.rspec

@@ -1 +1,2 @@
 --format documentation
+--format ParallelTests::RSpec::SummaryLogger

.travis.yml

@@ -15,20 +15,24 @@ before_install:
   - 'if [ -n "$encrypted_f942601034d6_key" -a -n "$encrypted_f942601034d6_iv" ]; then openssl aes-256-cbc -K $encrypted_f942601034d6_key -iv $encrypted_f942601034d6_iv -in tests/secrets.tar.enc -out tests/secrets.tar -d; cd tests && tar xvf secrets.tar ; fi'
 sudo: false
 
-script: 'SPEC_OPTS="--format documentation" bundle exec rake validate lint spec strings:generate reference'
+script: 'bundle exec rake $CHECK'
 
 matrix:
   fast_finish: true
   include:
-  - rvm: 2.4.4
-    env: PUPPET_GEM_VERSION="~> 5"
-  - rvm: 2.4.4
-    env: PUPPET_GEM_VERSION="~> 5" FIXTURES_YML=".fixtures-latest.yml"
+  - rvm: 2.4.5
+    env: CHECK="validate lint strings:generate reference" PUPPET_GEM_VERSION="~> 5"
   - rvm: 2.5.3
-    env: PUPPET_GEM_VERSION="~> 6"
+    env: CHECK="validate lint strings:generate reference" PUPPET_GEM_VERSION="~> 6"
+  - rvm: 2.4.5
+    env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 5"
+  - rvm: 2.4.5
+    env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 5" FIXTURES_YML=".fixtures-latest.yml"
   - rvm: 2.5.3
-    env: PUPPET_GEM_VERSION="~> 6" FIXTURES_YML=".fixtures-latest.yml"
-  - rvm: 2.4.4
+    env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 6"
+  - rvm: 2.5.3
+    env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 6" FIXTURES_YML=".fixtures-latest.yml"
+  - rvm: 2.4.5
     sudo: required
     services: docker
     env: BEAKER_set="centos-6" BEAKER_PUPPET_COLLECTION=puppet5
@@ -46,7 +50,7 @@ matrix:
     env: BEAKER_set="centos-6" BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_sensu_ci_build=yes
     bundler_args:
     script: bundle exec rake beaker
-  - rvm: 2.4.4
+  - rvm: 2.4.5
     sudo: required
     services: docker
     env: BEAKER_set="centos-7" BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_sensu_full=yes
@@ -64,7 +68,7 @@ matrix:
     env: BEAKER_set="centos-7" BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_sensu_full=yes BEAKER_sensu_ci_build=yes
     bundler_args:
     script: bundle exec rake beaker
-  - rvm: 2.4.4
+  - rvm: 2.4.5
     sudo: required
     services: docker
     env: BEAKER_set="centos-7" BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_sensu_full=yes BEAKER_sensu_use_agent=yes
@@ -76,7 +80,7 @@ matrix:
     env: BEAKER_set="centos-7" BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_sensu_full=yes BEAKER_sensu_use_agent=yes
     bundler_args:
     script: bundle exec rake beaker
-  - rvm: 2.4.4
+  - rvm: 2.4.5
     sudo: required
     services: docker
     env: BEAKER_set="centos-7-cluster" BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_sensu_cluster=yes
@@ -88,7 +92,7 @@ matrix:
     env: BEAKER_set="centos-7-cluster" BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_sensu_cluster=yes
     bundler_args:
     script: bundle exec rake beaker
-  - rvm: 2.4.4
+  - rvm: 2.4.5
     sudo: required
     services: docker
     env: BEAKER_set="centos-7-cluster" BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_sensu_cluster=yes BEAKER_sensu_use_agent=yes
@@ -106,7 +110,7 @@ matrix:
     env: BEAKER_set="centos-7-cluster" BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_sensu_cluster=yes BEAKER_sensu_ci_build=yes
     bundler_args:
     script: bundle exec rake beaker
-  - rvm: 2.4.4
+  - rvm: 2.4.5
     sudo: required
     services: docker
     env: BEAKER_set="debian-9" BEAKER_PUPPET_COLLECTION=puppet5
@@ -136,7 +140,7 @@ matrix:
     env: BEAKER_set="debian-10" BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_sensu_ci_build=yes
     bundler_args:
     script: bundle exec rake beaker
-  - rvm: 2.4.4
+  - rvm: 2.4.5
     sudo: required
     services: docker
     env: BEAKER_set="ubuntu-1604" BEAKER_PUPPET_COLLECTION=puppet5
@@ -154,7 +158,7 @@ matrix:
     env: BEAKER_set="ubuntu-1604" BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_sensu_ci_build=yes
     bundler_args:
     script: bundle exec rake beaker
-  - rvm: 2.4.4
+  - rvm: 2.4.5
     sudo: required
     services: docker
     env: BEAKER_set="debian-8" BEAKER_PUPPET_COLLECTION=puppet5
@@ -172,7 +176,7 @@ matrix:
     env: BEAKER_set="debian-8" BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_sensu_ci_build=yes
     bundler_args:
     script: bundle exec rake beaker
-  - rvm: 2.4.4
+  - rvm: 2.4.5
     sudo: required
     services: docker
     env: BEAKER_set="ubuntu-1804" BEAKER_PUPPET_COLLECTION=puppet5
@@ -190,7 +194,7 @@ matrix:
     env: BEAKER_set="ubuntu-1804" BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_sensu_ci_build=yes
     bundler_args:
     script: bundle exec rake beaker
-  - rvm: 2.4.4
+  - rvm: 2.4.5
     sudo: required
     services: docker
     env: BEAKER_set="amazonlinux-2" BEAKER_PUPPET_COLLECTION=puppet5
@@ -208,7 +212,7 @@ matrix:
     env: BEAKER_set="amazonlinux-2" BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_sensu_ci_build=yes
     bundler_args:
     script: bundle exec rake beaker
-  - rvm: 2.4.4
+  - rvm: 2.4.5
     sudo: required
     services: docker
     env: BEAKER_set="amazonlinux-201803" BEAKER_PUPPET_COLLECTION=puppet5
@@ -227,10 +231,10 @@ matrix:
     bundler_args:
     script: bundle exec rake beaker
   allow_failures:
-  - rvm: 2.4.4
-    env: PUPPET_GEM_VERSION="~> 5" FIXTURES_YML=".fixtures-latest.yml"
+  - rvm: 2.4.5
+    env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 5" FIXTURES_YML=".fixtures-latest.yml"
   - rvm: 2.5.3
-    env: PUPPET_GEM_VERSION="~> 6" FIXTURES_YML=".fixtures-latest.yml"
+    env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 6" FIXTURES_YML=".fixtures-latest.yml"
   - rvm: 2.5.3
     env: BEAKER_set="centos-6" BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_sensu_ci_build=yes
   - rvm: 2.5.3

