hashicorp_vault_install 'package' do
  action :upgrade
end

hashicorp_vault_config_global 'vault' do
  sensitive false
  telemetry(
    statsite_address: '127.0.0.1:8125',
    disable_hostname: true
  )

  notifies :restart, 'hashicorp_vault_service[vault]', :delayed

  action :create
end

hashicorp_vault_config_listener 'tcp' do
  options(
    'address' => '127.0.0.1:8200',
    'cluster_address' => '127.0.0.1:8201',
    'tls_cert_file' => '/opt/vault/tls/tls.crt',
    'tls_key_file' => '/opt/vault/tls/tls.key',
    'telemetry' => {
      'unauthenticated_metrics_access' => false,
    }
  )

  notifies :restart, 'hashicorp_vault_service[vault]', :delayed
end

hashicorp_vault_config_storage 'Test file storage' do
  type 'file'
  options(
    'path' => '/opt/vault/data'
  )

  notifies :restart, 'hashicorp_vault_service[vault]', :delayed
end

hashicorp_vault_service 'vault' do
  action %i(create enable start)
end

Dependent cookbooks

ark ~> 6.0

Contingent cookbooks

vault-cluster Applicable Versions

vault-cluster 1.0.0

vault-cluster 1.0.1

vault-cluster 1.0.2

vault-cluster 1.1.0

vault-cluster 2.1.0

Change Log

All notable changes to this project will be documented in this file.

6.3.8 - 2023-04-01

Standardise files with files in sous-chefs/repo-management

6.3.7 - 2023-03-20

Standardise files with files in sous-chefs/repo-management

6.3.6 - 2023-03-15

Standardise files with files in sous-chefs/repo-management

6.3.5 - 2023-03-02

Standardise files with files in sous-chefs/repo-management

6.3.4 - 2023-02-27

Standardise files with files in sous-chefs/repo-management

6.3.3 - 2023-02-23

Standardise files with files in sous-chefs/repo-management

6.3.2 - 2023-02-15

Standardise files with files in sous-chefs/repo-management

Standardise files with files in sous-chefs/repo-management

Standardise files with files in sous-chefs/repo-management

6.3.1 - 2022-02-08

• Remove delivery folder
• Standardise files with files in sous-chefs/repo-management
• Update tested platforms
• Update Test Kitchen provisioner settings
• Remove .delivery folder
• Move to calling RSpec directly via a reusable workflow

6.3.0 - 2021-10-19

• Unify :type property as name_property in partial

6.2.0 - 2021-10-19

• Use new_resource.name as type part 2

6.1.0 - 2021-10-13

• Use new_resource.name as type

6.0.3 - 2021-08-30

• Standardise files with files in sous-chefs/repo-management

6.0.2 - 2021-06-18

• Un-vendor hcl-checker gem

6.0.1 - 2021-06-01

• Standardise files with files in sous-chefs/repo-management

6.0.0 - 2021-05-25

Breaking changes, please see [UPGRADING.md](./UPGRADING.md).

• Chef 16 is now required
  • Resource partials now in use
• Refactor all HCL resources to use load_current_value and converge_if_changed
  • Resource notifications now function as per the core resources
  • Changed values are displayed and can be reported upon
  • Server configuration items are written to indiviual files
  • Agent configuration is still accumulated as per previous versions
• Refactor json configuration resource to use load_current_value and converge_if_changed

5.3.1 - 2021-05-11

5.3.0 - 2021-03-26

• Refactor service action to use standard action and allow multiple actions - @bmhughes

5.2.0 - 2021-02-09

• Support ark installation for aarch64/i386/x86_64 architectures

5.1.0 - 2021-02-08

• Added ark installation method support for Amazon Linux

5.0.2 - 2021-02-03

• Update metadata supported platforms

5.0.1 - 2021-01-20

• Update supporting files (https://github.com/sous-chefs/vault/pull/211)

5.0.0 - 2021-01-20

Breaking changes, please see [UPGRADING.md](./UPGRADING.md).

