cluster_name = "{{ vault_conf.cluster_name }}"

log_level = "{{ vault_conf.log_level }}"
log_format = "{{ vault_conf.log_format }}"

plugin_directory = "{{ vault_conf.plugin_directory }}"
plugin_file_uid = {{ vault_conf.plugin_file_uid }}

disable_mlock = {{ vault_conf.disable_mlock | ternary('true', 'false') }}

{% for listener in vault_conf.listeners %}
listener "tcp" {
  address = "{{ listener.address }}"
  cluster_address = "{{ listener.cluster_address }}"
  tls_cert_file = "{{ listener.tls_cert_file }}"
  tls_key_file = "{{ listener.tls_key_file }}"
{% if listener.x_forwarded_for_authorized_addrs | length > 0 %}
  x_forwarded_for_authorized_addrs = "{{ listener.x_forwarded_for_authorized_addrs | join(',') }}"
  x_forwarded_for_reject_not_present = {{ listener.x_forwarded_for_reject_not_present | ternary('true', 'false') }}
{% endif %}
}
{% endfor %}

api_addr = "{{ vault_conf.api_addr }}"
cluster_addr = "{{ vault_conf.cluster_addr }}"

storage "raft" {
  path = "{{ vault_conf.storage.raft.path }}"
  node_id = "{{ vault_conf.storage.raft.node_id }}"
  performance_multiplier = {{ vault_conf.storage.raft.performance_multiplier }}
{% if vault_conf.storage.raft.retry_join | length > 0 %}
{% for server in vault_conf.storage.raft.retry_join %}
  retry_join {
{% for key in server.keys() | list %}
    {{ key }} = "{{ server[key] }}"
{% endfor %}
  }
{% endfor %}
{% endif %}
}

{% if vault_conf.service_registration is defined %}
service_registration "consul" {
{% for key in ['address', 'service', 'token', 'tls_ca_file', 'tls_cert_file', 'tls_key_file'] %}
{% if vault_conf.service_registration[key] is defined %}
  {{ key }} = "{{ vault_conf.service_registration[key] }}"
{% endif %}
{% endfor %}
{% if vault_conf.service_registration.service_tags is defined %}
  service_tags = [
{% for tag in vault_conf.service_registration.service_tags %}
    "{{ tag }}",
{% endfor %}
  ]
{% endif %}
}
{% endif %}