From 4b587aaf99465b8a73147b62848502dd81da998f Mon Sep 17 00:00:00 2001
From: Brad Beam <bradbeam@users.noreply.github.com>
Date: Thu, 14 Sep 2017 01:19:44 -0500
Subject: [PATCH] Adding ability to specify altnames for vault cert (#1640)

---
 roles/vault/defaults/main.yml                   | 5 +++++
 roles/vault/tasks/bootstrap/gen_vault_certs.yml | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/roles/vault/defaults/main.yml b/roles/vault/defaults/main.yml
index 8916d4b3a..2bbb0b9a2 100644
--- a/roles/vault/defaults/main.yml
+++ b/roles/vault/defaults/main.yml
@@ -83,6 +83,11 @@ vault_ca_options:
     format: pem
     ttl: "{{ vault_max_lease_ttl }}"
     exclude_cn_from_sans: true
+    altnames:
+      - "vault.{{ system_namespace }}.svc.{{ dns_domain }}"
+      - "vault.{{ system_namespace }}.svc"
+      - "vault.{{ system_namespace }}"
+      - "vault"
   etcd:
     common_name: etcd
     format: pem
diff --git a/roles/vault/tasks/bootstrap/gen_vault_certs.yml b/roles/vault/tasks/bootstrap/gen_vault_certs.yml
index ce4538571..8a82e5b6f 100644
--- a/roles/vault/tasks/bootstrap/gen_vault_certs.yml
+++ b/roles/vault/tasks/bootstrap/gen_vault_certs.yml
@@ -2,7 +2,7 @@
 - include: ../shared/issue_cert.yml
   vars:
     issue_cert_common_name: "{{ vault_pki_mounts.vault.roles[0].name }}"
-    issue_cert_alt_names: "{{ groups.vault + ['localhost'] }}"
+    issue_cert_alt_names: "{{ groups.vault + ['localhost'] + vault_ca_options.vault.altnames|default() }}"
     issue_cert_hosts: "{{ groups.vault }}"
     issue_cert_ip_sans: >-
         [
-- 
GitLab