From dbe41c4fee5ce88a1f7ce83a64cc3a78116ab1b3 Mon Sep 17 00:00:00 2001
From: Mike Baum <mike.baum@hashicorp.com>
Date: Mon, 5 Jun 2023 20:25:58 -0400
Subject: [PATCH] [QT-426] Always create the file audit directory (#20997)

* Always create the file audit directory
* Create audit file directory after unsealing the leader
---
 enos/modules/vault_cluster/main.tf | 51 +++++++++++++++---------------
 1 file changed, 26 insertions(+), 25 deletions(-)

diff --git a/enos/modules/vault_cluster/main.tf b/enos/modules/vault_cluster/main.tf
index 96032d15de68..97c8edf47f3c 100644
--- a/enos/modules/vault_cluster/main.tf
+++ b/enos/modules/vault_cluster/main.tf
@@ -217,31 +217,6 @@ resource "enos_vault_start" "followers" {
   }
 }
 
-# We need to ensure that the directory used for audit logs is present and accessible to the vault
-# user on all nodes, since logging will only happen on the leader.
-resource "enos_remote_exec" "create_audit_log_dir" {
-  depends_on = [
-    enos_vault_start.followers,
-  ]
-  for_each = toset([
-    for idx, host in toset(local.instances) : idx
-    if local.enable_audit_device
-  ])
-
-  environment = {
-    LOG_FILE_PATH = local.audit_device_file_path
-    SERVICE_USER  = local.vault_service_user
-  }
-
-  scripts = [abspath("${path.module}/scripts/create_audit_log_dir.sh")]
-
-  transport = {
-    ssh = {
-      host = var.target_hosts[each.value].public_ip
-    }
-  }
-}
-
 resource "enos_vault_init" "leader" {
   depends_on = [
     enos_vault_start.followers,
@@ -286,8 +261,34 @@ resource "enos_vault_unseal" "leader" {
   }
 }
 
+# We need to ensure that the directory used for audit logs is present and accessible to the vault
+# user on all nodes, since logging will only happen on the leader.
+resource "enos_remote_exec" "create_audit_log_dir" {
+  depends_on = [
+    enos_vault_unseal.leader,
+  ]
+  for_each = toset([
+    for idx, host in toset(local.instances) : idx
+    if var.enable_file_audit_device
+  ])
+
+  environment = {
+    LOG_FILE_PATH = local.audit_device_file_path
+    SERVICE_USER  = local.vault_service_user
+  }
+
+  scripts = [abspath("${path.module}/scripts/create_audit_log_dir.sh")]
+
+  transport = {
+    ssh = {
+      host = var.target_hosts[each.value].public_ip
+    }
+  }
+}
+
 resource "enos_remote_exec" "enable_file_audit_device" {
   depends_on = [
+    enos_remote_exec.create_audit_log_dir,
     enos_vault_unseal.leader,
   ]
   for_each = toset([