---
- name: Cilium | Check cilium_ipsec_enabled variables
  assert:
    that:
      - "cilium_ipsec_key is defined"
    msg: "cilium_ipsec_key should be defined to use cilium_ipsec_enabled"
  when:
    - cilium_ipsec_enabled
    - cilium_tunnel_mode in ['vxlan']

- name: Stop if bad Cilium identity allocation mode
  assert:
    that: cilium_identity_allocation_mode in ['crd', 'kvstore']
    msg: "cilium_identity_allocation_mode must be either 'crd' or 'kvstore'"