---

- name: Deploy main configuration
  template: src=vault-agent.hcl.j2 dest={{ vault_agent_root_dir }}/etc/vault-agent.hcl mode=0600
  notify: restart vault-agent
  tags: vault,consul,nomad

- name: Deploy Nomad and Consul configuration
  template: src={{ item }}/{{ item }}.hcl.j2 dest={{ vault_agent_root_dir }}/etc/{{ item }}.hcl
  loop:
    - nomad
    - consul
  notify: restart vault-agent
  tags: vault,consul,nomad

- name: Setup AppRole auth
  block:
    - copy: content={{ vault_agent_approle_role_id }} dest={{ vault_agent_root_dir }}/auth/role_id owner=root group=root mode=600
    - copy: content={{ vault_agent_approle_secret_id }} dest={{ vault_agent_root_dir }}/auth/secret_id owner=root group=root mode=600
    - file: path={{ vault_agent_root_dir }}/auth/token state=absent
  when: vault_agent_auth == 'approle'
  notify: restart vault-agent
  tags: vault,consul,nomad

- name: Setup Token auth
  block:
    - copy: content={{ vault_agent_token }} dest={{ vault_agent_root_dir }}/auth/token owner=root group=root mode=640
    - file: path={{ vault_agent_root_dir }}/auth/role_id state=absent
    - file: path={{ vault_agent_root_dir }}/auth/secret_id state=absent
  when: vault_agent_auth == 'token'
  notify: restart vault-agent
  tags: vault,consul,nomad