Fixes pull-requests for #22, #21, and #11.

sous-chefs · Sep 28, 2015 · 72d4130 · jeffbyrnes · Sep 29, 2015 · jeffbyrnes
1 parent 64d2f3a
commit 72d4130
Show file tree

Hide file tree

Showing 16 changed files with 48 additions and 43 deletions.
diff --git a/.kitchen.yml b/.kitchen.yml
@@ -15,7 +15,6 @@ suites:
   - name: default
     run_list:
       - recipe[hashicorp-vault::default]
-
   - name: no_cert_mgmt
     run_list:
       - recipe[hashicorp-vault::default]

diff --git a/.rspec b/.rspec
@@ -1 +1,2 @@
+--color
 --default-path test/spec
diff --git a/Berksfile b/Berksfile
@@ -1,5 +1,3 @@
 source 'https://supermarket.chef.io'
-
+cookbook 'chef-vault', git: 'https://github.com/chef-cookbooks/chef-vault'
 metadata
-
-cookbook 'chef-vault', github: 'chef-cookbooks/chef-vault', ref: '902a089'
diff --git a/Gemfile b/Gemfile
@@ -1,5 +1,4 @@
 source 'https://rubygems.org'
-
 gem 'chef-vault', '~> 2.6'
 gem 'poise', '~> 2.0'
 gem 'poise-service', '~> 1.0'

diff --git a/Policyfile.rb b/Policyfile.rb
@@ -2,3 +2,4 @@
 run_list 'vault::default'
 default_source :community
 cookbook 'vault', path: '.'
+cookbook 'chef-vault', git: 'https://github.com/chef-cookbooks/chef-vault'
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@
 
 [Application cookbook][0] for installing and configuring [Hashicorp Vault][1].
 
-Vault is a tool, which when used properly, manages secure access to
+Vault is a tool, which when used properly, manages secure manage to
 secrets for your infrastructure.
 
 ## Basic Usage
@@ -32,8 +32,15 @@ cluster. We provide an example [Vault Cluster cookbook][3] which
 utilizes our [Consul cookbook][4] for a highly-available storage
 solution for the cluster.
 
+### Chef Vault cookbook
+It is very important to note that this cookbook requires an unreleased
+version of the [Chef Vault cookbook][5]. This version adds support for
+several helpers including the `chef_vault_item` which is used for
+managing SSL certificates.
+
 [0]: http://blog.vialstudios.com/the-environment-cookbook-pattern/#thelibrarycookbook
 [1]: https://www.vaultproject.io
 [2]: http://blog.vialstudios.com/the-environment-cookbook-pattern/#thewrappercookbook
 [3]: https://github.com/johnbellone/vault-cluster-cookbook
 [4]: https://github.com/johnbellone/consul-cookbook
+[5]: https://github.com/chef-cookbooks/chef-vault
diff --git a/attributes/default.rb b/attributes/default.rb
@@ -2,7 +2,7 @@
 # Cookbook: hashicorp-vault-cookbook
 # License: Apache 2.0
 #
-# Copyright (C) 2015 Bloomberg Finance L.P.
+# Copyright 2015, Bloomberg Finance L.P.
 #
 default['vault']['service_name'] = 'vault'
 default['vault']['service_user'] = 'vault'
@@ -11,11 +11,10 @@
 default['vault']['bag_name'] = 'secrets'
 default['vault']['bag_item'] = 'vault'
 
-default['vault']['version'] = '0.2.0'
+default['vault']['version'] = '0.3.0'
 
 default['vault']['config']['path'] = '/home/vault/.vault.json'
 default['vault']['config']['address'] = '127.0.0.1:8200'
-# Chef-vault required for certificate management
 default['vault']['config']['manage_certificate'] = true
 default['vault']['config']['tls_cert_file'] = '/etc/vault/ssl/certs/vault.crt'
 default['vault']['config']['tls_key_file'] = '/etc/vault/ssl/private/vault.key'
@@ -39,5 +38,12 @@
   '0.2.0_linux_amd64' => 'b4b64fcea765ebfc7cdbae9cdd2c32bff130ca51f15b9cf47194f112fd5515cf',
   '0.2.0_linux_arm' => '883414010c26104889505aee69b461d1ca9378725dd2c7caafdcd1bba2d9c039',
   '0.2.0_windows_386' => '64aa7893678ae047c61021c97499feb20f924e51f65e9b7ea257cc17355182ec',
-  '0.2.0_windows_amd64' => '1905354ad1652a8bd33c23f546b9df0e22b2c20a157c28545ff20b3cd74ea9e9'
+  '0.2.0_windows_amd64' => '1905354ad1652a8bd33c23f546b9df0e22b2c20a157c28545ff20b3cd74ea9e9',
+  '0.3.0_darwin_386' => 'c0410040c6b26bdcdb619ab5b32c195b92c968dccb7d9c9aa96127a5614ad0f6',
+  '0.3.0_darwin_amd64' => 'f6c7a30671a90df09d39197262e019a7dd7ad36a68d2f5895080b899aa81fc58',
+  '0.3.0_linux_386' => '3f25189efd210d0fcbcaf4796389d7cf04b86c670a68909adef41d75a52b117f',
+  '0.3.0_linux_amd64' => '30b8953e98059d1e8d97f6a164aa574a346a58caf9c5c74a911056f42fbef4d5',
+  '0.3.0_linux_arm' => 'c57623ee3ba311451c5b8cc7cc1893e06ed38d19279390de784bf833d63e0bdb',
+  '0.3.0_windows_386' => '6151401f56a09188e958d3af8d99d58e6ea2984117b13998d57c245faed936e3',
+  '0.3.0_windows_amd64' => '012f79bb190817075d15a714e92fdb6fa26c638c46c4e9587143f5f69a2f3e0e',
 }
diff --git a/libraries/vault_config.rb b/libraries/vault_config.rb
@@ -2,7 +2,7 @@
 # Cookbook: hashicorp-vault-cookbook
 # License: Apache 2.0
 #
-# Copyright (C) 2015 Bloomberg Finance L.P.
+# Copyright 2015, Bloomberg Finance L.P.
 #
 require 'poise'
 
@@ -67,31 +67,20 @@ def to_json
           if new_resource.tls?
             include_recipe 'chef-vault::default'
 
-            directory ::File.dirname(new_resource.tls_cert_file) do
-              recursive true
-              owner 'root'
-              group new_resource.group
-              mode '0755'
+            [new_resource.tls_cert_file, new_resource.tls_key_file].each do |dirname|
+              directory ::File.dirname(dirname) do
+                recursive true
+              end
             end
 
-            item = chef_vault_item(
-              new_resource.bag_name,
-              new_resource.bag_item
-            )
+            item = chef_vault_item(new_resource.bag_name, new_resource.bag_item)
             file new_resource.tls_cert_file do
               content item['certificate']
               mode '0644'
               owner new_resource.owner
               group new_resource.group
             end
 
-            directory ::File.dirname(new_resource.tls_key_file) do
-              recursive true
-              mode '0750'
-              owner 'root'
-              group new_resource.group
-            end
-
             file new_resource.tls_key_file do
               sensitive true
               content item['private_key']

diff --git a/libraries/vault_service.rb b/libraries/vault_service.rb
@@ -2,7 +2,7 @@
 # Cookbook: hashicorp-vault-cookbook
 # License: Apache 2.0
 #
-# Copyright (C) 2015 Bloomberg Finance L.P.
+# Copyright 2015, Bloomberg Finance L.P.
 #
 require 'poise_service/service_mixin'
 
