---
- name: Installer et configurer Keycloak
  hosts: servers
  become: true
  gather_facts: true

  vars:
    git_dest: "/opt/Neah-Enkun"
    keycloak_container: "neah-keycloak"
    keycloak_server: "http://localhost:8080"
    keycloak_realm: "master"
    keycloak_old_admin: "admin"
    keycloak_old_password: "0aff634a5aab66c4cddc0fe9221e4d02defc87c98d2cd81ce6e8e04271f6c189"
    keycloak_admin_user: "enkun"
    keycloak_admin_password: "9569dd645b4963262f76f10dc320b114c62950ea4927c1806c3df56b03185297"
    keycloak_admin_email: "enkun@connect.neah.local"
    keycloak_admin_first_name: "Enkun"
    keycloak_admin_last_name: "Administrator"
    check_file: "/opt/keycloak/data/.configured"
    keycloak_bin: "/opt/keycloak/bin/kcadm.sh"

  tasks:
    - name: Lancer le service Keycloak
      command: "docker compose up -d --build --remove-orphans keycloak"
      args:
        chdir: "{{ git_dest }}"
      register: keycloak_launch
      until: keycloak_launch is success
      retries: 3
      delay: 5

    - name: Vérifier si la configuration a déjà été effectuée
      command: docker exec {{ keycloak_container }} test -f {{ check_file }}
      register: check_config
      changed_when: false
      failed_when: false

    - name: Configurer les credentials avec kcadm.sh
      shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} config credentials --server {{ keycloak_server }} --realm {{ keycloak_realm }} --user {{ keycloak_old_admin }} --password {{ keycloak_old_password }}
      register: config_status
      until: config_status is success
      retries: 6
      delay: 10
      when: check_config.rc != 0

    - name: Créer un nouvel utilisateur administrateur
      block:
        - name: Créer l'utilisateur
          shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} create users -r {{ keycloak_realm }} -s username={{ keycloak_admin_user }} -s email={{ keycloak_admin_email }} -s firstName={{ keycloak_admin_first_name }} -s lastName={{ keycloak_admin_last_name }} -s emailVerified=true -s enabled=true
          register: create_user

        - name: Définir le mot de passe
          shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} set-password -r {{ keycloak_realm }} --username {{ keycloak_admin_user }} --new-password {{ keycloak_admin_password }} --temporary=false
          register: set_password

        - name: Attribuer le rôle d'administrateur
          shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} add-roles -r {{ keycloak_realm }} --uusername {{ keycloak_admin_user }} --rolename admin
          register: add_role
      when: check_config.rc != 0
      rescue:
        - name: Gérer les erreurs de configuration
          debug:
            msg: "Erreur lors de la configuration de l'utilisateur administrateur"

    - name: Supprimer l'administrateur temporaire
      block:
        - name: Récupérer les informations
          shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} get users -r {{ keycloak_realm }} -q username={{ keycloak_old_admin }}
          register: temp_admin_info

        - name: Extraire l'ID
          set_fact:
            temp_admin_id: "{{ (temp_admin_info.stdout | from_json)[0].id }}"

        - name: Supprimer l'utilisateur
          shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} delete users/{{ temp_admin_id }}
      when: check_config.rc != 0

    - name: Marquer la configuration comme terminée
      shell: docker exec {{ keycloak_container }} touch {{ check_file }}
      when: check_config.rc != 0

  handlers:
    - name: Redémarrer Keycloak
      command: "docker compose restart keycloak"
      args:
        chdir: "{{ git_dest }}"