CHANGELOG.md

@@ -1,6 +1,16 @@
 # Change Log
 
-## [v3.7.0](https://github.com/sensu/sensu-puppet/tree/v3.7.0) (2019-08-25)
+## [v3.8.0](https://github.com/sensu/sensu-puppet/tree/v3.8.0) (2019-09-02)
+[Full Changelog](https://github.com/sensu/sensu-puppet/compare/v3.7.0...v3.8.0)
+
+**Merged pull requests:**
+
+- Testing improvements [\#1139](https://github.com/sensu/sensu-puppet/pull/1139) ([treydock](https://github.com/treydock))
+- Fix unit tests [\#1138](https://github.com/sensu/sensu-puppet/pull/1138) ([treydock](https://github.com/treydock))
+- Support Sensu go 5.12 [\#1137](https://github.com/sensu/sensu-puppet/pull/1137) ([treydock](https://github.com/treydock))
+- Support role\_ref property being Hash [\#1133](https://github.com/sensu/sensu-puppet/pull/1133) ([treydock](https://github.com/treydock))
+
+## [v3.7.0](https://github.com/sensu/sensu-puppet/tree/v3.7.0) (2019-08-26)
 [Full Changelog](https://github.com/sensu/sensu-puppet/compare/v3.6.0...v3.7.0)
 
 **Merged pull requests:**

Gemfile

@@ -11,6 +11,7 @@ group :development, :unit_tests do
   gem 'rspec-puppet',                                     :require => false
   gem 'rspec-puppet-facts',                               :require => false
   gem 'rspec-mocks',                                      :require => false
+  gem 'parallel_tests',                                   :require => false
   gem 'puppetlabs_spec_helper',                           :require => false
   gem 'metadata-json-lint',                               :require => false
   gem 'puppet-blacksmith',                                :require => false

REFERENCE.md

@@ -41,6 +41,7 @@ _Private Classes_
 * [`sensu_ldap_auth`](#sensu_ldap_auth): Manages Sensu LDAP auth. Requires valid enterprise license.
 * [`sensu_mutator`](#sensu_mutator): Manages Sensu mutators
 * [`sensu_namespace`](#sensu_namespace): Manages Sensu namespaces
+* [`sensu_oidc_auth`](#sensu_oidc_auth): Manages Sensu OIDC auth. Requires valid enterprise license.
 * [`sensu_plugin`](#sensu_plugin): Manages Sensu plugins
 * [`sensu_role`](#sensu_role): Manages Sensu roles
 * [`sensu_role_binding`](#sensu_role_binding): Manages Sensu role bindings
@@ -581,6 +582,14 @@ Hash of sensu_namespace resources
 
 Default value: {}
 
+##### `oidc_auths`
+
+Data type: `Hash`
+
+Hash of sensu_oidc_auth resources
+
+Default value: {}
+
 ##### `role_bindings`
 
 Data type: `Hash`
@@ -1028,6 +1037,16 @@ Valid values: /.*/, absent
 
 A set of filters used by the agent to determine of the asset should be installed.
 
