From 7a93cba3055c432de9bf701dedcd7a42ceff33e5 Mon Sep 17 00:00:00 2001
From: Bob Belnap <robert.belnap@uga.edu>
Date: Mon, 5 Mar 2018 13:05:42 -0500
Subject: [PATCH] update policy/rules in vault_policy, add vault token renew
 cron job.

---
 manifests/common.pp |  7 +++++++
 vault_policy.sh     | 14 ++++++++++++--
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/manifests/common.pp b/manifests/common.pp
index 3bd3ec0..e9da295 100644
--- a/manifests/common.pp
+++ b/manifests/common.pp
@@ -73,5 +73,12 @@ END
       environment => "MAILTO=${contact_email}",
     }
 
+    # renew vault token
+    cron { 'renew vault token':
+      command => "$vault_bin token-renew > /dev/null",
+      user    => $user,
+      weekday => 1,
+    }
+
 }
 
diff --git a/vault_policy.sh b/vault_policy.sh
index 035d7bc..4316ae0 100644
--- a/vault_policy.sh
+++ b/vault_policy.sh
@@ -18,8 +18,18 @@ path "secret/dns_api/token" {
   capabilities = ["read"]
 }
 '
-vault write sys/policy/cert_read policy=@<(echo $cert_read)
-vault write sys/policy/cert_write policy=@<(echo $cert_write)
+
+# the key here changed from "rules" to "policy" in v0.9, this is a basic check
+
+if vault --version | grep -q 'v0.8'
+then
+    K=rules
+else
+    K=policy
+fi
+
+vault write sys/policy/cert_read $K=@<(echo $cert_read)
+vault write sys/policy/cert_write $K=@<(echo $cert_write)
 
 # create periodic tokens:
 # these tokens have a period of 20 days, they will expire if not renewed.