Documentation update

CHANGELOG.md

@@ -2,6 +2,21 @@
 
 All notable changes to this project will be documented in this file.
 
+## Unreleased
+
+- Add service resource
+- Add package installation to install resource
+- HCL configuration support
+  - Unify server and agent under common resources.
+  - Add HCL server configuration resources.
+  - HCL configuration file as accumulated template.
+  - HCL support for agent configuration.
+
+- JSON configuration changes
+  - Remove configuration properties and consolidate configuration in a `config` Hash property to allow new configuration items to be added without requiring a cookbook change.
+  - Add base default configuration similar to vault defaults
+  - Set sensitive by default
+
 ## 4.3.0 (2020-10-19)
 
 - Added 'unauthenticated_metrics_access' config option

README.md

@@ -6,37 +6,96 @@
 [![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors)
 [![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0)
 
-[Application cookbook][0] for installing and configuring [Hashicorp Vault][1].
+Install and configure Hashicorp Vault in server and agent mode.
 
-## Platform Support
+## Maintainers
+
+This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF).
+
+## Platforms
 
 The following platforms have been certified with integration tests
 using Test Kitchen:
 
-- Debian 9
-- CentOS (RHEL) 7, 8
-- Ubuntu 16.04, 18.04
+- Debian/Ubuntu
+- RHEL/CentOS and derivatives
+- Fedora and derivatives
+
+## Requirements
+
+- Chef 14+
+- ark Community Cookbook ([https://supermarket.chef.io/cookbooks/ark])
 
 ## Usage
 
 It is recommended to create a project or organization specific [wrapper cookbook](https://www.chef.io/blog/2013/12/03/doing-wrapper-cookbooks-right/) and add the desired custom resources to the run list of a node. Depending on your environment, you may have multiple roles that use different recipes from this cookbook. Adjust any attributes as desired.
 
+Example of a basic server configuration using Hashicorp HCL for configuration
+
 ```ruby
 hashicorp_vault_install 'package' do
-  ui true
-  disable_performance_standby true
-  sensitive true
-  action [:install]
+  action :upgrade
+end
+
+hashicorp_vault_config_global 'vault' do
+  sensitive false
+  telemetry(
+    statsite_address: '127.0.0.1:8125',
+    disable_hostname: true
+  )
+
+  notifies :restart, 'hashicorp_vault_service[vault]', :delayed
+
+  action :create
 end
+
+hashicorp_vault_config_listener 'tcp' do
+  options(
+    'address' => '127.0.0.1:8200',
+    'cluster_address' => '127.0.0.1:8201',
+    'tls_cert_file' => '/opt/vault/tls/tls.crt',
+    'tls_key_file' => '/opt/vault/tls/tls.key',
+    'telemetry' => {
+      'unauthenticated_metrics_access' => false,
+    }
+  )
+
+  notifies :restart, 'hashicorp_vault_service[vault]', :delayed
+end
+
+hashicorp_vault_config_storage 'Test file storage' do
+  type 'file'
+  options(
+    'path' => '/opt/vault/data'
+  )
+
+  notifies :restart, 'hashicorp_vault_service[vault]', :delayed
+end
+
+hashicorp_vault_service 'vault' do
+  action %i(create enable start)
+end
+
 ```
 
-## Assumptions
+## External Documentation
 
-- Supports a single TLS listener.
+- [https://www.vaultproject.io/docs/configuration]
+- [https://www.vaultproject.io/docs/agent]
 
-## Maintainers
+## Resources
 
-This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF).
+- [hashicorp_vault_config_auto_auth](documentation/hashicorp_vault_config_auto_auth.md)
+- [hashicorp_vault_config_entropy](documentation/hashicorp_vault_config_entropy.md)
+- [hashicorp_vault_config_global](documentation/hashicorp_vault_config_global.md)
+- [hashicorp_vault_config_listener](documentation/hashicorp_vault_config_listener.md)
+- [hashicorp_vault_config_seal](documentation/hashicorp_vault_config_seal.md)
+- [hashicorp_vault_config_service_registration](documentation/hashicorp_vault_config_service_registration.md)
+- [hashicorp_vault_config_storage](documentation/hashicorp_vault_config_storage.md)
+- [hashicorp_vault_config_template](documentation/hashicorp_vault_config_template.md)
+- [hashicorp_vault_config](documentation/hashicorp_vault_config.md)
+- [hashicorp_vault_install](documentation/hashicorp_vault_install.md)
+- [hashicorp_vault_service](documentation/hashicorp_vault_service.md)
 
 ## Contributors
 

documentation/hashicorp_vault_config.md

@@ -0,0 +1,70 @@
+# hashicorp_vault_config
+
+[Back to resource list](../README.md#resources)
+
+Creates a vault server or agent template JSON configuration
+
+Introduced: v5.0.0
+
+## Actions
+
+- `:create`
+- `:delete`
+
+## Properties
+
+| Name                   | Type          | Default                          | Description                                                         |
+| ---------------------- | ------------- | -------------------------------- | ------------------------------------------------------------------- |
+| `owner`                | String        | `vault`                          | Owner of the generated configuration file                           |
+| `group`                | String        | `vault`                          | Group of the generated configuration file                           |
+| `mode`                 | String        | `'0640'`                         | Filemode of the generated configuration file                        |
+| `config_file`          | String        | `/etc/vault.d/vault.json`        | Configuration file to generate                                      |
+| `sensitive`            | True, False   | `true`                           | Set template to sensitive by default                                |
+| `config`               | Hash          | `{}`                             | Vault configuration                                                 |
+
+## Examples
+
+```ruby
+hashicorp_vault_config 'vault' do
+  sensitive false
+  config(
+    'api_addr' => 'https://127.0.0.1:8200',
+    'cluster_addr' => 'https://127.0.0.1:8201',
+    'cache_size' => 131072,
+    'default_lease_ttl' => '768h',
+    'default_max_request_duration' => '90s',
+    'disable_cache' => false,
+    'disable_clustering' => false,
+    'disable_mlock' => false,
+    'disable_performance_standby' => true,
+    'disable_sealwrap' => false,
+    'listener' => {
+      'tcp' => {
+        'address' => '127.0.0.1:8200',
+        'cluster_address' => '127.0.0.1:8201',
+        'tls_cert_file' => '/opt/vault/tls/tls.crt',
+        'tls_key_file' => '/opt/vault/tls/tls.key',
+        'telemetry' => {
+          'unauthenticated_metrics_access' => false,
+        },
+      },
+    },
+    'max_lease_ttl' => '768h',
+    'raw_storage_endpoint' => false,
+    'storage' => {
+      'file' => {
+        'path' => '/opt/vault/data',
+      },
+    },
+    'ui' => true
+  )
+
+  action :create
+end
+```
+
+```ruby
+hashicorp_vault_config 'vault' do
+  action :delete
+  end
+```