CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## [v4.4.1](https://github.com/sensu/sensu-puppet/tree/v4.4.1) (2020-02-01)
+
+[Full Changelog](https://github.com/sensu/sensu-puppet/compare/v4.4.0...v4.4.1)
+
+### Added
+
+- Changes to support Sensu Go 5.17.1 [\#1207](https://github.com/sensu/sensu-puppet/pull/1207) ([treydock](https://github.com/treydock))
+
 ## [v4.4.0](https://github.com/sensu/sensu-puppet/tree/v4.4.0) (2020-01-31)
 
 [Full Changelog](https://github.com/sensu/sensu-puppet/compare/v4.3.0...v4.4.0)
@@ -76,6 +84,10 @@
 
 [Full Changelog](https://github.com/sensu/sensu-puppet/compare/v3.13.0...v3.14.0)
 
+### Added
+
+- Support defining agent and backend service environment variables [\#1160](https://github.com/sensu/sensu-puppet/pull/1160) ([treydock](https://github.com/treydock))
+
 ## [v3.13.0](https://github.com/sensu/sensu-puppet/tree/v3.13.0) (2019-11-26)
 
 [Full Changelog](https://github.com/sensu/sensu-puppet/compare/v3.12.0...v3.13.0)
@@ -116,7 +128,6 @@
 - Improve release process [\#1166](https://github.com/sensu/sensu-puppet/pull/1166) ([treydock](https://github.com/treydock))
 - \(ci\) Use correct Ruby version 2.5.7 for latest Puppet 6 tests [\#1165](https://github.com/sensu/sensu-puppet/pull/1165) ([ghoneycutt](https://github.com/ghoneycutt))
 - Additional bolt tasks [\#1162](https://github.com/sensu/sensu-puppet/pull/1162) ([treydock](https://github.com/treydock))
-- Support defining agent and backend service environment variables [\#1160](https://github.com/sensu/sensu-puppet/pull/1160) ([treydock](https://github.com/treydock))
 
 ### Fixed
 
@@ -173,7 +184,6 @@
 - Increase upper bound of module dependencies [\#1134](https://github.com/sensu/sensu-puppet/pull/1134) ([treydock](https://github.com/treydock))
 - Improved Validations [\#1132](https://github.com/sensu/sensu-puppet/pull/1132) ([treydock](https://github.com/treydock))
 - Support Debian 10 [\#1128](https://github.com/sensu/sensu-puppet/pull/1128) ([treydock](https://github.com/treydock))
-- Add acceptance tests that use puppetserver [\#1123](https://github.com/sensu/sensu-puppet/pull/1123) ([treydock](https://github.com/treydock))
 
 ### Fixed
 
@@ -199,6 +209,10 @@
 
 [Full Changelog](https://github.com/sensu/sensu-puppet/compare/v3.4.0...v3.4.1)
 
+### Added
+
+- Add acceptance tests that use puppetserver [\#1123](https://github.com/sensu/sensu-puppet/pull/1123) ([treydock](https://github.com/treydock))
+
 ### Fixed
 
 - Fix to support Puppetserver 5 [\#1122](https://github.com/sensu/sensu-puppet/pull/1122) ([treydock](https://github.com/treydock))
@@ -217,7 +231,6 @@
 
 - Update several usage examples to match Sensu Go docs [\#1117](https://github.com/sensu/sensu-puppet/pull/1117) ([treydock](https://github.com/treydock))
 - Regenerate backend test cert to include additional SANs [\#1113](https://github.com/sensu/sensu-puppet/pull/1113) ([treydock](https://github.com/treydock))
-- Fix repo path for EL vagrant [\#1110](https://github.com/sensu/sensu-puppet/pull/1110) ([treydock](https://github.com/treydock))
 
 ## [v3.3.0](https://github.com/sensu/sensu-puppet/tree/v3.3.0) (2019-05-18)
 
@@ -230,6 +243,7 @@
 
 ### Fixed
 
+- Fix repo path for EL vagrant [\#1110](https://github.com/sensu/sensu-puppet/pull/1110) ([treydock](https://github.com/treydock))
 - Fix cluster tests to work with Sensu Go 5.7 [\#1109](https://github.com/sensu/sensu-puppet/pull/1109) ([treydock](https://github.com/treydock))
 
 ## [v3.2.0](https://github.com/sensu/sensu-puppet/tree/v3.2.0) (2019-05-06)

REFERENCE.md

@@ -3454,6 +3454,12 @@ URL to use with 'sensuctl configure'
 
 Default value: http://127.0.0.1:8080
 
+##### `configure_trusted_ca_file`
+
+Path to trusted CA to use with 'sensuctl configure'
+
+Default value: /etc/sensu/ssl/ca.crt
+
 ## Data types
 
