fix(package): fix more review comments

* remove "backend file" from defaults as it was always added due to
being a default

vault/config/config.sls

@@ -14,4 +14,4 @@ vault-config-config-file-serialize:
     - mode: 640
     - makedirs: True
     - watch_in:
-      - vault-service-init-service-running
+      - service: vault-service-init-service-running

vault/defaults.yaml

@@ -9,9 +9,6 @@ vault:
   self_signed_cert:
     enabled: False
   config:
-    storage:
-      file:
-        path: /var/lib/vault/data
     listener:
       tcp:
         address: "0.0.0.0:8200"

vault/map.jinja

@@ -1,9 +1,9 @@
 # -*- coding: utf-8 -*-
 # vim: ft=sls syntax=yaml softtabstop=2 tabstop=2 shiftwidth=2 expandtab autoindent
 
-{% import_yaml "vault/defaults.yaml" as defaults %}
-{% import_yaml "vault/osfamilymap.yaml" as osfamilymap %}
-{% import_yaml "vault/initfamilymap.yaml" as initfamilymap %}
+{% import_yaml "vault/defaults.yaml" or {} as defaults %}
+{% import_yaml "vault/osfamilymap.yaml" or {} as osfamilymap %}
+{% import_yaml "vault/initfamilymap.yaml" or {} as initfamilymap %}
 
 {%- set merged_defaults = salt['grains.filter_by'](defaults,
     default='vault',

vault/package/clean.sls

@@ -3,6 +3,9 @@
 
 {% from "vault/map.jinja" import vault with context %}
 
+include:
+  - .gpg.clean
+
 vault-package-clean-file-absent:
   file.absent:
     - name: /opt/vault
@@ -11,10 +14,6 @@ vault-package-clean-file-absent-data:
   file.absent:
     - name: /var/lib/vault
 
-vault-package-clean-cmd-run:
-  cmd.run:
-    - name: gpg --batch --yes --delete-key {{ vault.hashicorp_key_id }}
-
 vault-package-clean-user-absent:
   user.absent:
     - name: vault

vault/package/signature.sls → vault/package/gpg/init.sls

@@ -3,23 +3,39 @@
 
 {% from "vault/map.jinja" import vault with context %}
 
-vault-package-signature-file-managed-checksum:
+vault-package-gpg-file-managed:
+  file.managed:
+    - name: /opt/vault/hashicorp.asc
+    - contents: |
+        {{ vault.hashicorp_gpg_key | indent(8) }}
+    - makedirs: True
+
+vault-package-gpg-pkg-installed:
+  pkg.installed:
+    - name: {{ vault.gpg_pkg }}
+
+vault-package-gpg-cmd-run-import:
+  cmd.run:
+    - name: gpg --import /opt/vault/hashicorp.asc
+    - unless: gpg --list-keys {{ vault.hashicorp_key_id }}
+
+vault-package-gpg-file-managed-checksum:
   file.managed:
     - name: /opt/vault/{{ vault.version }}_SHA256SUMS
     - source: https://releases.hashicorp.com/vault/{{ vault.version }}/vault_{{ vault.version }}_SHA256SUMS
     - skip_verify: True
     - makedirs: True
 
-vault-package-signature-file-managed-signature:
+vault-package-gpg-file-managed-signature:
   file.managed:
     - name: /opt/vault/{{ vault.version }}_SHA256SUMS.sig
     - source: https://releases.hashicorp.com/vault/{{ vault.version }}/vault_{{ vault.version }}_SHA256SUMS.sig
     - skip_verify: True
     - makedirs: True
 
-vault-package-signature-cmd-run:
+vault-package-gpg-cmd-run-verify:
   cmd.run:
     - name: gpg --verify /opt/vault/{{ vault.version }}_SHA256SUMS.sig /opt/vault/{{ vault.version }}_SHA256SUMS
     - onchanges:
-      - vault-package-signature-file-managed-checksum
-      - vault-package-signature-file-managed-signature
+      - file: vault-package-gpg-file-managed-checksum
+      - file: vault-package-gpg-file-managed-signature

vault/package/init.sls

@@ -7,5 +7,4 @@ include:
   - .install
   {%- if vault.verify_download %}
   - .gpg
-  - .signature
   {%- endif %}

vault/package/install.sls

@@ -38,4 +38,4 @@ vault-package-install-cmd-run:
   cmd.run:
     - name: setcap cap_ipc_lock=+ep /opt/vault/bin/vault
     - onchanges:
-      - vault-package-install-archive-extracted
+      - archive: vault-package-install-archive-extracted

vault/service/init.sls

@@ -14,5 +14,5 @@ vault-service-init-service-running:
     - name: vault
     - enable: true
     - watch:
-      - vault-package-install-archive-extracted
-      - vault-service-init-file-managed
+      - archive: vault-package-install-archive-extracted
+      - file: vault-service-init-file-managed