kubespray/roles/vault/tasks/shared/cert_auth_mount.yml

---

- include_tasks: ../shared/pki_mount.yml
  vars:
    pki_mount_path: auth-pki
    pki_mount_options:
      description: PKI mount to generate certs for the Cert Auth Backend
      config:
        default_lease_ttl: "{{ vault_default_lease_ttl }}"
        max_lease_ttl: "{{ vault_max_lease_ttl }}"

- name: shared/auth_mount | Create a dummy role for issuing certs from auth-pki
  hashivault_approle_role_create:
    url: "{{ vault_leader_url }}"
    token: "{{ vault_root_token }}"
    ca_cert: "{{ vault_cert_dir }}/ca.pem"
    name: "auth-pki/roles/dummy"
    policies:
      allow_any_name: true