Add all hashivault_unseal supported options

mnasiadka · mnasiadka · commit f503470101fe · 2022-09-26T18:58:19.000+02:00
diff --git a/roles/vault_unseal/README.md b/roles/vault_unseal/README.md
@@ -15,7 +15,19 @@ Role variables
 --------------
 
 * `vault_api_addr`: Vault [API addr](https://www.vaultproject.io/docs/configuration#api_addr) - Full URL including protocol and port (e.g. "http://127.0.0.1:8200"). In a Vault cluster, this should point to an individual Vault server, rather than a load balancer.
+* `vault_unseal_authtype`: authentication type
+* `vault_unseal_aws_header`: X-Vault-AWS-IAM-Server-ID Header value to prevent replay attacks
+* `vault_unseal_ca_cert`: Path to a PEM-encoded CA cert file to use to verify the Vault server TLS certificate
+* `vault_unseal_ca_path`: Path to a directory of PEM-encoded CA cert files to verify the Vault server TLS certificate. If `vault_unseal_ca_cert` is specified, its value will take precedence
+* `vault_unseal_client_cert`: Path to a PEM-encoded client certificate for TLS authentication to the Vault server
+* `vault_unseal_client_key`: Path to an unencrypted PEM-encoded private key matching the client certificate
 * `vault_unseal_keys`: List of unseal key shards.
+* `vault_unseal_login_mount_point`: Authentication mount point
+* `vault_unseal_namespace`: Namespace for Vault
+* `vault_unseal_password`: Password for Vault
+* `vault_unseal_token`: Token for Vault
+* `vault_unseal_username`: Username to login to Vault
+* `vault_unseal_verify`: If set, do not verify presented TLS certificate before communicating with Vault server.
 
 Example playbook
 ----------------
diff --git a/roles/vault_unseal/tasks/main.yml b/roles/vault_unseal/tasks/main.yml
@@ -1,5 +1,17 @@
 ---
 - name: Unseal Vault
   hashivault_unseal:
-    url: "{{ vault_api_addr }}"
+    authtype: "{{ vault_unseal_authtype | default(omit) }}"
+    aws_header: "{{ vault_unseal_aws_header | default(omit) }}"
+    ca_cert: "{{ vault_unseal_ca_cert | default(omit) }}"
+    ca_path: "{{ vault_unseal_ca_path | default(omit) }}"
+    client_cert: "{{ vault_unseal_client_cert | default(omit) }}"
+    client_key: "{{ vault_unseal_client_key | default(omit) }}"
     keys: "{{ vault_unseal_keys | join(' ') }}"
+    login_mount_point: "{{ vault_unseal_login_mount_point | default(omit) }}"
+    namespace: "{{ vault_unseal_namespace | default(omit) }}"
+    password: "{{ vault_unseal_password | default(omit) }}"
+    token: "{{ vault_unseal_token | default(omit) }}"
+    url: "{{ vault_api_addr }}"
+    username: "{{ vault_unseal_username | default(omit) }}"
+    verify: "{{ vault_unseal_verify | default(omit) }}"
