From 4a7506e1c2732e8e5d04abfa2e78d713792c580e Mon Sep 17 00:00:00 2001 From: Mihmet Akpinar Date: Wed, 5 Jun 2024 08:53:30 +0200 Subject: [PATCH] (#29) Ensure vault is updated when version changes This PR fixes the issue that version is not updated on parameter change. This is due the nature of creates parameter in archive. This PR is creating a fact of vaults version and compares it against the parameter. If parameter is newer it will download the archive and extract it. This will not reboot vault server. Please be aware to restart vault server, so vault sources the new binary. Fixes #29 Cherry-picked and rebased from https://github.com/voxpupuli/puppet-vault/pull/52 --- .github/workflows/ci.yml | 2 ++ .sync.yml | 3 +++ lib/facter/vault_version.rb | 14 ++++++++++++ manifests/install.pp | 8 ++++++- spec/acceptance/class_spec.rb | 40 +++++++++++++++++++++++++++++++++++ 5 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 lib/facter/vault_version.rb diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1f82c4c9..308292dc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,3 +19,5 @@ jobs: puppet: name: Puppet uses: voxpupuli/gha-puppet/.github/workflows/beaker.yml@v2 + with: + beaker_facter: 'vault_version:Vault:1.12.0' diff --git a/.sync.yml b/.sync.yml index 0ef4198f..ebe1c475 100644 --- a/.sync.yml +++ b/.sync.yml @@ -11,3 +11,6 @@ spec/spec_helper_acceptance.rb: .puppet-lint.rc: enabled_lint_checks: - parameter_documentation +.github/workflows/ci.yml: + with: + beaker_facter: 'vault_version:Vault:1.12.0' diff --git a/lib/facter/vault_version.rb b/lib/facter/vault_version.rb new file mode 100644 index 00000000..24008e65 --- /dev/null +++ b/lib/facter/vault_version.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +# Fact: vault_version +# +# Purpose: Retrieve vault version if installed +# +Facter.add(:vault_version) do + confine { Facter::Util::Resolution.which('vault') } + setcode do + vault_server_version_output = Facter::Util::Resolution.exec('vault version') + match = vault_server_version_output.match(%r{Vault v(\d+\.\d+\.\d+)}) + match&.captures&.first + end +end diff --git a/manifests/install.pp b/manifests/install.pp index c1a99e17..9d49d35d 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -19,7 +19,13 @@ extract_path => $vault::bin_dir, source => $vault::real_download_url, cleanup => true, - creates => $vault_bin, + creates => $facts['vault_version'] ? { # lint:ignore:selector_inside_resource + undef => $vault_bin, + default => versioncmp($vault::version, $facts['vault_version']) > 0 ? { + true => undef, + default => $vault_bin + } + }, before => File['vault_binary'], } diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 2147a5d8..ded93f16 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -82,6 +82,46 @@ class { 'file_capability': describe port(8200) do it { is_expected.to be_listening.on('127.0.0.1').with('tcp') } end + + describe command('/usr/local/bin/vault version') do + its(:exit_status) { is_expected.to eq 0 } + its(:stdout) { is_expected.to match %r{Vault v1.12.0} } + end + end + + context 'default parameters with vesion higher than fact' do + let(:manifest) do + <<-PUPPET + if $facts['os']['name'] == 'Archlinux' { + class { 'file_capability': + package_name => 'libcap', + } + } else { + include file_capability + } + package { 'unzip': ensure => present } + -> class { 'vault': + storage => { + file => { + path => '/tmp', + } + }, + bin_dir => '/usr/local/bin', + install_method => 'archive', + version => '1.12.1', + require => Class['file_capability'], + } + PUPPET + end + + it 'will not be idempotent and cause changes' do + apply_manifest(manifest, expect_changes: true) + end + + describe command('/usr/local/bin/vault version') do + its(:exit_status) { is_expected.to eq 0 } + its(:stdout) { is_expected.to match %r{Vault v1.12.1} } + end end context 'with package based setup' do