feat: enable plugins for vault/openbao (#447)

- install openbao-plugins
- add plugin_directory

Reviewed-on: #447

hieradata/roles/infra/storage/vault.yaml

@@ -2,6 +2,7 @@
 profiles::vault::server::members_role: roles::infra::storage::vault
 profiles::vault::server::members_lookup: true
 profiles::vault::server::data_dir: /data/vault
+profiles::vault::server::plugin_dir: /opt/openbao-plugins
 profiles::vault::server::manage_storage_dir: true
 profiles::vault::server::tls_disable: false
 vault::package_name: openbao
@@ -23,3 +24,6 @@ profiles::nginx::simpleproxy::proxy_scheme: 'http'
 profiles::nginx::simpleproxy::proxy_host: '127.0.0.1'
 profiles::nginx::simpleproxy::proxy_port: 8200
 profiles::nginx::simpleproxy::proxy_path: '/'
+
+profiles::packages::include:
+  openbao-plugins: {}

site/profiles/manifests/vault/server.pp

@@ -11,6 +11,7 @@ class profiles::vault::server (
   Stdlib::Port  $cluster_port       = 8201,
   Boolean   $manage_storage_dir     = false,
   Stdlib::Absolutepath $data_dir    = '/opt/vault',
+  Stdlib::Absolutepath $plugin_dir  = '/opt/vault_plugins',
   Stdlib::Absolutepath $bin_dir     = '/usr/bin',
   Stdlib::Absolutepath $ssl_crt     = '/etc/pki/tls/vault/certificate.crt',
   Stdlib::Absolutepath $ssl_key     = '/etc/pki/tls/vault/private.key',
@@ -64,7 +65,8 @@ class profiles::vault::server (
       },
       api_addr           => "${http_scheme}://${::facts['networking']['fqdn']}:${client_port}",
       extra_config       => {
-        cluster_addr => "${http_scheme}://${::facts['networking']['fqdn']}:${cluster_port}",
+        cluster_addr     => "${http_scheme}://${::facts['networking']['fqdn']}:${cluster_port}",
+        plugin_directory => $plugin_dir,
       },
       listener           => [
         {