Merge pull request #23 from Roblox/ICO-4170-add-data-symlink

ICO-4170: Move vault data if its not already linked
Roblox · Sep 12, 2024 · c523bb9 · c523bb9
2 parents 36eb57c + b06f1fb
commit c523bb9
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 1 deletion.
diff --git a/.kitchen.yml b/.kitchen.yml
@@ -27,6 +27,13 @@ suites:
   - name: default
     provisioner: &default-provisioner
       policyfile: test/fixtures/policies/default.rb
+  - name: test_data_dir
+    provisioner:
+      <<: *default-provisioner
+      policyfile: test/fixtures/policies/default.rb
+    lifecycle:
+      post_create:
+        - remote: sudo mkdir -p /data
   - name: test_unauthenticated_metrics
     provisioner:
       <<: *default-provisioner

diff --git a/libraries/vault_service.rb b/libraries/vault_service.rb
@@ -87,6 +87,13 @@ def action_enable
 
           # if /data directory mounted then we need to symlink /var/log/vault to /data/var/log/vault
           if ::File.directory?('/data')
+            # if /var/log/vault exists and is not a link, move to /var/log/vault.[created_at timestamp]
+            path = '/var/log/vault'
+            if ::File.directory?(path) && !::File.symlink?(path)
+              created_at = ::File.birthtime(path).strftime('%Y%m%d%H%M%S')
+              new_path = "#{path}.#{created_at}"
+              ::FileUtils.mv(path, new_path)
+            end
             link '/var/log/vault' do
               to ::File.join('/data', '/var/log/vault')
               action :create

diff --git a/metadata.rb b/metadata.rb
@@ -6,7 +6,7 @@
 long_description 'Application cookbook for installing and configuring Vault.'
 issues_url 'https://github.com/johnbellone/vault-cookbook/issues'
 source_url 'https://github.com/johnbellone/vault-cookbook/'
-version '1002.7.9'
+version '1002.7.10'
 
 supports 'ubuntu', '>= 12.04'
 supports 'redhat', '>= 6.4'

diff --git a/test/integration/test_data_dir/inspec/default_spec.rb b/test/integration/test_data_dir/inspec/default_spec.rb
@@ -0,0 +1,31 @@
+describe file('/opt/vault/1.8.5/vault') do
+  it { should be_file }
+  it { should be_executable }
+end
+
+describe group('vault') do
+  it { should exist }
+end
+
+describe user('vault') do
+  it { should exist }
+end
+
+describe file('/etc/vault/vault.json') do
+  its('mode') { should eq 0640 }
+  it { should be_file }
+  it { should be_owned_by 'vault' }
+  it { should be_grouped_into 'vault' }
+  its('content') { should match /.*log_level.*/ }
+  its('content') { should match /.*reporting.*/ }
+end
+
+describe file('/var/log/vault') do
+  it {should be_symlink}
+end
+
+describe service('vault') do
+  it { should be_installed }
+  it { should be_enabled }
+  it { should be_running }
+end