• Add service resource
• Add package installation to install resource

• HCL configuration support

  • Unify server and agent under common resources.
  • Add HCL server configuration resources.
  • HCL configuration file as accumulated template.
  • HCL support for agent configuration.

• JSON configuration changes

  • Remove configuration properties and consolidate configuration in a config Hash property to allow new configuration items to be added without requiring a cookbook change.
  • Add base default configuration similar to vault defaults
  • Set sensitive by default

4.3.0 (2020-10-19)

• Added 'unauthenticated_metrics_access' config option

4.2.0 (2020-08-11)

• Created hashicorp_vault_agent_install resource
• Created hashicorp_vault_agent_template resource
• Created hashicorp_vault_agent_config resource
• Updated hashicorp_vault_service resource to be configurable for vault agent and server
• Set vault default version to 1.4.1

4.1.0 (2020-05-14)

• resolved cookstyle error: resources/config.rb:211:66 convention: Layout/TrailingWhitespace
• resolved cookstyle error: resources/config.rb:211:67 refactor: ChefModernize/FoodcriticComments
• resolved cookstyle error: resources/config.rb:215:60 convention: Layout/TrailingWhitespace
• resolved cookstyle error: resources/config.rb:215:61 refactor: ChefModernize/FoodcriticComments
• Resource config now supports property max_open_files to tune LimitNOFILE in Systemd unit file. Value is 16384 by default.

v4.0.1 (2020-02-20)

• Runtime directory of 0740 on the systemd
• Telemetry configuration no longer recieves the correct configuration.

v4.0.0 (2020-01-26)

• Option to specify configuration as sensitive via property
• Switched to GitHub Actions
• Rewrote all resources to be custom resource sso there's no longer a dependency on poise

v3.0.2 (2019-06-11)

• Changes the function names for config_prefix_path and data_path

v3.0.1 (2019-06-01)

• added x_forwarded_for_* and cluster_addr config options
• disabled unit tests as we cannot bundle install currently
• upgrade to chef 13 minimum
• migrate to circleci 2.0 testing
• added option to set plugin_directory

v3.0.0 (2018-12-09)

• added options to set seal options, ui, and disable_performance_standby
• updated tests to test new config options
• added Circle CI tests
• removed support for Ubuntu 12.04 as it's EOL-ed
• added Ubuntu 18.04 tests

v2.5.0 (2017-03-27)

Full Changelog

• undefined method `cluster_address' for VaultCookbook::Resource::VaultConfig #93
• Service Logging #89
• disable_cache option #84
• CentOS-- kitchen tests fail w/ sudo issue #78
• Vault archive download address should be configurable #74
• Vault 0.5.3 -> 0.6.0 is breaking. Cookbook major version should have been rev'd. #70
• Initializing and unsealing #69
• Added shasums for vault 0.6.4 and 0.6.5 #94 (onetwopunch)
• Update test configuration, fix Travis builds #92 (legal90)
• fix typo in error message #90 (chrisminton)
• add additional ssl options to vault_secret #88 (chrisminton)
• Vault 0.6.3 #87 (vijaybandari)
• Fixes foodcritic, previous fix caused all checks to be ignored #86 (madeddie)
• Add disable_cache config option #85 (madeddie)
• Add log-level support for service #82 (vijaybandari)
• Update Changelog #81 (legal90)
• Enable passwordless sudo for tests #80 (legal90)
• Add 0.6.2 support #79 (Ginja)
• Add cluster_address for listener options #77 (freimer)
• Refactor integration tests and Travis CI configuration #75 (legal90)
• Fix init script syntax for compatibility with RHEL/CentOS 5 #73 (legal90)
• Add support of Vault 0.6.1 #71 (legal90)
• Create/Delete symbolic link to /usr/local/bin #68 (dpattmann)
• Add default recipe to kitchen run_list #67 (dpattmann)
• Remove 'godep restore' for vault versions > 0.5.0 #66 (dpattmann)

v2.4.0 (2016-06-24)

