From 971632bb70c0a8d8e18a589c2819d8b4011cee49 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Tue, 11 Jul 2023 23:00:07 +0200
Subject: [PATCH] Update to 2023-07-11 23:00

---
 roles/vault_agent/tasks/conf.yml                     | 12 ++++++------
 .../templates/consul/agent_bundle.pem.tpl.j2         |  3 +--
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/roles/vault_agent/tasks/conf.yml b/roles/vault_agent/tasks/conf.yml
index dbc4fdc..f9af859 100644
--- a/roles/vault_agent/tasks/conf.yml
+++ b/roles/vault_agent/tasks/conf.yml
@@ -18,16 +18,16 @@
     - copy: content={{ vault_agent_approle_role_id }} dest={{ vault_agent_root_dir }}/auth/role_id owner=root group=root mode=600
     - copy: content={{ vault_agent_approle_secret_id }} dest={{ vault_agent_root_dir }}/auth/secret_id owner=root group=root mode=600
     - file: path={{ vault_agent_root_dir }}/auth/token state=absent
-  when:
-    - vault_agent_auth == 'approle'
-  tags: nomad
+  when: vault_agent_auth == 'approle'
+  notify: restart vault-agent
+  tags: vault,consul,nomad
 
 - name: Setup Token auth
   block:
     - copy: content={{ vault_agent_token }} dest={{ vault_agent_root_dir }}/auth/token owner=root group=root mode=640
     - file: path={{ vault_agent_root_dir }}/auth/role_id state=absent
     - file: path={{ vault_agent_root_dir }}/auth/secret_id state=absent
-  when:
-    - vault_agent_auth == 'token'
-  tags: nomad
+  when: vault_agent_auth == 'token'
+  notify: restart vault-agent
+  tags: vault,consul,nomad
 
diff --git a/roles/vault_agent/templates/consul/agent_bundle.pem.tpl.j2 b/roles/vault_agent/templates/consul/agent_bundle.pem.tpl.j2
index d85c7e6..a029087 100644
--- a/roles/vault_agent/templates/consul/agent_bundle.pem.tpl.j2
+++ b/roles/vault_agent/templates/consul/agent_bundle.pem.tpl.j2
@@ -7,8 +7,7 @@
 [[ .CA | writeToFile "{{ consul_conf.tls.defaults.cert_file }}" "" "" "0644" "append,newline" ]]
 [[ .Key | writeToFile "{{ consul_conf.tls.defaults.key_file }}" "root" "{{ consul_user }}" "0640" ]]
 [[ end ]]
-{% else %}
+{% endif %}
 [[ with secret "{{ vault_agent_consul.consul_pki.path }}/cert/ca_chain" ]]
 [[ .Data.certificate | writeToFile "{{ consul_conf.tls.defaults.ca_file }}" "root" "{{ consul_user }}" "0644" ]]
 [[ end ]]
-{% endif %}