+##### `builds`
+
+A list of asset builds used to define multiple artifacts which provide the named asset.
+
+Keys:
+* url: required
+* sha512: required
+* filters: optional Array
+* headers: optional Hash
+
 ##### `headers`
 
 HTTP headers to appy to asset retrieval requests.
@@ -1402,7 +1421,19 @@ The name of the role.
 ```puppet
 sensu_cluster_role_binding { 'test':
   ensure   => 'present',
-  role_ref => 'test-role',
+  role_ref => {'type' => 'ClusterRole', 'name' => 'test-role'},
+  subjects => [
+    { 'type' => 'User', 'name' => 'test-user' }
+  ],
+}
+```
+
+##### Add a cluster role binding for a Role
+
+```puppet
+sensu_cluster_role_binding { 'test':
+  ensure   => 'present',
+  role_ref => {'type' => 'Role', 'name' => 'test-role'},
   subjects => [
     { 'type' => 'User', 'name' => 'test-user' }
   ],
@@ -1423,7 +1454,7 @@ Default value: present
 
 ##### `role_ref`
 
-References a cluster role.
+References a role in the current namespace or a cluster role.
 
 ##### `subjects`
 
@@ -1935,6 +1966,7 @@ The name of the handler.
 * `Sensu_configure[puppet]`
 * `Sensu_api_validator[sensu]`
 * `sensu_namespace` - Puppet will autorequire `sensu_namespace` resource defined in `namespace` property.
+* `sensu_asset` - Puppet will autorequire `sensu_asset` resources defined in `runtime_assets` property.
 
 #### Examples
 
@@ -1986,6 +2018,12 @@ If the Sensu agent writes JSON serialized Sensu entity and check data to the com
 
 Default value: false
 
+##### `runtime_assets`
+
+Valid values: /.*/, absent
+
+An array of Sensu assets (names), required at runtime for the execution of the command
+
 ##### `namespace`
 
 The Sensu RBAC namespace that this hook belongs to.
@@ -2256,6 +2294,92 @@ namevar
 
 The name of the namespace.
 
+### sensu_oidc_auth
+
+**Autorequires**:
+* `Package[sensu-go-cli]`
+* `Service[sensu-backend]`
+* `Sensu_configure[puppet]`
+* `Sensu_api_validator[sensu]`
+* `Exec[sensu-add-license]`
+
+#### Examples
+
+##### Add an Active Directory auth
+
+```puppet
+sensu_oidc_auth { 'oidc':
+  ensure            => 'present',
+  additional_scopes => ['email','groups'],
+  client_id         => '0oa13ry4ypeDDBpxF357',
+  client_secret     => 'DlArQRfND4BKBUyO0mE-TL2PWOVwyGjIO1fdk9gX',
+  groups_claim      => 'groups',
+  groups_prefix     => 'oidc:',
+  redirect_uri      => 'https://sensu-backend.example.com:8080/api/enterprise/authentication/v2/oidc/callback',
+  server            => 'https://idp.example.com',
+  username_claim    => 'email',
+  username_prefix   => 'oidc:'
+}
+```
+
+#### Properties
+
+The following properties are available in the `sensu_oidc_auth` type.
+
+##### `ensure`
+
+Valid values: present, absent
+
+The basic property that the resource should be in.
+
+Default value: present
+
+##### `client_id`
+
+The OIDC provider application "Client ID"
+
+##### `client_secret`
+
+The OIDC provider application "Client Secret"
+
+##### `server`
+
+The location of the OIDC server you wish to authenticate against.
+
+##### `redirect_uri`
+
+Redirect URL to provide to the OIDC provider.
+
+##### `groups_claim`
+
+The claim to use to form the associated RBAC groups.
+
+##### `groups_prefix`
+
+A prefix to use to form the final RBAC groups if required.
+
+##### `username_claim`
+
+The claim to use to form the final RBAC user name.
+
+##### `username_prefix`
+
+A prefix to use to form the final RBAC user name.
+
+##### `additional_scopes`
+
+Scopes to include in the claims
+
+#### Parameters
+
+The following parameters are available in the `sensu_oidc_auth` type.
+
+##### `name`
+
+namevar
+
+The name of the AD auth.
+
 ### sensu_plugin
 
 **Autorequires**:
@@ -2426,7 +2550,19 @@ The name of the role.
 ```puppet
 sensu_role_binding { 'test':
   ensure   => 'present',
-  role_ref => 'test-role',
+  role_ref => {'type' => 'Role', 'name' => 'test-role'},
+  subjects => [
+    { 'type' => 'User', 'name' => 'test-user' }
+  ],
+}
+```
+
+##### Add a role binding for a ClusterRole
+
+```puppet
+sensu_role_binding { 'test':
+  ensure   => 'present',
+  role_ref => {'type' => 'ClusterRole', 'name' => 'test-role'},
   subjects => [
     { 'type' => 'User', 'name' => 'test-user' }
   ],
@@ -2438,7 +2574,7 @@ sensu_role_binding { 'test':
 ```puppet
 sensu_role_binding { 'test in dev':
   ensure   => 'present',
-  role_ref => 'test-role',
+  role_ref => {'type' => 'Role', 'name' => 'test-role'},
   subjects => [
     { 'type' => 'User', 'name' => 'test-user' }
   ],
@@ -2465,7 +2601,7 @@ Default value: default
 
 ##### `role_ref`
 
-References a role.
+References a role in the current namespace or a cluster role.
 
 ##### `subjects`