kubespray/roles/vault/tasks/shared/cert_auth_mount.yml

---

- include: ../shared/mount.yml
  vars:
    mount_name: auth-pki
    mount_options:
      description: PKI mount to generate certs for the Cert Auth Backend
      config:
        default_lease_ttl: "{{ vault_default_lease_ttl }}"
        max_lease_ttl: "{{ vault_max_lease_ttl }}"
      type: pki

- name: shared/auth_mount | Create a dummy role for issuing certs from auth-pki
  uri:
    url: "{{ hostvars[groups.vault|first]['vault_leader_url'] }}/v1/auth-pki/roles/dummy"
    headers: "{{ hostvars[groups.vault|first]['vault_headers'] }}"
    method: POST
    body_format: json
    body:
      {'allow_any_name': true}
    status_code: 204