diff --git a/manifests/config.pp b/manifests/config.pp index 78141aa..19688e6 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -41,7 +41,7 @@ 'listener' => $vault::agent_listeners, 'template' => $vault::agent_template, 'template_config' => $vault::agent_template_config, - 'exec' => $vault::exec, + 'exec' => $vault::agent_exec, 'env_template' => $vault::agent_env_template, 'telemetry' => $vault::agent_telemetry, }) diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index ded93f1..0ce0efe 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -156,4 +156,51 @@ class { 'vault': it { is_expected.to be_listening.on('127.0.0.1').with('tcp') } end end + + context 'vault class with agent configuration' do + let(:manifest) do + <<-PUPPET + class { 'vault': + mode => 'agent', + agent_vault => { 'address' => 'https://vault.example.com:8200' }, + agent_auto_auth => { + 'method' => [{ + 'type' => 'approle', + 'wrap_ttl' => '1m', + 'config' => { + 'role_id_file_path' => '/etc/vault/role-id', + 'secret_id_file_path' => '/etc/vault/secret-id' + } + }] + }, + agent_cache => { 'use_auto_auth_token' => true }, + agent_listeners => [{ + 'tcp' => { 'address' => '127.0.0.1:8100', 'tls_disable' => true } + }] + } + PUPPET + end + + it 'applies the manifest without error' do + apply_manifest(manifest, catch_failures: true) + end + + it 'creates the config.json with correct settings' do + config_file = file('/etc/vault/config.json') + expect(config_file).to be_file + expect(config_file.content).to include( + '"address": "https://vault.example.com:8200"', + '"wrap_ttl": "1m"', + '"role_id_file_path": "/etc/vault/role-id"', + '"secret_id_file_path": "/etc/vault/secret-id"', + '"use_auto_auth_token": true', + '"address": "127.0.0.1:8100"' + ) + end + + it 'ensures the vault service is running' do + expect(service('vault')).to be_enabled + expect(service('vault')).to be_running + end + end end diff --git a/spec/classes/vault_spec.rb b/spec/classes/vault_spec.rb index 256dcf0..1641c5d 100644 --- a/spec/classes/vault_spec.rb +++ b/spec/classes/vault_spec.rb @@ -417,6 +417,52 @@ } end + context 'vault class with agent configuration' do + let(:params) do + { + mode: 'agent', + agent_vault: { 'address' => 'https://vault.example.com:8200' }, + agent_auto_auth: { + 'method' => [{ + 'type' => 'approle', + 'wrap_ttl' => '1m', + 'config' => { + 'role_id_file_path' => '/etc/vault/role-id', + 'secret_id_file_path' => '/etc/vault/secret-id' + } + }] + }, + agent_cache: { 'use_auto_auth_token' => true }, + agent_listeners: [{ + 'tcp' => { + 'address' => '127.0.0.1:8100', + 'tls_disable' => true + } + }] + } + end + + it { is_expected.to compile.with_all_deps } + + it 'generates the config.json with correct agent settings' do + expect(param_value(catalogue, 'File', '/etc/vault/config.json', 'content')).to include_json( + vault: { 'address' => 'https://vault.example.com:8200' }, + auto_auth: { + 'method' => [{ + 'type' => 'approle', + 'wrap_ttl' => '1m', + 'config' => { + 'role_id_file_path' => '/etc/vault/role-id', + 'secret_id_file_path' => '/etc/vault/secret-id' + } + }] + }, + cache: { 'use_auto_auth_token' => true }, + listener: [{ 'tcp' => { 'address' => '127.0.0.1:8100', 'tls_disable' => true } }] + ) + end + end + case os_facts[:os]['family'] when 'RedHat' case os_facts[:os]['release']['major'].to_i