fix(keycloak): add no_log and disable become
diff --git a/roles/keystone/tasks/main.yml b/roles/keystone/tasks/main.yml
index d1ad1ef..c4400fa 100644
--- a/roles/keystone/tasks/main.yml
+++ b/roles/keystone/tasks/main.yml
@@ -38,6 +38,7 @@
 
 - name: Create Keycloak realms
   no_log: true
+  become: false
   run_once: true
   delegate_to: localhost
   changed_when: false
@@ -64,6 +65,8 @@
     template: configmap-openid-metadata.yml.j2
 
 - name: Create Keycloak clients
+  no_log: true
+  become: false
   run_once: true
   delegate_to: localhost
   community.general.keycloak_client:
diff --git a/roles/keystone/tasks_test.go b/roles/keystone/tasks_test.go
index 687659d..68f5d5a 100644
--- a/roles/keystone/tasks_test.go
+++ b/roles/keystone/tasks_test.go
@@ -42,4 +42,13 @@
 	require.NotNil(t, task)
 
 	assert.Equal(t, true, task["no_log"])
+	assert.Equal(t, false, task["become"])
+}
+
+func TestCreateKeycloakClientsTask(t *testing.T) {
+	task := getTaskByName("Create Keycloak clients")
+	require.NotNil(t, task)
+
+	assert.Equal(t, true, task["no_log"])
+	assert.Equal(t, false, task["become"])
 }
diff --git a/roles/kube_prometheus_stack/tasks/main.yml b/roles/kube_prometheus_stack/tasks/main.yml
index 57fb1ad..6409a10 100644
--- a/roles/kube_prometheus_stack/tasks/main.yml
+++ b/roles/kube_prometheus_stack/tasks/main.yml
@@ -13,7 +13,8 @@
 # under the License.
 
 - name: Create Keycloak realm
-  run_once: true
+  no_log: true
+  become: false
   delegate_to: localhost
   changed_when: false
   community.general.keycloak_realm:
@@ -31,6 +32,9 @@
     enabled: true
 
 - name: Add client roles in "id_token"
+  no_log: true
+  become: false
+  delegate_to: localhost
   changed_when: false
   community.general.keycloak_clientscope:
     # Keycloak settings
@@ -54,6 +58,8 @@
           multivalued: true
 
 - name: Create Keycloak client
+  no_log: true
+  become: false
   run_once: true
   delegate_to: localhost
   community.general.keycloak_client:
@@ -72,6 +78,8 @@
       - "https://{{ kube_prometheus_stack_grafana_host }}/login/generic_oauth"
 
 - name: Create Keycloak roles
+  no_log: true
+  become: false
   run_once: true
   delegate_to: localhost
   community.general.keycloak_role:
diff --git a/roles/kube_prometheus_stack/tasks_test.go b/roles/kube_prometheus_stack/tasks_test.go
new file mode 100644
index 0000000..d0b5cd0
--- /dev/null
+++ b/roles/kube_prometheus_stack/tasks_test.go
@@ -0,0 +1,70 @@
+package kube_prometheus_stack
+
+import (
+	_ "embed"
+	"os"
+	"testing"
+
+	"github.com/goccy/go-yaml"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// Create Keycloak realms
+
+var (
+	//go:embed tasks/main.yml
+	tasksFile []byte
+	tasks     []map[string]interface{}
+)
+
+func TestMain(m *testing.M) {
+	t := &testing.T{}
+
+	err := yaml.UnmarshalWithOptions(tasksFile, &tasks, yaml.Strict())
+	require.NoError(t, err)
+
+	code := m.Run()
+	os.Exit(code)
+}
+
+func getTaskByName(name string) map[string]interface{} {
+	for _, t := range tasks {
+		if t["name"] == name {
+			return t
+		}
+	}
+	return nil
+}
+
+func TestCreateKeycloakRealmTask(t *testing.T) {
+	task := getTaskByName("Create Keycloak realm")
+	require.NotNil(t, task)
+
+	assert.Equal(t, true, task["no_log"])
+	assert.Equal(t, false, task["become"])
+}
+
+func TestAddClientRolesInIdTokenTask(t *testing.T) {
+	task := getTaskByName("Add client roles in \"id_token\"")
+	require.NotNil(t, task)
+
+	assert.Equal(t, true, task["no_log"])
+	assert.Equal(t, false, task["become"])
+}
+
+func TestCreateKeycloakClientsTask(t *testing.T) {
+	task := getTaskByName("Create Keycloak client")
+	require.NotNil(t, task)
+
+	assert.Equal(t, true, task["no_log"])
+	assert.Equal(t, false, task["become"])
+}
+
+func TestCreateKeycloakRolesTask(t *testing.T) {
+	task := getTaskByName("Create Keycloak roles")
+	require.NotNil(t, task)
+
+	assert.Equal(t, true, task["no_log"])
+	assert.Equal(t, false, task["become"])
+}