Showing with 91 additions and 22 deletions.
  1. +12 −14 CHANGELOG.md
  2. +19 −0 REFERENCE.md
  3. +4 −1 lib/puppet/type/sensu_user.rb
  4. +17 −6 manifests/backend.pp
  5. +1 −1 metadata.json
  6. +26 −0 spec/acceptance/00_backend_spec.rb
  7. +12 −0 spec/classes/backend_spec.rb
26 changes: 12 additions & 14 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,13 @@
# Changelog

## [v4.4.0](https://github.com/sensu/sensu-puppet/tree/v4.4.0) (2020-01-31)

[Full Changelog](https://github.com/sensu/sensu-puppet/compare/v4.3.0...v4.4.0)

### Added

- Add manage\_agent\_user parameter to sensu::backend [\#1206](https://github.com/sensu/sensu-puppet/pull/1206) ([treydock](https://github.com/treydock))

## [v4.3.0](https://github.com/sensu/sensu-puppet/tree/v4.3.0) (2020-01-29)

[Full Changelog](https://github.com/sensu/sensu-puppet/compare/v4.2.1...v4.3.0)
Expand Down Expand Up @@ -68,10 +76,6 @@

[Full Changelog](https://github.com/sensu/sensu-puppet/compare/v3.13.0...v3.14.0)

### Added

- Support defining agent and backend service environment variables [\#1160](https://github.com/sensu/sensu-puppet/pull/1160) ([treydock](https://github.com/treydock))

## [v3.13.0](https://github.com/sensu/sensu-puppet/tree/v3.13.0) (2019-11-26)

[Full Changelog](https://github.com/sensu/sensu-puppet/compare/v3.12.0...v3.13.0)
Expand Down Expand Up @@ -112,6 +116,7 @@
- Improve release process [\#1166](https://github.com/sensu/sensu-puppet/pull/1166) ([treydock](https://github.com/treydock))
- \(ci\) Use correct Ruby version 2.5.7 for latest Puppet 6 tests [\#1165](https://github.com/sensu/sensu-puppet/pull/1165) ([ghoneycutt](https://github.com/ghoneycutt))
- Additional bolt tasks [\#1162](https://github.com/sensu/sensu-puppet/pull/1162) ([treydock](https://github.com/treydock))
- Support defining agent and backend service environment variables [\#1160](https://github.com/sensu/sensu-puppet/pull/1160) ([treydock](https://github.com/treydock))

### Fixed

Expand Down Expand Up @@ -168,6 +173,7 @@
- Increase upper bound of module dependencies [\#1134](https://github.com/sensu/sensu-puppet/pull/1134) ([treydock](https://github.com/treydock))
- Improved Validations [\#1132](https://github.com/sensu/sensu-puppet/pull/1132) ([treydock](https://github.com/treydock))
- Support Debian 10 [\#1128](https://github.com/sensu/sensu-puppet/pull/1128) ([treydock](https://github.com/treydock))
- Add acceptance tests that use puppetserver [\#1123](https://github.com/sensu/sensu-puppet/pull/1123) ([treydock](https://github.com/treydock))

### Fixed

Expand All @@ -193,10 +199,6 @@

[Full Changelog](https://github.com/sensu/sensu-puppet/compare/v3.4.0...v3.4.1)

### Added

- Add acceptance tests that use puppetserver [\#1123](https://github.com/sensu/sensu-puppet/pull/1123) ([treydock](https://github.com/treydock))

### Fixed

- Fix to support Puppetserver 5 [\#1122](https://github.com/sensu/sensu-puppet/pull/1122) ([treydock](https://github.com/treydock))
Expand All @@ -209,11 +211,13 @@

- Add headers property to sensu\_assets [\#1119](https://github.com/sensu/sensu-puppet/pull/1119) ([treydock](https://github.com/treydock))
- Add ability to run acceptance tests against Sensu-Go CI builds [\#1115](https://github.com/sensu/sensu-puppet/pull/1115) ([treydock](https://github.com/treydock))
- Support listing sensuctl resources using chunk-size [\#1114](https://github.com/sensu/sensu-puppet/pull/1114) ([treydock](https://github.com/treydock))

### Fixed

- Update several usage examples to match Sensu Go docs [\#1117](https://github.com/sensu/sensu-puppet/pull/1117) ([treydock](https://github.com/treydock))
- Regenerate backend test cert to include additional SANs [\#1113](https://github.com/sensu/sensu-puppet/pull/1113) ([treydock](https://github.com/treydock))
- Fix repo path for EL vagrant [\#1110](https://github.com/sensu/sensu-puppet/pull/1110) ([treydock](https://github.com/treydock))

## [v3.3.0](https://github.com/sensu/sensu-puppet/tree/v3.3.0) (2019-05-18)

Expand All @@ -226,18 +230,12 @@

### Fixed

- Fix repo path for EL vagrant [\#1110](https://github.com/sensu/sensu-puppet/pull/1110) ([treydock](https://github.com/treydock))
- Fix cluster tests to work with Sensu Go 5.7 [\#1109](https://github.com/sensu/sensu-puppet/pull/1109) ([treydock](https://github.com/treydock))

## [v3.2.0](https://github.com/sensu/sensu-puppet/tree/v3.2.0) (2019-05-06)

[Full Changelog](https://github.com/sensu/sensu-puppet/compare/v3.1.0...v3.2.0)

### Added

- Support listing sensuctl resources using chunk-size [\#1114](https://github.com/sensu/sensu-puppet/pull/1114) ([treydock](https://github.com/treydock))
- Support Sensu Go 5.6 [\#1105](https://github.com/sensu/sensu-puppet/pull/1105) ([treydock](https://github.com/treydock))

## [v3.1.0](https://github.com/sensu/sensu-puppet/tree/v3.1.0) (2019-04-19)

[Full Changelog](https://github.com/sensu/sensu-puppet/compare/v3.0.0...v3.1.0)
Expand Down
19 changes: 19 additions & 0 deletions REFERENCE.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -578,6 +578,25 @@ Sets if default sensu resources should be included

Default value: `true`

##### `manage_agent_user`

Data type: `Boolean`

Sets if the Sensu agent user should be managed

Default value: `true`

##### `agent_user_disabled`

Data type: `Boolean`

Sets if the Sensu agent user should be disabled
Not applicable if `manage_agent_user` is `false`
This is useful if using agent TLS authentication
See https://docs.sensu.io/sensu-go/latest/guides/securing-sensu/#sensu-agent-tls-authentication

Default value: `false`

##### `show_diff`

Data type: `Boolean`
Expand Down
5 changes: 4 additions & 1 deletion lib/puppet/type/sensu_user.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,11 @@
desc "The user's password."

def insync?(is)
if @resource[:disabled].to_sym == :true
return true
end
if @resource.provider
if @resource[:disabled].to_sym == :true
if @resource.provider.disabled.to_sym == :true
return true
end
@resource.provider.password_insync?(@resource[:name], @should)
Expand Down
23 changes: 17 additions & 6 deletions manifests/backend.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,13 @@
# This parameter is mutually exclusive with ssl_key_source
# @param include_default_resources
# Sets if default sensu resources should be included
# @param manage_agent_user
# Sets if the Sensu agent user should be managed
# @param agent_user_disabled
# Sets if the Sensu agent user should be disabled
# Not applicable if `manage_agent_user` is `false`
# This is useful if using agent TLS authentication
# See https://docs.sensu.io/sensu-go/latest/guides/securing-sensu/#sensu-agent-tls-authentication
# @param show_diff
# Sets show_diff parameter for backend.yml configuration file
# @param license_source
Expand Down Expand Up @@ -90,6 +97,8 @@
Optional[String] $ssl_key_source = $facts['puppet_hostprivkey'],
Optional[String] $ssl_key_content = undef,
Boolean $include_default_resources = true,
Boolean $manage_agent_user = true,
Boolean $agent_user_disabled = false,
Boolean $show_diff = true,
Optional[String] $license_source = undef,
Optional[String] $license_content = undef,
Expand Down Expand Up @@ -193,12 +202,14 @@
configure_url => $api_url,
}

sensu_user { 'agent':
ensure => 'present',
disabled => false,
password => $sensu::agent_password,
old_password => $sensu::agent_old_password,
groups => ['system:agents'],
if $manage_agent_user {
sensu_user { 'agent':
ensure => 'present',
disabled => $agent_user_disabled,
password => $sensu::agent_password,
old_password => $sensu::agent_old_password,
groups => ['system:agents'],
}
}

if $manage_tessen {
Expand Down
2 changes: 1 addition & 1 deletion metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "sensu-sensu",
"version": "4.3.0",
"version": "4.4.0",
"author": "sensu",
"summary": "A module to install the Sensu monitoring framework",
"license": "MIT",
Expand Down
26 changes: 26 additions & 0 deletions spec/acceptance/00_backend_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,32 @@ class { 'sensu::agent':
end
end

context 'backend without agent' do
it 'should work without errors' do
pp = <<-EOS
class { '::sensu':
password => 'supersecret',
old_password => 'P@ssw0rd!',
}
class { 'sensu::backend':
agent_user_disabled => true,
}
EOS

if RSpec.configuration.sensu_use_agent
site_pp = "node 'sensu_backend' { #{pp} }"
puppetserver = hosts_as('puppetserver')[0]
create_remote_file(puppetserver, "/etc/puppetlabs/code/environments/production/manifests/site.pp", site_pp)
on node, puppet("agent -t --detailed-exitcodes"), acceptable_exit_codes: [0,2]
on node, puppet("agent -t --detailed-exitcodes"), acceptable_exit_codes: [0]
else
# Run it twice and test for idempotency
apply_manifest_on(node, pp, :catch_failures => true)
apply_manifest_on(node, pp, :catch_changes => true)
end
end
end

context 'reset admin password and opt-out tessen' do
it 'should work without errors' do
pp = <<-EOS
Expand Down
12 changes: 12 additions & 0 deletions spec/classes/backend_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,18 @@
it { should_not contain_class('sensu::backend::default_resources') }
end

context 'with manage_agent_user => false' do
let(:params) {{ :manage_agent_user => false }}
it { should compile.with_all_deps }
it { should_not contain_sensu_user('agent') }
end

context 'with agent_user_disabled => true' do
let(:params) {{ :agent_user_disabled => true }}
it { should compile.with_all_deps }
it { should contain_sensu_user('agent').with_disabled('true') }
end

context 'with license_source defined' do
let(:params) {{ :license_source => 'puppet:///modules/site_sensu/license.json' }}
it { should compile.with_all_deps }
Expand Down