feat: add a way to upload license from variable (not file) (#378)

yzoug · web-flow · commit b8fffb330aeb · 2025-12-11T21:25:08.000+01:00
* feat: add task for uploading license from variable

* docs: delete repeated vault_pkg documentation

* docs: add vault_license_content variable documentation
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -402,8 +402,13 @@ vault_configure_enterprise_license: false
 # https://www.vaultproject.io/docs/configuration#license_path
 vault_license_path: "{{ vault_config_path }}/license.hclic"
 # Path to enterprise license on the Ansible controller (source file for upload)
-# Upload skipped when empty or undefined
+# Upload skipped when empty or undefined, if `vault_license_file` is also empty or undefined
+# Only used if `vault_configure_enterprise_license: true`
 vault_license_file: ""
+# Value of the enterprise license to use
+# Upload skipped when empty or undefined, if `vault_license_file` is also empty or undefined
+# Only used if `vault_configure_enterprise_license: true`
+vault_license_content: ""
 
 # -----------------
 # Vault plugins
diff --git a/role_variables.md b/role_variables.md
@@ -978,11 +978,6 @@ differences across distributions:
 - List of OS packages to install
 - Default value: list
 
-## `vault_pkg`
-
-- Vault package filename
-- Default value: `"{{ vault_version }}_linux_amd64.zip"`
-
 ## `vault_debian_url`
 
 - Vault package download URL
@@ -1101,7 +1096,7 @@ The role can configure HSM based instances. Make sure to reference the [HSM supp
 
 ## `vault_configure_enterprise_license`
 
-- Manage enterprise license file with this role. Set to `true` to use `vault_license_path` or `vault_license_file`.
+- Manage enterprise license file with this role. Set to `true` to use `vault_license_path`, and `vault_license_file` or `vault_license_content`.
 - Default value: false
 
 ## `vault_license_path`
@@ -1111,7 +1106,12 @@ The role can configure HSM based instances. Make sure to reference the [HSM supp
 
 ## `vault_license_file`
 
-- Path to enterprise license on the Ansible controller (source file for upload). Upload skipped when empty or undefined. Only used if `vault_configure_enterprise_license: true`.
+- Path to enterprise license on the Ansible controller (source file for upload). Upload skipped when empty or undefined, if `vault_license_content` is also empty or undefined. Only used if `vault_configure_enterprise_license: true`.
+- Default value: ""
+
+## `vault_license_content`
+
+- Value of the enterprise license to use. Upload skipped when empty or undefined, if `vault_license_file` is also empty or undefined. Only used if `vault_configure_enterprise_license: true`.
 - Default value: ""
 
 ## `vault_hsm_app`
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -209,6 +209,18 @@
     - vault_configure_enterprise_license | bool
     - vault_license_file | length > 0
 
+- name: Upload Vault license content to vault_license_path
+  become: true
+  copy:
+    content: "{{ vault_license_content }}"
+    dest: "{{ vault_license_path }}"
+    owner: "{{ vault_user }}"
+    group: "{{ vault_group }}"
+    mode: "{{ vault_harden_file_perms | ternary('0400', '0644') }}"
+  when:
+    - vault_configure_enterprise_license | bool
+    - vault_license_content | length > 0
+
 - name: "Set Exec output to log path when enabled log"
   ansible.builtin.set_fact:
     vault_exec_output: ">> {{ vault_log_path }}/vault.log 2>&1"
