From ba6bab9a9275d5be87f6bd15a8ca1a6883e2258c Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Fri, 5 Jan 2024 23:58:30 +0100 Subject: [PATCH] feat(vault): start working on configuration merging to allow customization --- playbooks/deploy.yml | 6 ++++++ playbooks/group_vars/all.yml | 1 + playbooks/tasks/load_vars.yml | 7 +++++++ playbooks/tasks/vault_vars.yml | 6 ++++++ 4 files changed, 20 insertions(+) create mode 100644 playbooks/tasks/vault_vars.yml diff --git a/playbooks/deploy.yml b/playbooks/deploy.yml index bc6758b..5847f5c 100644 --- a/playbooks/deploy.yml +++ b/playbooks/deploy.yml @@ -14,6 +14,12 @@ ansible.builtin.import_tasks: file: tasks/load_vars.yml + - name: "Debug" + ansible.builtin.debug: + msg: "{{ hashi_vault_configuration }}" + + - ansible.builtin.fail: + - name: "Vault" when: - enable_vault | bool diff --git a/playbooks/group_vars/all.yml b/playbooks/group_vars/all.yml index 73987df..e313283 100644 --- a/playbooks/group_vars/all.yml +++ b/playbooks/group_vars/all.yml @@ -131,6 +131,7 @@ vault_service_registration_configuration: ############################# # vault plugins configuration ############################# +vault_enable_plugins: false ######################### diff --git a/playbooks/tasks/load_vars.yml b/playbooks/tasks/load_vars.yml index c85e070..04b41d0 100644 --- a/playbooks/tasks/load_vars.yml +++ b/playbooks/tasks/load_vars.yml @@ -64,6 +64,13 @@ loop_var: item delegate_to: localhost +- name: "Merge vault configurations" + ansible.builtin.import_tasks: + file: "vault_vars.yml" + when: + - enable_vault | bool + - "'vault_servers' in group_names" + - name: "Debug" ansible.builtin.debug: msg: "{{ vault_cluster_name }}" diff --git a/playbooks/tasks/vault_vars.yml b/playbooks/tasks/vault_vars.yml new file mode 100644 index 0000000..b171450 --- /dev/null +++ b/playbooks/tasks/vault_vars.yml @@ -0,0 +1,6 @@ +--- +# hashistack configuration merging for vault +- name: "Merge service registration configuration" + ansible.builtin.set_fact: + hashi_vault_configuration: "{{ hashi_vault_configuration | combine({'service_registration': vault_service_registration_configuration}) }}" + when: vault_enable_service_registration