Fixing alt_names for vault cert generation

roles/vault/defaults/main.yml

@@ -84,11 +84,7 @@ vault_ca_options:
     format: pem
     ttl: "{{ vault_max_lease_ttl }}"
     exclude_cn_from_sans: true
-    alt_names:
+    alt_names: "vault.{{ system_namespace }}.svc.{{ dns_domain }},vault.{{ system_namespace }}.svc,vault.{{ system_namespace }},vault"
-      - "vault.{{ system_namespace }}.svc.{{ dns_domain }}"
-      - "vault.{{ system_namespace }}.svc"
-      - "vault.{{ system_namespace }}"
-      - "vault"
   etcd:
     common_name: etcd
     format: pem

roles/vault/tasks/bootstrap/gen_vault_certs.yml

@@ -2,7 +2,7 @@
 - include: ../shared/issue_cert.yml
   vars:
     issue_cert_common_name: "{{ vault_pki_mounts.vault.roles[0].name }}"
-    issue_cert_alt_names: "{{ groups['vault'] + ['localhost'] + vault_ca_options.vault.alt_names|default() | join(',') }}"
+    issue_cert_alt_names: "{{ groups['vault'] + ['localhost'] + (vault_ca_options['vault']['alt_names'].split(','))|default() }}"
     issue_cert_hosts: "{{ groups['vault'] }}"
     issue_cert_ip_sans: >-
         [