From ab73936ae3353137118a9076f2401ce0fe6fd5f8 Mon Sep 17 00:00:00 2001
From: Trevor Robinson <trobinson@affinipay.com>
Date: Fri, 19 Aug 2016 14:31:10 -0500
Subject: [PATCH] Add copy of TLS listener cert and key files

---
 defaults/main.yml |  2 ++
 tasks/main.yml    | 22 ++++++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index 71a0bcf..43bfaf8 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -50,7 +50,9 @@ vault_backend_file_path: ''
 vault_listener_tcp_address: "127.0.0.1:8200"
 vault_listener_tcp_tls_disable: true
 vault_listener_tcp_tls_cert_file: ''
+vault_listener_tcp_tls_cert_local_file: ''
 vault_listener_tcp_tls_key_file: ''
+vault_listener_tcp_tls_key_local_file: ''
 vault_listener_tcp_tls_min_version: tls12
 
 vault_telemetry_statsite_address: ''
diff --git a/tasks/main.yml b/tasks/main.yml
index 873e6f0..4fe7324 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -118,6 +118,28 @@
   notify: restart vault
   tags: vault
 
+- name: Copy Vault TLS certificate
+  copy: >
+    dest="{{ vault_listener_tcp_tls_cert_file }}"
+    src="{{ vault_listener_tcp_tls_cert_local_file }}"
+    owner={{ vault_user }}
+    group={{ vault_group }}
+    mode=0644
+  notify: restart vault
+  when: vault_listener_tcp_tls_cert_file and vault_listener_tcp_tls_cert_local_file
+  tags: vault
+
+- name: Copy Vault TLS key
+  copy: >
+    dest="{{ vault_listener_tcp_tls_key_file }}"
+    src="{{ vault_listener_tcp_tls_key_local_file }}"
+    owner={{ vault_user }}
+    group={{ vault_group }}
+    mode=0600
+  notify: restart vault
+  when: vault_listener_tcp_tls_key_file and vault_listener_tcp_tls_key_local_file
+  tags: vault
+
 - name: Give vault access to mlock syscall
   capabilities: >
     path={{ vault_install_dir }}/vault