Kv2 support with a specified secret key

[firstnevyn]

Pull Request (PR) description

Adds support for Vault KV2 format secrets and allows addressing a key within a vault secret

With 0.4.0 a kv2 returns a complete hash including creation version and other metadata. this fails to be converted to a string causing an agent compile error

This Pull Request (PR) fixes the following issues

Fixes #21
Fixes #25

[firstnevyn]

This adds a new optional parameter 'vault_key' which can address a key within a secret in a kv2 secretengine. it does require padding the unused arguments because deferred takes a list of values. but this means that existing use cases will still work while supporting the current Vault kv secretengine

[firstnevyn]

Also fixes #30

[bastelfreak]

DO we need to allow empty strings, or could we also use:

Suggested change

	optional_param 'String', :vault_key
	optional_param 'String[1]', :vault_key

(which enforces a minimal string length of 1, or no string at all)

[firstnevyn]

I think we should... because of how this ends up being called sometime you need to pass in the empty string.
and yes while it's the final argument in the list it doesn't matter.. but if we ever need another argument it's problems.

A better way to handle this that works well with deferred would be nice but isn't obvious to me.

Deferred doesn't take named arguments (for better or mostly worse) so for example when not using namespaces you need to pass the empty string to access the key parameter

[bastelfreak]

@firstnevyn thanks for the PR! Can you take a look at the existing tests and maybe add one for this feature? We have unit tests in https://github.com/voxpupuli/puppet-vault_lookup/blob/master/spec/functions/lookup_spec.rb and acceptance tests in https://github.com/voxpupuli/puppet-vault_lookup/blob/master/spec/acceptance/lookup_spec.rb

[bastelfreak]

thanks for the work!