diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1f82c4c9..308292dc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,3 +19,5 @@ jobs: puppet: name: Puppet uses: voxpupuli/gha-puppet/.github/workflows/beaker.yml@v2 + with: + beaker_facter: 'vault_version:Vault:1.12.0' diff --git a/.sync.yml b/.sync.yml index 0ef4198f..ebe1c475 100644 --- a/.sync.yml +++ b/.sync.yml @@ -11,3 +11,6 @@ spec/spec_helper_acceptance.rb: .puppet-lint.rc: enabled_lint_checks: - parameter_documentation +.github/workflows/ci.yml: + with: + beaker_facter: 'vault_version:Vault:1.12.0' diff --git a/lib/facter/vault_version.rb b/lib/facter/vault_version.rb new file mode 100644 index 00000000..24008e65 --- /dev/null +++ b/lib/facter/vault_version.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +# Fact: vault_version +# +# Purpose: Retrieve vault version if installed +# +Facter.add(:vault_version) do + confine { Facter::Util::Resolution.which('vault') } + setcode do + vault_server_version_output = Facter::Util::Resolution.exec('vault version') + match = vault_server_version_output.match(%r{Vault v(\d+\.\d+\.\d+)}) + match&.captures&.first + end +end diff --git a/manifests/install.pp b/manifests/install.pp index c1a99e17..9d49d35d 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -19,7 +19,13 @@ extract_path => $vault::bin_dir, source => $vault::real_download_url, cleanup => true, - creates => $vault_bin, + creates => $facts['vault_version'] ? { # lint:ignore:selector_inside_resource + undef => $vault_bin, + default => versioncmp($vault::version, $facts['vault_version']) > 0 ? { + true => undef, + default => $vault_bin + } + }, before => File['vault_binary'], } diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 2147a5d8..ded93f16 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -82,6 +82,46 @@ class { 'file_capability': describe port(8200) do it { is_expected.to be_listening.on('127.0.0.1').with('tcp') } end + + describe command('/usr/local/bin/vault version') do + its(:exit_status) { is_expected.to eq 0 } + its(:stdout) { is_expected.to match %r{Vault v1.12.0} } + end + end + + context 'default parameters with vesion higher than fact' do + let(:manifest) do + <<-PUPPET + if $facts['os']['name'] == 'Archlinux' { + class { 'file_capability': + package_name => 'libcap', + } + } else { + include file_capability + } + package { 'unzip': ensure => present } + -> class { 'vault': + storage => { + file => { + path => '/tmp', + } + }, + bin_dir => '/usr/local/bin', + install_method => 'archive', + version => '1.12.1', + require => Class['file_capability'], + } + PUPPET + end + + it 'will not be idempotent and cause changes' do + apply_manifest(manifest, expect_changes: true) + end + + describe command('/usr/local/bin/vault version') do + its(:exit_status) { is_expected.to eq 0 } + its(:stdout) { is_expected.to match %r{Vault v1.12.1} } + end end context 'with package based setup' do