fix(everything): review comments & tests

.kitchen.yml

@@ -42,7 +42,7 @@ suites:
       state_top:
         base:
           '*':
-            - vault
+            - vault.package
       pillars:
         top.sls:
           base:
@@ -52,7 +52,7 @@ suites:
           vault:
 #            version: 0.11.1    # test upgrades by doing a double-converge, changing the version pillar between each one
             version: 0.11.2
-            secure_download: false
+            verify_download: False
 
   - name: dev_server
     provisioner:
@@ -83,7 +83,7 @@ suites:
           vault:
             tls_disable: 1
             self_signed_cert:
-              enabled: true
+              enabled: True
               hostname: localhost
               password: localhost
               country: GB

test/integration/dev_server/vault_spec.rb

@@ -20,7 +20,7 @@
   it { should be_running }
 end
 
-describe file("/etc/vault/config/server.hcl") do
+describe file("/etc/vault/conf.d/config.json") do
   it { should_not be_a_file }
 end
 

test/integration/install_binary/vault_spec.rb

@@ -15,6 +15,6 @@
   it { should_not be_running }
 end
 
-describe file("/etc/vault/config/server.hcl") do
+describe file("/etc/vault/conf.d/config.json") do
   it { should_not be_a_file }
 end

test/integration/prod_server/vault_spec.rb

@@ -10,7 +10,7 @@
   its(:stdout) { should match(/\/vault = cap_ipc_lock\+ep$/) }
 end
 
-describe file('/etc/vault/config/server.hcl') do
+describe file('/etc/vault/conf.d/config.json') do
   it { should be_a_file }
 end
 

vault/config/config.sls

@@ -0,0 +1,15 @@
+# -*- coding: utf-8 -*-
+# vim: ft=sls syntax=yaml softtabstop=2 tabstop=2 shiftwidth=2 expandtab autoindent
+
+{% from "vault/map.jinja" import vault with context -%}
+
+vault-config-init-file-serialize:
+  file.serialize:
+    - name: /etc/vault/conf.d/config.json
+    - encoding: utf-8
+    - formatter: json
+    - dataset: {{ vault.config | json }}
+    - user: root
+    - group: vault
+    - mode: 640
+    - makedirs: True

vault/config/init.sls

@@ -1,17 +1,10 @@
 # -*- coding: utf-8 -*-
 # vim: ft=sls syntax=yaml softtabstop=2 tabstop=2 shiftwidth=2 expandtab autoindent
 
-{% from "vault/map.jinja" import vault with context -%}
+{% from "vault/map.jinja" import vault with context %}
 
-vault-config-init-file-serialize:
-  file.serialize:
-    - name: /etc/vault/conf.d/config.json
-    - encoding: utf-8
-    - formatter: json
-    - dataset: {{ vault.config | json }}
-    - user: root
-    - group: vault
-    - mode: 640
-    - makedirs: True
-    - watch_in:
-      - service: vault
+include:
+  - .config
+  {%- if vault.self_signed_cert.enabled %}
+  - .self-sign
+  {%- endif %}

vault/config/self-sign.sls

@@ -0,0 +1,16 @@
+# -*- coding: utf-8 -*-
+# vim: ft=sls syntax=yaml softtabstop=2 tabstop=2 shiftwidth=2 expandtab autoindent
+
+{% from "vault/map.jinja" import vault with context -%}
+
+vault-config-self-signed-pkg-installed:
+  pkg.installed:
+    - name: openssl
+
+vault-config-self-signed-cmd-script:
+  cmd.script:
+    - source: salt://vault/files/cert-gen.sh.j2
+    - template: jinja
+    - args: {{ vault.self_signed_cert.hostname }} {{ vault.self_signed_cert.password }}
+    - cwd: /etc/vault
+    - creates: /etc/vault/{{ vault.self_signed_cert.hostname }}.pem

vault/yaml/defaults.yaml → vault/defaults.yaml

@@ -6,6 +6,8 @@ vault:
   platform: linux_amd64
   dev_mode: False
   verify_download: True
+  self_signed_cert:
+    enabled: False
   config:
     storage:
       file:

vault/map.jinja

@@ -1,9 +1,9 @@
 # -*- coding: utf-8 -*-
 # vim: ft=sls syntax=yaml softtabstop=2 tabstop=2 shiftwidth=2 expandtab autoindent
 
-{% import_yaml "vault/yaml/defaults.yaml" as defaults %}
-{% import_yaml "vault/yaml/osfamilymap.yaml" as osfamilymap %}
-{% import_yaml "vault/yaml/initfamilymap.yaml" as initfamilymap %}
+{% import_yaml "vault/defaults.yaml" as defaults %}
+{% import_yaml "vault/osfamilymap.yaml" as osfamilymap %}
+{% import_yaml "vault/initfamilymap.yaml" as initfamilymap %}
 
 {% set vault = salt['grains.filter_by'](
   defaults, merge=salt['grains.filter_by'](

vault/package/init.sls

@@ -5,7 +5,7 @@
 
 include:
   - .install
-{%- if vault.verify_download %}
+  {%- if vault.verify_download %}
   - .gpg
   - .signature
-{%- endif %}
+  {%- endif %}

vault/service/clean.sls

@@ -1,11 +1,13 @@
 # -*- coding: utf-8 -*-
 # vim: ft=sls syntax=yaml softtabstop=2 tabstop=2 shiftwidth=2 expandtab autoindent
 
+{% from "vault/map.jinja" import vault with context %}
+
 vault-service-clean-service-dead:
   service.dead:
     - name: vault
     - enable: False
 
 vault-service-clean-file-absent:
   file.absent:
-    - name: /etc/systemd/system/vault.service
+    - name: {{ vault.service.path }}

vault/service/init.sls

@@ -8,8 +8,6 @@ vault-service-init-file-managed:
     - name: {{ vault.service.path }}
     - source: {{ vault.service.source }}
     - template: jinja
-    - watch_in:
-      - service: vault
 
 vault-service-init-service-running:
   service.running: