vault on ubuntu-18.04-x86_64 on Debian OS family on Debian based with systemd includes systemd init script is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=vault$/, content =~ /^Group=vault$/, content =~ /Environment=GOMAXPROCS=3/, content =~ /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/, content =~ /SecureBits=keep-caps/, content =~ /Capabilities=CAP_IPC_LOCK\+ep/, content =~ /CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK/ and content =~ /NoNewPrivileges=yes/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=vault$}). with_content(%r{^Group=vault$}). with_content(%r{Environment=GOMAXPROCS=3}). with_content(%r{^ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json $}). expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /Capabilities=CAP_IPC_LOCK\+ep/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity

vault on ubuntu-18.04-x86_64 on Debian OS family on Debian based with systemd service with non-default options is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=root$/, content =~ /^Group=admin$/, content =~ /Environment=GOMAXPROCS=8/ and content =~ /^ExecStart=\/opt\/bin\/vault server -config=\/opt\/etc\/vault\/vault.json -log-level=info$/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=root$}). with_content(%r{^Group=admin$}). with_content(%r{Environment=GOMAXPROCS=8}). with_content(%r{^ExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json -log-level=info$}) expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^User=root$/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/opt/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=8\nExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /^Group=admin$/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/opt/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=8\nExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /^ExecStart=\/opt\/bin\/vault server -config=\/opt\/etc\/vault\/vault.json -log-level=info$/ but it is set to "\n# vault systemd unit file\n#########

vault on ubuntu-18.04-x86_64 on Debian OS family on Debian based with systemd with mlock disabled is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=vault$/, content =~ /^Group=vault$/, content =~ /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/, content =~ /CapabilityBoundingSet=CAP_SYSLOG/, content =~ /NoNewPrivileges=yes/, content !~ /SecureBits=keep-caps/ and content !~ /Capabilities=CAP_IPC_LOCK\+ep/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=vault$}). with_content(%r{^Group=vault$}). with_content(%r{^ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json $}). without_content(%r{SecureBits=keep-caps}). expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content not set to /SecureBits=keep-caps/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n" Diff: @@ -1,4 +1,

vault on debian-11-x86_64 on Debian OS family on Debian based with systemd includes systemd init script is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=vault$/, content =~ /^Group=vault$/, content =~ /Environment=GOMAXPROCS=3/, content =~ /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/, content =~ /SecureBits=keep-caps/, content =~ /Capabilities=CAP_IPC_LOCK\+ep/, content =~ /CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK/ and content =~ /NoNewPrivileges=yes/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=vault$}). with_content(%r{^Group=vault$}). with_content(%r{Environment=GOMAXPROCS=3}). with_content(%r{^ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json $}). expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /Capabilities=CAP_IPC_LOCK\+ep/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\

vault on debian-11-x86_64 on Debian OS family on Debian based with systemd service with non-default options is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=root$/, content =~ /^Group=admin$/, content =~ /Environment=GOMAXPROCS=8/ and content =~ /^ExecStart=\/opt\/bin\/vault server -config=\/opt\/etc\/vault\/vault.json -log-level=info$/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=root$}). with_content(%r{^Group=admin$}). with_content(%r{Environment=GOMAXPROCS=8}). with_content(%r{^ExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json -log-level=info$}) expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^User=root$/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/opt/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=8\nExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /^Group=admin$/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/opt/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=8\nExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /^ExecStart=\/opt\/bin\/vault server -config=\/opt\/etc\/vault\/vault.json -log-level=info$/ but it is set to "\n# vault systemd unit file\n############

vault on debian-11-x86_64 on Debian OS family on Debian based with systemd with mlock disabled is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=vault$/, content =~ /^Group=vault$/, content =~ /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/, content =~ /CapabilityBoundingSet=CAP_SYSLOG/, content =~ /NoNewPrivileges=yes/, content !~ /SecureBits=keep-caps/ and content !~ /Capabilities=CAP_IPC_LOCK\+ep/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=vault$}). with_content(%r{^Group=vault$}). with_content(%r{^ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json $}). without_content(%r{SecureBits=keep-caps}). expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content not set to /SecureBits=keep-caps/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n" Diff: @@ -1,4 +1,89

vault on debian-12-x86_64 on Debian OS family on Debian based with systemd includes systemd init script is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=vault$/, content =~ /^Group=vault$/, content =~ /Environment=GOMAXPROCS=3/, content =~ /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/, content =~ /SecureBits=keep-caps/, content =~ /Capabilities=CAP_IPC_LOCK\+ep/, content =~ /CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK/ and content =~ /NoNewPrivileges=yes/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=vault$}). with_content(%r{^Group=vault$}). with_content(%r{Environment=GOMAXPROCS=3}). with_content(%r{^ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json $}). expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /Capabilities=CAP_IPC_LOCK\+ep/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\

