diff --git a/.kitchen.yml b/.kitchen.yml index b9272f2..3956e76 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -29,12 +29,6 @@ platforms: run_command: /sbin/init suites: - - name: default - provisioner: - state_top: - base: - '*': - - vault - name: dev_server_systemd excludes: - amazonlinux @@ -53,7 +47,7 @@ suites: vault: service: type: systemd - - name: dev_server_upstart + - name: dev_server_upstart_s3 includes: - amazonlinux provisioner: @@ -71,24 +65,6 @@ suites: vault: service: type: upstart - - name: server_backend_s3 - includes: - - amazonlinux - provisioner: - state_top: - base: - '*': - - vault - - vault.server - pillars: - top.sls: - base: - '*': - - vault - vault.sls: - vault: backend: type: s3 bucket: com-saltstack-vault - service: - type: upstart diff --git a/test/integration/default/vault_spec.rb b/test/integration/default/vault_spec.rb deleted file mode 100644 index b27fa42..0000000 --- a/test/integration/default/vault_spec.rb +++ /dev/null @@ -1,6 +0,0 @@ -describe command('/usr/local/bin/vault -version') do - its(:exit_status) { should eq 0 } - its(:stderr) { should be_empty } - its(:stdout) { should match(/^Vault v[0-9\.]+ \('[0-9a-f]+'\)/) } -end - diff --git a/test/integration/dev_server_systemd/vault_spec.rb b/test/integration/dev_server_systemd/vault_spec.rb index bdef182..0034098 100644 --- a/test/integration/dev_server_systemd/vault_spec.rb +++ b/test/integration/dev_server_systemd/vault_spec.rb @@ -1,3 +1,9 @@ +describe command('/usr/local/bin/vault -version') do + its(:exit_status) { should eq 0 } + its(:stderr) { should be_empty } + its(:stdout) { should match(/^Vault v[0-9\.]+ \('[0-9a-f]+'\)/) } +end + describe file('/etc/vault/config/server.hcl') do it { should be_a_file } expected =<<-EOF diff --git a/test/integration/dev_server_upstart/vault_spec.rb b/test/integration/dev_server_upstart_s3/vault_spec.rb similarity index 82% rename from test/integration/dev_server_upstart/vault_spec.rb rename to test/integration/dev_server_upstart_s3/vault_spec.rb index 1e8db72..2904404 100644 --- a/test/integration/dev_server_upstart/vault_spec.rb +++ b/test/integration/dev_server_upstart_s3/vault_spec.rb @@ -1,6 +1,16 @@ +describe command('/usr/local/bin/vault -version') do + its(:exit_status) { should eq 0 } + its(:stderr) { should be_empty } + its(:stdout) { should match(/^Vault v[0-9\.]+ \('[0-9a-f]+'\)/) } +end + describe file('/etc/vault/config/server.hcl') do it { should be_a_file } expected = <<-EOF + +backend "s3" { + bucket = "com-saltstack-vault" +} listener "tcp" { address = "0.0.0.0:8200" tls_disable = 0 diff --git a/test/integration/server_backend_s3/vault_spec.rb b/test/integration/server_backend_s3/vault_spec.rb deleted file mode 100644 index af2a05a..0000000 --- a/test/integration/server_backend_s3/vault_spec.rb +++ /dev/null @@ -1,36 +0,0 @@ -describe file('/etc/vault/config/server.hcl') do - it { should be_a_file } - its(:content) { should match /bucket = "com-saltstack-vault"/ } -end - -describe file('/etc/init/vault.conf') do - it { should be_a_file } - its(:content) { should_not match /syslog/ } -end - -if os[:family] == 'amazon' - # serverspec assumes 'service' resource to be - # init.d for rhel-based os. have to just check - # that it is running, that means that it started - # with the instance - describe command('sudo initctl list | grep vault | grep -v grep') do - its(:stdout) { should match(/vault start\/running/) } - its(:stderr) { should be_empty } - end - - describe processes("vault") do - its('users') { should eq ['root'] } - end - -else - describe service('vault') do - it { should be_enabled } - it { should be_running } - end -end - -describe file('/var/log/vault.log') do - it { should be_a_file } - its(:content) { should match(/WARNING: Dev mode is enabled!/) } -end - diff --git a/vault/server.sls b/vault/server.sls index e5c88c0..f6dc522 100644 --- a/vault/server.sls +++ b/vault/server.sls @@ -21,7 +21,7 @@ generate self signed SSL certs: - user: root - group: root - mode: 755 - + /etc/vault/config: file.directory: - user: root @@ -65,12 +65,8 @@ generate self signed SSL certs: vault: service.running: - enable: True -{%- if vault.self_signed_cert.enabled or vault.dev_mode %} - require: {%- if vault.self_signed_cert.enabled %} - cmd: generate self signed SSL certs {% endif -%} - {%- if vault.dev_mode %} - file: /etc/vault/config/server.hcl - {% endif -%} -{% endif -%}