Support upgrades and trigger restart of vault

Closes jsok/pull/154
Closes jsok/puppet-vault/issues/63

Author: rgevaert

manifests/config.pp

@@ -35,6 +35,7 @@
       owner   => $::vault::user,
       group   => $::vault::group,
       mode    => $::vault::config_mode,
+      notify  => Class['vault::service'],
     }
 
     # If manage_storage_dir is true and a file or raft storage backend is configured

manifests/install.pp

@@ -1,52 +1,72 @@
 # == Class vault::install
 #
 class vault::install {
+
   $vault_bin = "${::vault::bin_dir}/vault"
 
   case $::vault::install_method {
-      'archive': {
-        if $::vault::manage_download_dir {
-          file { $::vault::download_dir:
-            ensure => directory,
-          }
+    'archive': {
+      if $::vault::manage_download_dir {
+        file { $::vault::download_dir:
+          ensure => directory,
         }
+      }
 
-        archive { "${::vault::download_dir}/${::vault::download_filename}":
-          ensure       => present,
-          extract      => true,
-          extract_path => $::vault::bin_dir,
-          source       => $::vault::real_download_url,
-          cleanup      => true,
-          creates      => $vault_bin,
-          before       => File['vault_binary'],
-        }
+      $_manage_file_capabilities = true
+      $_vault_versioned_bin = "/opt/vault-${::vault::version}/vault"
+
+      file { "/opt/vault-${::vault::version}":
+        ensure => directory,
+        owner  => 'root',
+        group  => 'root',
+        mode   => '0755',
+      }
+
+      archive { "${::vault::download_dir}/${::vault::download_filename}":
+        ensure       => present,
+        extract      => true,
+        extract_path => "/opt/vault-${::vault::version}",
+        source       => $::vault::real_download_url,
+        cleanup      => true,
+        creates      => $_vault_versioned_bin,
+        before       => File['vault_binary'],
+      }
 
-        $_manage_file_capabilities = true
+      file { 'vault_binary':
+        path   => $vault_bin,
+        target => $_vault_versioned_bin,
+        owner  => 'root',
+        group  => 'root',
+        mode   => '0755',
+        notify => Class['vault::service'],
       }
 
+    }
+
     'repo': {
       package { $::vault::package_name:
         ensure  => $::vault::package_ensure,
       }
       $_manage_file_capabilities = false
+      $_vault_versioned_bin = undef
+
+      file { 'vault_binary':
+        path  => $vault_bin,
+        owner => 'root',
+        group => 'root',
+        mode  => '0755',
+      }
     }
 
     default: {
       fail("Installation method ${::vault::install_method} not supported")
     }
   }
 
-  file { 'vault_binary':
-    path  =>  $vault_bin,
-    owner => 'root',
-    group => 'root',
-    mode  => '0755',
-  }
-
   if !$::vault::disable_mlock and pick($::vault::manage_file_capabilities, $_manage_file_capabilities) {
     file_capability { 'vault_binary_capability':
       ensure     => present,
-      file       => $vault_bin,
+      file       => pick($_vault_versioned_bin, $vault_bin),
       capability => 'cap_ipc_lock=ep',
       subscribe  => File['vault_binary'],
     }