Support upgrades and trigger restart of vault

Closes jsok/pull/154
Closes jsok/puppet-vault/issues/63

Author: rgevaert

manifests/config.pp

@@ -37,6 +37,10 @@
       owner   => $vault::user,
       group   => $vault::group,
       mode    => $vault::config_mode,
+      owner   => $::vault::user,
+      group   => $::vault::group,
+      mode    => $::vault::config_mode,
+      notify  => Class['vault::service'],
     }
 
     # If manage_storage_dir is true and a file or raft storage backend is

manifests/install.pp

@@ -3,27 +3,43 @@
 #
 class vault::install {
   assert_private()
-  $vault_bin = "${vault::bin_dir}/vault"
+  $vault_bin = "${::vault::bin_dir}/vault"
 
-  case $vault::install_method {
+  case $::vault::install_method {
     'archive': {
-      if $vault::manage_download_dir {
-        file { $vault::download_dir:
+      if $::vault::manage_download_dir {
+        file { $::vault::download_dir:
           ensure => directory,
         }
       }
 
-      archive { "${vault::download_dir}/${vault::download_filename}":
+      $_manage_file_capabilities = true
+      $_vault_versioned_bin = "/opt/vault-${::vault::version}/vault"
+
+      file { "/opt/vault-${::vault::version}":
+        ensure => directory,
+        owner  => 'root',
+        group  => 'root',
+        mode   => '0755',
+      }
+
+      archive { "${::vault::download_dir}/${::vault::download_filename}":
         ensure       => present,
         extract      => true,
-        extract_path => $vault::bin_dir,
-        source       => $vault::real_download_url,
+        extract_path => "/opt/vault-${::vault::version}",
+        source       => $::vault::real_download_url,
         cleanup      => true,
-        creates      => $vault_bin,
+        creates      => $_vault_versioned_bin,
         before       => File['vault_binary'],
+        notify       => Exec['install_versioned_vault'],
+      }
+
+      exec { 'install_versioned_vault':
+        command     => "/bin/cp -f ${_vault_versioned_bin} ${vault_bin}",
+        refreshonly => true,
+        notify      => Class['vault::service'],
       }
 
-      $_manage_file_capabilities = true
     }
 
     'repo': {

spec/classes/vault_spec.rb

@@ -137,25 +137,29 @@
           it {
             is_expected.to contain_archive('/tmp/vault.zip').
               that_comes_before('File[vault_binary]')
-          }
-
-          it {
-            is_expected.to contain_file('/etc/vault').
+            is_expected.to contain_file('/opt/vault-1.4.2').
               with_ensure('directory').
-              with_purge('true').
-              with_recurse('true').
-              with_owner('vault').
-              with_group('vault')
+              with_owner('root').
+              with_group('root').
+              with_mode('0755')
           }
 
           context 'when installed with default download options' do
             let(:params) do
-              super().merge(version: '0.7.0')
+              super().merge(
+                version: '0.7.0',
+              )
             end
 
             it {
+              is_expected.to contain_file('/opt/vault-0.7.0')
               is_expected.to contain_archive('/tmp/vault.zip').
                 with_source('https://releases.hashicorp.com/vault/0.7.0/vault_0.7.0_linux_amd64.zip')
+              # A regex is used to validate the command because vault bin_dir is OS specific
+              is_expected.to contain_exec('install_versioned_vault').
+                with_command(%r{/bin/cp -f /opt/vault-0.7.0/vault /[\w/]+/vault}).
+                with_refreshonly(true).
+                that_notifies(['Class[vault::service]'])
             }
           end
 
@@ -170,6 +174,7 @@
             end
 
             it {
+              is_expected.to contain_file('/opt/vault-0.6.0')
               is_expected.to contain_archive('/tmp/vault.zip').
                 with_source('http://my_site.example.com/vault/0.6.0/vaultbinary_0.6.0_linux_amd64.tar.gz')
             }