Full Changelog

• Service doesn't come back after reboot because the default service directory is missing #55
• Failing to run service as nonroot #54
• Vault 0.6.0 #65 (axtl)
• Create work dir before service starts as it does not persist across restarts #64 (willejs)
• Liberate "build-essential" version constraint #63 (legal90)
• vault_secret: Raise an exception if Vault read has failed #61 (legal90)

v2.3.0 (2016-06-09)

Full Changelog

• What are bag_name, bag_item attributes used for? #58
• Test against newer build-essential #57
• Vault 0.5.3 update (with test fixes, build-essential update) #62 (axtl)
• Fix default value of "leases" attribute #60 (legal90)
• vault_secret: Save lease ID to the nested attribute #56 (legal90)

v2.2.0 (2016-04-19)

Full Changelog

• Specifying 'root' removes root login shell #53
• Configure consul backend in hashicorp-vault > 1.5.x #48
• Prevent "vault" service to be restarted on update #52 (legal90)
• Use custom templates for "systemd" and "sysvinit" service providers #51 (legal90)
• Added a resource for reading secrets from Vault #49 (Ginja)

v2.1.1 (2016-03-17)

Full Changelog

• Fixed typo in vault_config provider property #47 (Ginja)

v2.1.0 (2016-03-17)

Full Changelog

• Getting warning message in Chef run #46
• Fix binary installation for i386 architectures. #44 (johnbellone)

v2.0.0 (2016-03-04)

Full Changelog

• etcd in not supported as backend secret storage #25
• tls_disable attribute only accepts strings #40
• Error executing action create on resource 'vault_config[/home/vault/.vault.json]' #39
• undefined method `delete' for nil:NilClass #34
• metadata updates #33
• No method chef_vault_item #24
• vault_config.rb doesn't writes out telemetry section properly #6
• Fixed Install Issues #42 (Ginja)
• Coerce tls_disable attribute to a string. #41 (CodeGnome)

v1.5.1 (2016-02-18)

Full Changelog

• Add support for Vault 0.5.0 #36 (legal90)

v1.5.0 (2016-02-03)

Full Changelog

• ['vault']['config']['manage_certificate'] = false does not end up getting set on vault_config resource #31
• Vault 0.2.0 - Does not like tls_disable entered as empty string #8
• Multiple fixes #35 (sh9189)
• Fix tls_disable with vault 0.4.0 #30 (shaneramey)
• support vault 0.4.0 #28 (shaneramey)
• Modify attributes to support vault 0.3.1 #26 (NickLaMuro)

v1.4.0 (2015-09-28)

Full Changelog

• Fails to start vault server on CentOS 7.1 #22
• Add note into documentation about chef-vault coobook version #21
• Spec test issue for vault_config: Chef::Provider does not implement #chef_vault_item #11
• Move test data bag item to standard location #19 (jeffbyrnes)
• Clean up spec tests & switch to using Rake #18 (jeffbyrnes)
• Pin chef-vault to specific ref #16 (jeffbyrnes)
• Update Serverspec assertions as per Rspec 3 #15 (jeffbyrnes)
• Make the TLS certificate management optional #13 (jeffbyrnes)
• Update tests for SSL cert/key to match attributes #12 (jeffbyrnes)

v1.3.1 (2015-08-13)

Full Changelog

v1.3.0 (2015-08-13)

Full Changelog

v1.2.1 (2015-08-07)

Full Changelog

v1.2.0 (2015-08-04)

Full Changelog

• Vault service fails to start #5
• Upgrading to Vault 0.2.0 #2
• fixing default attributes based on HWRP #3 (zarry)

v1.1.0 (2015-06-16)

Full Changelog

v1.0.1 (2015-06-15)

Full Changelog

v1.0.0 (2015-06-12)

- -This Change Log was automatically generated by github_changelog_generator-- -This Change Log was automatically generated by github_changelog_generator-

Collaborator Number Metric

            
6.3.8 passed this metric

Contributing File Metric

            
6.3.8 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Cookstyle Metric

            
6.3.8 passed this metric

No Binaries Metric

            
6.3.8 passed this metric

Testing File Metric

            
6.3.8 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric

            
6.3.8 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number