vault_create_namespace.yml

This tasks file will create the new namespaces for the organization to be added.
The "kv" secrets engine will be added to the namespace.

---
- name: Create_namespace
  ansible.builtin.uri:
    url: "{{ vault_url }}/v1/sys/namespaces/{{ sub_ns_name }}"
    method: POST
    headers:
      X-Vault-Token: "{{ vault_token }}"
      X-Vault-Namespace: "{{ main_ns_name }}"
      Content-type: "application/json"
    body_format: json
    body:
      path: "{{ sub_ns_name }}"
    timeout: 10
    validate_certs: false

- name: Debug
  ansible.builtin.debug:
    msg: "{{ sub_ns_name }} created"

- name: Ensure kv secret engine on level 2 namespace
  when: main_ns_name | length > 0
  block:
    - name: Check kv engine on namespace
      ansible.builtin.uri:
        url: "{{ vault_url }}/v1/sys/mounts/kv"
        method: GET
        headers:
          X-Vault-Token: "{{ vault_token }}"
          X-Vault-Namespace: "{{ main_ns_name }}/{{ sub_ns_name }}"
          Content-type: "application/json"
        body_format: json
        body:
          type: kv
          description: "KV secrets for {{ sub_ns_name }}"
          options:
            version: 2
          config:
            max_versions: 10
        timeout: 10
        validate_certs: false
        status_code: [200, 204]

  rescue:
    - name: Enable kv engine on namespace
      ansible.builtin.uri:
        url: "{{ vault_url }}/v1/sys/mounts/kv"
        method: POST
        headers:
          X-Vault-Token: "{{ vault_token }}"
          X-Vault-Namespace: "{{ main_ns_name }}/{{ sub_ns_name }}"
          Content-type: "application/json"
        body_format: json
        body:
          type: kv
          description: "KV secrets for {{ sub_ns_name }}"
          options:
            version: 2
          config:
            max_versions: 10
        timeout: 10
        validate_certs: false
        status_code: [200, 204]

- name: Ensure kv secret engine on level 1 namespace
  when: main_ns_name | length < 1
  block:
    - name: Check kv engine on level 1 namespace
      ansible.builtin.uri:
        url: "{{ vault_url }}/v1/sys/mounts/kv"
        method: GET
        headers:
          X-Vault-Token: "{{ vault_token }}"
          X-Vault-Namespace: "{{ main_ns_name }}/{{ sub_ns_name }}"
          Content-type: "application/json"
        body_format: json
        body:
          type: kv
          description: "KV secrets for {{ sub_ns_name }}"
          options:
            version: 2
          config:
            max_versions: 10
        timeout: 10
        validate_certs: false
        status_code: [200, 204]

  rescue:
    - name: Enable kv engine on level 1 namespace
      ansible.builtin.uri:
        url: "{{ vault_url }}/v1/sys/mounts/kv"
        method: POST
        headers:
          X-Vault-Token: "{{ vault_token }}"
          X-Vault-Namespace: "{{ main_ns_name }}/{{ sub_ns_name }}"
          Content-type: "application/json"
        body_format: json
        body:
          type: kv
          description: "KV secrets for {{ sub_ns_name }}"
          options:
            version: 2
          config:
            max_versions: 10
        timeout: 10
        validate_certs: false
        status_code: [200, 204]