From d3850a4da5693c2be13a1c1ea81308de96dedab6 Mon Sep 17 00:00:00 2001
From: Brad Beam <brad.beam@b-rad.info>
Date: Mon, 11 Dec 2017 17:28:18 -0600
Subject: [PATCH] Fixing alt_names for vault cert generation

---
 roles/vault/defaults/main.yml                   | 6 +-----
 roles/vault/tasks/bootstrap/gen_vault_certs.yml | 2 +-
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/roles/vault/defaults/main.yml b/roles/vault/defaults/main.yml
index 1f4a78b37..b3758bef4 100644
--- a/roles/vault/defaults/main.yml
+++ b/roles/vault/defaults/main.yml
@@ -84,11 +84,7 @@ vault_ca_options:
     format: pem
     ttl: "{{ vault_max_lease_ttl }}"
     exclude_cn_from_sans: true
-    alt_names:
-      - "vault.{{ system_namespace }}.svc.{{ dns_domain }}"
-      - "vault.{{ system_namespace }}.svc"
-      - "vault.{{ system_namespace }}"
-      - "vault"
+    alt_names: "vault.{{ system_namespace }}.svc.{{ dns_domain }},vault.{{ system_namespace }}.svc,vault.{{ system_namespace }},vault"
   etcd:
     common_name: etcd
     format: pem
diff --git a/roles/vault/tasks/bootstrap/gen_vault_certs.yml b/roles/vault/tasks/bootstrap/gen_vault_certs.yml
index 57397901a..b13692855 100644
--- a/roles/vault/tasks/bootstrap/gen_vault_certs.yml
+++ b/roles/vault/tasks/bootstrap/gen_vault_certs.yml
@@ -2,7 +2,7 @@
 - include: ../shared/issue_cert.yml
   vars:
     issue_cert_common_name: "{{ vault_pki_mounts.vault.roles[0].name }}"
-    issue_cert_alt_names: "{{ groups['vault'] + ['localhost'] + vault_ca_options.vault.alt_names|default() | join(',') }}"
+    issue_cert_alt_names: "{{ groups['vault'] + ['localhost'] + (vault_ca_options['vault']['alt_names'].split(','))|default() }}"
     issue_cert_hosts: "{{ groups['vault'] }}"
     issue_cert_ip_sans: >-
         [