From 631ebbd7e45bef563a24eb21fb451ec83da6d7a9 Mon Sep 17 00:00:00 2001
From: Jack Hodgkiss <identity@jackhodgkiss.uk>
Date: Sat, 7 Jun 2025 22:01:12 +0100
Subject: [PATCH] feat: add support for setting`leader_ca_cert_file`

---
 roles/openbao/defaults/main.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/roles/openbao/defaults/main.yml b/roles/openbao/defaults/main.yml
index 0ad128c..f12bf51 100644
--- a/roles/openbao/defaults/main.yml
+++ b/roles/openbao/defaults/main.yml
@@ -13,6 +13,7 @@ openbao_cluster_name: ""
 
 openbao_tls_key: ""
 openbao_tls_cert: ""
+openbao_tls_ca: ""
 
 openbao_protocol: "{{ 'https' if openbao_tls_key and openbao_tls_cert else 'http' }}"
 
@@ -59,7 +60,9 @@ openbao_config: >
         "path": "/openbao/file",
         {% if openbao_raft_leaders | length > 0 %}
         "retry_join": {
-          "leader_api_addr": "{{ openbao_protocol }}://{{ openbao_raft_leaders | first }}:{{ openbao_api_port }}"
+          "leader_api_addr": "{{ openbao_protocol }}://{{ openbao_raft_leaders | first }}:{{ openbao_api_port }}"{% if openbao_tls_ca %},
+          "leader_ca_cert_file": "/openbao/config/{{ openbao_tls_ca }}"
+          {% endif %}
         }
         {% endif %}
       }