diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/authentication.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/authentication.yml index 46e458d..ef2dc9d 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/authentication.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/authentication.yml @@ -109,6 +109,7 @@ state: present kubeconfig: "{{ kubeconfig.path }}" vars: + _newline: "\n" _template: name: "{{ item.name }}" namespace: "{{ item.namespace }}" @@ -122,7 +123,7 @@ spec: |2 issuer: https://idps.{{ vapp['metacluster.fqdn'] }} tls: - certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ '\n' ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}" + certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ _newline ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}" authorizationConfig: additionalScopes: [offline_access, groups, email] allowPasswordGrant: false diff --git a/ansible/vars/workloadcluster.yml b/ansible/vars/workloadcluster.yml index 1d86914..6d5ba60 100644 --- a/ansible/vars/workloadcluster.yml +++ b/ansible/vars/workloadcluster.yml @@ -34,7 +34,7 @@ downstream: name: metacluster-sso spec: !unsafe |2 issuer: https://auth.{{ vapp['metacluster.fqdn'] }}/sso - audience: {{ vapp['workloadcluster.name'] | lower }} + audience: "{{ vapp['workloadcluster.name'] | lower }}" tls: certificateAuthorityData: "{{ (stepca_cm_certs.resources[0].data['intermediate_ca.crt'] ~ '\n' ~ stepca_cm_certs.resources[0].data['root_ca.crt']) | b64encode }}"