cluster_name = "{{ vault_conf.cluster_name }}"

log_level = "{{ vault_conf.log_level }}"
log_format = "{{ vault_conf.log_format }}"

plugin_directory = "{{ vault_conf.plugin_directory }}"
plugin_file_uid = {{ vault_conf.plugin_file_uid }}

disable_mlock = {{ vault_conf.disable_mlock | ternary('true', 'false') }}

{% for listener in vault_conf.listeners %}
listener "tcp" {
  address = "{{ listener.address }}"
  cluster_address = "{{ listener.cluster_address }}"
  tls_cert_file = "{{ listener.tls_cert_file }}"
  tls_key_file = "{{ listener.tls_key_file }}"
{% if listener.x_forwarded_for_authorized_addrs | length > 0 %}
  x_forwarded_for_authorized_addrs = "{{ listener.x_forwarded_for_authorized_addrs | join(',') }}"
  x_forwarded_for_reject_not_present = {{ listener.x_forwarded_for_reject_not_present | ternary('true', 'false') }}
{% endif %}
{% if listener.telemetry.unauthenticated_metrics_access %}
  telemetry {
    unauthenticated_metrics_access = true
  }
{% endif %}
}
{% endfor %}

api_addr = "{{ vault_conf.api_addr }}"
cluster_addr = "{{ vault_conf.cluster_addr }}"

storage "raft" {
  path = "{{ vault_conf.storage.raft.path }}"
  node_id = "{{ vault_conf.storage.raft.node_id }}"
  performance_multiplier = {{ vault_conf.storage.raft.performance_multiplier }}
{% if vault_conf.storage.raft.retry_join | length > 0 %}
{% for server in vault_conf.storage.raft.retry_join %}
{% if server.leader_api_addr is defined and server.leader_api_addr != vault_conf.api_addr %}
  retry_join {
{% for key in server.keys() | list %}
    {{ key }} = "{{ server[key] }}"
{% endfor %}
  }
{% else %}
  # Skipping {{ server.leader_api_addr }} as it's ourself
{% endif %}
{% endfor %}
{% endif %}
}

{% if vault_conf.service_registration is defined %}
service_registration "consul" {
{% for key in ['address', 'service', 'token', 'tls_ca_file', 'tls_cert_file', 'tls_key_file'] %}
{% if vault_conf.service_registration[key] is defined %}
  {{ key }} = "{{ vault_conf.service_registration[key] }}"
{% endif %}
{% endfor %}
{% if vault_conf.service_registration.service_tags is defined %}
  service_tags = "{{ vault_conf.service_registration.service_tags | join(',') }}"
{% endif %}
}
{% endif %}

ui = {{ vault_conf.ui | ternary('true', 'false') }}

telemetry {
{% for key in ['prometheus_retention_time'] %}
  {{ key }} = "{{ vault_conf.telemetry[key] }}"
{% endfor %}
{% for key in ['disable_hostname', 'enable_hostname_label'] %}
  {{ key }} = {{ vault_conf.telemetry[key] | ternary('true', 'false') }}
{% endfor %}
}