builtin.uri:
-    method: POST
-    return_content: yes
-    validate_certs: no
-    url: "https://{{ rhbk_fqdn }}/realms/master/protocol/openid-connect/token"
-    headers:
-      Accept: application/json
-    body: "client_id=admin-cli&username={{ rhbk.admin.username | default('rhbk') }}&password={{ rhbk.admin.password | default('secret') }}&grant_type=password"
-  register: sso_token_rsp
-
-- name: Verify that the token is usable.
-  ansible.builtin.assert:
-    that: sso_token_rsp.json is defined and sso_token_rsp.json.access_token is defined
-    fail_msg: "ERROR: Failed to obtain authentication token from Keycloak."
-    success_msg: "OK: got authentication token."
-
-- name: Store the token as a fact
-  ansible.builtin.set_fact:
-    admin_token: "{{ sso_token_rsp.json.access_token }}"
+- name: Get a fresh bearer token.
+  ansible.builtin.include_tasks:
+    file: tasks/token.yml
 
 - name: Get a list of existing realms.
   ansible.builtin.uri:
@@ -341,4 +324,62 @@
   when:
     - realms[rhbk.realm | default('sample-realm')] is not defined
 
+- name: Get a fresh bearer token.
+  ansible.builtin.include_tasks:
+    file: tasks/token.yml
+
+- name: Get a list of existing users in the realm.
+  ansible.builtin.uri:
+    method: GET
+    return_content: true
+    validate_certs: false
+    url: "https://{{ rhbk_fqdn }}/admin/realms/{{ rhbk.realm | default('sample-realm') }}/users"
+    headers:
+      Authorization: Bearer {{ admin_token }}
+      Accept: application/json
+  register: rhbk_realm_users
+
+- name: Show what users were found at verbosity 2+.
+  ansible.builtin.debug:
+    var: rhbk_realm_users
+    verbosity: 2
+
+- name: Create/update the users if necessary.
+  ansible.builtin.uri:
+    method: POST
+    return_content: true
+    validate_certs: false
+    url: "https://{{ rhbk_fqdn }}/admin/realms/{{ rhbk.realm | default('sample-realm') }}/users"
+    headers:
+      Authorization: Bearer {{ admin_token }}
+      Accept: application/json
+      Content-Type: application/json
+    body: |
+      {
+        "username": "{{ item.username }}",
+        "email": "{{ item.email | default(item.username + '@example.com') }}",
+        "firstName": "{{ item.firstname | default('') }}",
+        "lastName": "{{ item.lastname | default('') }}",
+        "credentials": [
+          {
+            "type": "password",
+            "temporary": false,
+            "value": "{{ item.password | default('secret') }}"
+          }
+        ],
+        "enabled": true,
+        "emailVerified": true
+      }
+    status_code:
+      - 200
+      - 201
+  register: created_users
+  loop: "{{ rhbk.users }}"
+  when:
+    - (rhbk_realm_users.json | items2dict(key_name='username', value_name='id')).keys() is not contains(item.username)
+
+- name: Show what users were created at verbosity 2+.
+  ansible.builtin.debug:
+    var: created_users
+    verbosity: 2
 ...