Skip to content

Commit 1686cf4

Browse files
mlorenzofrmlorenzofr
committed
Add some extra validations to Vault JWT configuration
Signed-off-by: Manuel Lorenzo <[email protected]>
1 parent 52482e4 commit 1686cf4

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

roles/vault_utils/tasks/vault_jwt.yaml

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
retries: 20
1010
delay: 45
1111
changed_when: false
12-
failed_when: "'stdout_lines' not in vault_auth_json"
12+
failed_when: "'stdout_lines' not in vault_auth_json or vault_auth_json.stdout_lines | length == 0"
1313

1414
- name: Set vault auth output json fact
1515
ansible.builtin.set_fact:
@@ -79,6 +79,8 @@
7979
bash -e -c
8080
"echo -n | openssl s_client -connect {{ oidc_discovery_host }}:{{ oidc_discovery_port }} -servername {{ oidc_discovery_host }}
8181
| openssl x509 -outform PEM > /tmp/oidc-discovery-certificate.pem"
82+
retries: 10
83+
delay: 30
8284
when: not vault_auth_jwt or
8385
not jwt_discovery or
8486
not jwt_config_oidc_discovery_url == oidc_discovery_url or
@@ -93,6 +95,8 @@
9395
oidc_discovery_url={{ oidc_discovery_url }}
9496
default_role={{ default_role | default('default') }}
9597
oidc_discovery_ca_pem=@/tmp/oidc-discovery-certificate.pem
98+
retries: 10
99+
delay: 30
96100
when: not vault_auth_jwt or
97101
not jwt_discovery or
98102
not jwt_config_oidc_discovery_url == oidc_discovery_url or

0 commit comments

Comments
 (0)