kubespray/roles/vault/tasks/bootstrap/role_auth_cert.yml

---

- include: ../shared/sync_auth_certs.yml
  when: inventory_hostname in groups.vault

- include: ../shared/cert_auth_mount.yml
  when: inventory_hostname == groups.vault|first

- include: ../shared/auth_backend.yml
  vars:
    auth_backend_description: A Cert-based Auth primarily for services needing to issue certificates
    auth_backend_name: cert
    auth_backend_type: cert
  when: inventory_hostname == groups.vault|first

- include: gen_auth_ca.yml
  when: inventory_hostname in groups.vault and vault_auth_ca_cert_needed

- include: ../shared/config_ca.yml
  vars:
    ca_name: auth-ca
    mount_name: auth-pki
  when: inventory_hostname == groups.vault|first and not vault_auth_ca_cert_needed

- include: create_etcd_role.yml
  when: inventory_hostname in groups.etcd