Support upgrades and trigger restart of vault

Closes /pull/154
Closes jsok/puppet-vault/issues/63

Author: rgevaert

manifests/config.pp

@@ -35,6 +35,7 @@
       owner   => $::vault::user,
       group   => $::vault::group,
       mode    => $::vault::config_mode,
+      notify  => Class['vault::service'],
     }
 
     # If using the file storage then the path must exist and be readable

manifests/install.pp

@@ -1,29 +1,46 @@
 # == Class vault::install
 #
 class vault::install {
+
   $vault_bin = "${::vault::bin_dir}/vault"
 
   case $::vault::install_method {
-      'archive': {
-        if $::vault::manage_download_dir {
-          file { $::vault::download_dir:
-            ensure => directory,
-          }
+    'archive': {
+      if $::vault::manage_download_dir {
+        file { $::vault::download_dir:
+          ensure => directory,
         }
+      }
 
-        archive { "${::vault::download_dir}/${::vault::download_filename}":
-          ensure       => present,
-          extract      => true,
-          extract_path => $::vault::bin_dir,
-          source       => $::vault::real_download_url,
-          cleanup      => true,
-          creates      => $vault_bin,
-          before       => File['vault_binary'],
-        }
+      $_manage_file_capabilities = true
+      $_vault_versioned_bin = "/opt/vault-${::vault::version}/vault"
+
+      file { "/opt/vault-${::vault::version}":
+        ensure => directory,
+        owner  => 'root',
+        group  => 'root',
+        mode   => '0755',
+      }
 
-        $_manage_file_capabilities = true
+      archive { "${::vault::download_dir}/${::vault::download_filename}":
+        ensure       => present,
+        extract      => true,
+        extract_path => "/opt/vault-${::vault::version}",
+        source       => $::vault::real_download_url,
+        cleanup      => true,
+        creates      => $_vault_versioned_bin,
+        before       => File['vault_binary'],
+        notify       => Exec['install_versioned_vault'],
       }
 
+      exec { 'install_versioned_vault':
+        command     => "/bin/cp -f ${_vault_versioned_bin} ${vault_bin}",
+        refreshonly => true,
+        notify      => Class['vault::service'],
+      }
+
+    }
+
     'repo': {
       package { $::vault::package_name:
         ensure  => $::vault::package_ensure,
@@ -37,7 +54,7 @@
   }
 
   file { 'vault_binary':
-    path  =>  $vault_bin,
+    path  => $vault_bin,
     owner => 'root',
     group => 'root',
     mode  => '0755',

spec/classes/vault_spec.rb

@@ -147,16 +147,29 @@
           it {
             is_expected.to contain_archive('/tmp/vault.zip').
               that_comes_before('File[vault_binary]')
+            is_expected.to contain_file('/opt/vault-1.4.2').
+              with_ensure('directory').
+              with_owner('root').
+              with_group('root').
+              with_mode('0755')
           }
 
           context 'when installed with default download options' do
             let(:params) do
-              super().merge(version: '0.7.0')
+              super().merge(
+                version: '0.7.0',
+              )
             end
 
             it {
+              is_expected.to contain_file('/opt/vault-0.7.0')
               is_expected.to contain_archive('/tmp/vault.zip').
                 with_source('https://releases.hashicorp.com/vault/0.7.0/vault_0.7.0_linux_amd64.zip')
+              # A regex is used to validate the command because vault bin_dir is OS specific
+              is_expected.to contain_exec('install_versioned_vault').
+                with_command(%r{/bin/cp -f /opt/vault-0.7.0/vault /[\w/]+/vault}).
+                with_refreshonly(true).
+                that_notifies(['Class[vault::service]'])
             }
           end
 
@@ -171,6 +184,7 @@
             end
 
             it {
+              is_expected.to contain_file('/opt/vault-0.6.0')
               is_expected.to contain_archive('/tmp/vault.zip').
                 with_source('http://my_site.example.com/vault/0.6.0/vaultbinary_0.6.0_linux_amd64.tar.gz')
             }