vault on debian-12-x86_64 on Debian OS family on Debian based with systemd service with non-default options is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=root$/, content =~ /^Group=admin$/, content =~ /Environment=GOMAXPROCS=8/ and content =~ /^ExecStart=\/opt\/bin\/vault server -config=\/opt\/etc\/vault\/vault.json -log-level=info$/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=root$}). with_content(%r{^Group=admin$}). with_content(%r{Environment=GOMAXPROCS=8}). with_content(%r{^ExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json -log-level=info$}) expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^User=root$/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/opt/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=8\nExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /^Group=admin$/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/opt/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=8\nExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /^ExecStart=\/opt\/bin\/vault server -config=\/opt\/etc\/vault\/vault.json -log-level=info$/ but it is set to "\n# vault systemd unit file\n############

vault on debian-12-x86_64 on Debian OS family on Debian based with systemd with mlock disabled is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=vault$/, content =~ /^Group=vault$/, content =~ /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/, content =~ /CapabilityBoundingSet=CAP_SYSLOG/, content =~ /NoNewPrivileges=yes/, content !~ /SecureBits=keep-caps/ and content !~ /Capabilities=CAP_IPC_LOCK\+ep/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=vault$}). with_content(%r{^Group=vault$}). with_content(%r{^ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json $}). without_content(%r{SecureBits=keep-caps}). expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content not set to /SecureBits=keep-caps/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n" Diff: @@ -1,4 +1,89

Process completed with exit code 1.

vault on ubuntu-18.04-x86_64 on Debian OS family on Debian based with systemd includes systemd init script is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=vault$/, content =~ /^Group=vault$/, content =~ /Environment=GOMAXPROCS=3/, content =~ /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/, content =~ /SecureBits=keep-caps/, content =~ /Capabilities=CAP_IPC_LOCK\+ep/, content =~ /CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK/ and content =~ /NoNewPrivileges=yes/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=vault$}). with_content(%r{^Group=vault$}). with_content(%r{Environment=GOMAXPROCS=3}). with_content(%r{^ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json $}). expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /Capabilities=CAP_IPC_LOCK\+ep/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity

vault on ubuntu-18.04-x86_64 on Debian OS family on Debian based with systemd service with non-default options is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=root$/, content =~ /^Group=admin$/, content =~ /Environment=GOMAXPROCS=8/ and content =~ /^ExecStart=\/opt\/bin\/vault server -config=\/opt\/etc\/vault\/vault.json -log-level=info$/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=root$}). with_content(%r{^Group=admin$}). with_content(%r{Environment=GOMAXPROCS=8}). with_content(%r{^ExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json -log-level=info$}) expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^User=root$/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/opt/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=8\nExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /^Group=admin$/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/opt/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=8\nExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /^ExecStart=\/opt\/bin\/vault server -config=\/opt\/etc\/vault\/vault.json -log-level=info$/ but it is set to "\n# vault systemd unit file\n#########

vault on ubuntu-18.04-x86_64 on Debian OS family on Debian based with systemd with mlock disabled is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=vault$/, content =~ /^Group=vault$/, content =~ /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/, content =~ /CapabilityBoundingSet=CAP_SYSLOG/, content =~ /NoNewPrivileges=yes/, content !~ /SecureBits=keep-caps/ and content !~ /Capabilities=CAP_IPC_LOCK\+ep/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=vault$}). with_content(%r{^Group=vault$}). with_content(%r{^ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json $}). without_content(%r{SecureBits=keep-caps}). expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content not set to /SecureBits=keep-caps/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n" Diff: @@ -1,4 +1,

vault on debian-11-x86_64 on Debian OS family on Debian based with systemd includes systemd init script is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=vault$/, content =~ /^Group=vault$/, content =~ /Environment=GOMAXPROCS=3/, content =~ /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/, content =~ /SecureBits=keep-caps/, content =~ /Capabilities=CAP_IPC_LOCK\+ep/, content =~ /CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK/ and content =~ /NoNewPrivileges=yes/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=vault$}). with_content(%r{^Group=vault$}). with_content(%r{Environment=GOMAXPROCS=3}). with_content(%r{^ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json $}). expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /Capabilities=CAP_IPC_LOCK\+ep/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\

vault on debian-11-x86_64 on Debian OS family on Debian based with systemd service with non-default options is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=root$/, content =~ /^Group=admin$/, content =~ /Environment=GOMAXPROCS=8/ and content =~ /^ExecStart=\/opt\/bin\/vault server -config=\/opt\/etc\/vault\/vault.json -log-level=info$/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=root$}). with_content(%r{^Group=admin$}). with_content(%r{Environment=GOMAXPROCS=8}). with_content(%r{^ExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json -log-level=info$}) expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^User=root$/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/opt/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=8\nExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /^Group=admin$/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/opt/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=8\nExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /^ExecStart=\/opt\/bin\/vault server -config=\/opt\/etc\/vault\/vault.json -log-level=info$/ but it is set to "\n# vault systemd unit file\n############