@@ -56,7 +56,7 @@ class VaultService < Chef::Resource
       attribute(:source_url, kind_of: String)
 
       def command
-        "vault server -config=#{config_path}"
+        "/usr/local/bin/vault server -config=#{config_path}"
       end
 
       def binary_checksum
@@ -82,6 +82,7 @@ def action_enable
         notifying_block do
           package new_resource.package_name do
             version new_resource.version unless new_resource.version.nil?
+            action :upgrade
             only_if { new_resource.install_method == 'package' }
           end
 

diff --git a/metadata.rb b/metadata.rb
@@ -4,7 +4,7 @@
 license 'Apache 2.0'
 description 'Application cookbook for installing and configuring Vault.'
 long_description 'Application cookbook for installing and configuring Vault.'
-version '1.3.1'
+version '1.4.0'
 
 supports 'ubuntu', '>= 12.04'
 supports 'redhat', '>= 6.4'
@@ -15,4 +15,3 @@
 depends 'libartifact', '~> 1.3'
 depends 'poise', '~> 2.2'
 depends 'poise-service', '~> 1.0'
-depends 'selinux', '~> 0.9'
diff --git a/recipes/default.rb b/recipes/default.rb
@@ -2,10 +2,8 @@
 # Cookbook: hashicorp-vault-cookbook
 # License: Apache 2.0
 #
-# Copyright (C) 2015 Bloomberg Finance L.P.
+# Copyright 2015, Bloomberg Finance L.P.
 #
-include_recipe 'selinux::disabled'
-
 poise_service_user node['vault']['service_user'] do
   group node['vault']['service_group']
 end

diff --git a/test/integration/default/serverspec/default_spec.rb b/test/integration/default/serverspec/default_spec.rb
@@ -1,8 +1,13 @@
 require 'spec_helper'
 
-describe command('which vault') do
-  its(:exit_status) { is_expected.to eq 0 }
-  its(:stdout) { is_expected.to match '/usr/local/bin/vault' }
+describe file('/srv/vault/current/vault') do
+  it { should be_file }
+  it { should be_executable }
+end
+
+describe file('/usr/local/bin/vault') do
+  it { should be_symlink }
+  it { should be_linked_to '/srv/vault/current/vault' }
 end
 
 describe group('vault') do

diff --git a/test/integration/helpers/serverspec/spec_helper.rb b/test/integration/helpers/serverspec/spec_helper.rb
@@ -1,3 +1,2 @@
 require 'serverspec'
-
 set :backend, :exec
diff --git a/test/spec/libraries/vault_config_spec.rb b/test/spec/libraries/vault_config_spec.rb
@@ -1,3 +1,4 @@
+require 'spec_helper'
 require 'poise_boiler/spec_helper'
 require_relative '../../../libraries/vault_config'
 
@@ -6,12 +7,13 @@
   before do
     recipe = double('Chef::Recipe')
     allow_any_instance_of(Chef::RunContext).to receive(:include_recipe).and_return([recipe])
+    allow_any_instance_of(Chef::Resource).to receive(:chef_vault_item) { { 'ca_certificate' => 'foo', 'certificate' => 'bar', 'private_key' => 'baz' }  }
     allow_any_instance_of(Chef::Provider).to receive(:chef_vault_item) { { 'ca_certificate' => 'foo', 'certificate' => 'bar', 'private_key' => 'baz' }  }
   end
 
   context '#action_create' do
     recipe do
-      vault_config '/etc/vault/vault.json' do
+      vault_config '/etc/vault/.vault.json' do
         tls_key_file '/etc/vault/ssl/private/vault.key'
         tls_cert_file '/etc/vault/ssl/certs/vault.crt'
       end
@@ -24,6 +26,6 @@
     it { is_expected.to render_file('/etc/vault/ssl/private/vault.key').with_content('baz') }
 
     it { is_expected.to create_directory('/etc/vault') }
-    it { is_expected.to render_file('/etc/vault/vault.json') }
+    it { is_expected.to render_file('/etc/vault/.vault.json') }
   end
 end
diff --git a/test/spec/recipes/default_spec.rb b/test/spec/recipes/default_spec.rb
@@ -1,6 +1,4 @@
-require 'chefspec'
-require 'chefspec/berkshelf'
-require 'chefspec/cacher'
+require 'spec_helper'
 
 describe 'hashicorp-vault::default' do
   before do

diff --git a/test/spec/spec_helper.rb b/test/spec/spec_helper.rb
@@ -0,0 +1,3 @@
+require 'chefspec'
+require 'chefspec/berkshelf'
+require 'chefspec/cacher'