vault on debian-11-x86_64 on Debian OS family on Debian based with systemd with mlock disabled is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=vault$/, content =~ /^Group=vault$/, content =~ /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/, content =~ /CapabilityBoundingSet=CAP_SYSLOG/, content =~ /NoNewPrivileges=yes/, content !~ /SecureBits=keep-caps/ and content !~ /Capabilities=CAP_IPC_LOCK\+ep/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=vault$}). with_content(%r{^Group=vault$}). with_content(%r{^ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json $}). without_content(%r{SecureBits=keep-caps}). expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content not set to /SecureBits=keep-caps/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n" Diff: @@ -1,4 +1,89

vault on debian-12-x86_64 on Debian OS family on Debian based with systemd includes systemd init script is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=vault$/, content =~ /^Group=vault$/, content =~ /Environment=GOMAXPROCS=3/, content =~ /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/, content =~ /SecureBits=keep-caps/, content =~ /Capabilities=CAP_IPC_LOCK\+ep/, content =~ /CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK/ and content =~ /NoNewPrivileges=yes/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=vault$}). with_content(%r{^Group=vault$}). with_content(%r{Environment=GOMAXPROCS=3}). with_content(%r{^ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json $}). expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /Capabilities=CAP_IPC_LOCK\+ep/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\

vault on debian-12-x86_64 on Debian OS family on Debian based with systemd service with non-default options is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=root$/, content =~ /^Group=admin$/, content =~ /Environment=GOMAXPROCS=8/ and content =~ /^ExecStart=\/opt\/bin\/vault server -config=\/opt\/etc\/vault\/vault.json -log-level=info$/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=root$}). with_content(%r{^Group=admin$}). with_content(%r{Environment=GOMAXPROCS=8}). with_content(%r{^ExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json -log-level=info$}) expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^User=root$/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/opt/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=8\nExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /^Group=admin$/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/opt/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=8\nExecStart=/opt/bin/vault server -config=/opt/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content set to /^ExecStart=\/opt\/bin\/vault server -config=\/opt\/etc\/vault\/vault.json -log-level=info$/ but it is set to "\n# vault systemd unit file\n############

vault on debian-12-x86_64 on Debian OS family on Debian based with systemd with mlock disabled is expected to contain File[/etc/systemd/system/vault.service] with mode => "0444", ensure => "file", owner => "root", group => "root", content =~ /^# vault systemd unit file/, content =~ /^User=vault$/, content =~ /^Group=vault$/, content =~ /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/, content =~ /CapabilityBoundingSet=CAP_SYSLOG/, content =~ /NoNewPrivileges=yes/, content !~ /SecureBits=keep-caps/ and content !~ /Capabilities=CAP_IPC_LOCK\+ep/ Failure/Error: is_expected.to contain_file('/etc/systemd/system/vault.service'). with_mode('0444'). with_ensure('file'). with_owner('root'). with_group('root'). with_content(%r{^# vault systemd unit file}). with_content(%r{^User=vault$}). with_content(%r{^Group=vault$}). with_content(%r{^ExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json $}). without_content(%r{SecureBits=keep-caps}). expected that the catalogue would contain File[/etc/systemd/system/vault.service] with content set to /^ExecStart=\/usr\/local\/bin\/vault server -config=\/etc\/vault\/vault.json $/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n", and parameter content not set to /SecureBits=keep-caps/ but it is set to "\n# vault systemd unit file\n###########################################################################################################\n# this file has been put in place by the jsok/vault Puppet module (https://forge.puppetlabs.com/jsok/vault)\n# any changes will be overwritten if Puppet is run again\n# This script is originally from:\n# https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd\n###########################################################################################################\n\n[Unit]\nDescription=\"HashiCorp Vault - A tool for managing secrets\"\nDocumentation=https://www.vaultproject.io/docs/\nRequires=network-online.target\nAfter=network-online.target\nConditionFileNotEmpty=/etc/vault/vault.json\nStartLimitIntervalSec=60\nStartLimitBurst=3\n\n[Service]\nType=notify\nUser=vault\nGroup=vault\nProtectSystem=full\nProtectHome=read-only\nPrivateTmp=yes\nPrivateDevices=yes\nSecureBits=keep-caps\nAmbientCapabilities=CAP_IPC_LOCK\nCapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK\nNoNewPrivileges=yes\nEnvironment=GOMAXPROCS=3\nExecStart=/usr/local/bin/vault server -config=/etc/vault/vault.json\nExecReload=/bin/kill --signal HUP $MAINPID\nKillMode=process\nKillSignal=SIGINT\nRestart=on-failure\nRestartSec=5\nTimeoutStopSec=30\nLimitNOFILE=65536\nLimitMEMLOCK=infinity\n\n[Install]\nWantedBy=multi-user.target\n" Diff: @@ -1,4 +1,89

Process completed with exit code 1.

Skipping EOL operating system Ubuntu 18.04

Skipping EOL operating system Debian 10

Skipping EOL operating system RedHat 7

Skipping EOL operating system CentOS 7