 ### Sensu::Backend_URL

lib/puppet/provider/sensu_user/sensu_api.rb

@@ -69,7 +69,12 @@ def create
     data[:disabled] = convert_boolean_property_value(resource[:disabled]) unless resource[:disabled].nil?
     api_request('users', data, {:method => 'post'})
     if resource[:configure] == :true
-      Puppet::Provider::Sensuctl.sensuctl(['configure', '-n', '--url', resource[:configure_url], '--username', resource[:name], '--password', resource[:password]])
+      configure_cmd = ['configure', '-n', '--url', resource[:configure_url], '--username', resource[:name], '--password', resource[:password]]
+      if resource[:configure_trusted_ca_file] != "absent"
+        configure_cmd << '--trusted-ca-file'
+        configure_cmd << resource[:configure_trusted_ca_file]
+      end
+      Puppet::Provider::Sensuctl.sensuctl(configure_cmd)
     end
     @property_hash[:ensure] = :present
   end
@@ -87,7 +92,12 @@ def flush
       end
       api_request("users/#{resource[:name]}", data, {:method => 'put'})
       if @property_flush[:password] && resource[:configure] == :true
-        Puppet::Provider::Sensuctl.sensuctl(['configure', '-n', '--url', resource[:configure_url], '--username', resource[:name], '--password', @property_flush[:password]])
+        configure_cmd = ['configure', '-n', '--url', resource[:configure_url], '--username', resource[:name], '--password', @property_flush[:password]]
+        if resource[:configure_trusted_ca_file] != "absent"
+          configure_cmd << '--trusted-ca-file'
+          configure_cmd << resource[:configure_trusted_ca_file]
+        end
+        Puppet::Provider::Sensuctl.sensuctl(configure_cmd)
       end
     end
     @property_hash = resource.to_hash

lib/puppet/provider/sensu_user/sensuctl.rb

@@ -81,7 +81,12 @@ def create
       sensuctl(['user', 'disable', resource[:name], '--skip-confirm'])
     end
     if resource[:configure] == :true
-      sensuctl(['configure', '-n', '--url', resource[:configure_url], '--username', resource[:name], '--password', resource[:password]])
+      configure_cmd = ['configure', '-n', '--url', resource[:configure_url], '--username', resource[:name], '--password', resource[:password]]
+      if resource[:configure_trusted_ca_file] != "absent"
+        configure_cmd << '--trusted-ca-file'
+        configure_cmd << resource[:configure_trusted_ca_file]
+      end
+      sensuctl(configure_cmd)
     end
     @property_hash[:ensure] = :present
   end
@@ -97,7 +102,12 @@ def flush
         end
         sensuctl(['user', 'change-password', resource[:name], '--current-password', resource[:old_password], '--new-password', @property_flush[:password]])
         if resource[:configure] == :true
-          sensuctl(['configure', '-n', '--url', resource[:configure_url], '--username', resource[:name], '--password', @property_flush[:password]])
+          configure_cmd = ['configure', '-n', '--url', resource[:configure_url], '--username', resource[:name], '--password', @property_flush[:password]]
+          if resource[:configure_trusted_ca_file] != "absent"
+            configure_cmd << '--trusted-ca-file'
+            configure_cmd << resource[:configure_trusted_ca_file]
+          end
+          sensuctl(configure_cmd)
         end
       end
       if @property_flush[:groups]

lib/puppet/provider/sensuctl.rb

@@ -38,17 +38,6 @@ def sensuctl_config(*args)
     self.class.sensuctl_config(*args)
   end
 
-  def self.save_config(config, path = nil)
-    path ||= config_path
-    return unless File.exist?(path)
-    File.open(path, "w") do |f|
-      f.write(JSON.pretty_generate(config))
-    end
-  end
-  def save_config(*args)
-    self.class.save_config(*args)
-  end
-
   def self.type_properties
     resource_type.validproperties.reject { |p| p.to_sym == :ensure }
   end

lib/puppet/provider/sensuctl_configure/sensuctl.rb

@@ -120,12 +120,6 @@ def create
   def flush
     if !@property_flush.empty?
       begin
-        if @property_flush[:trusted_ca_file] == 'absent'
-          Puppet.info("Clearing trusted-ca-file in #{config_path}")
-          config = sensuctl_config
-          config['trusted-ca-file'] = ''
-          save_config(config)
-        end
         backend_init
         configure_cmd()
         sensuctl(['config','set-format',@property_flush[:config_format]]) if @property_flush[:config_format]

lib/puppet/type/sensu_asset.rb

@@ -76,8 +76,8 @@
   newparam(:resource_name, :namevar => true) do
     desc "The name of the asset."
     validate do |value|
-      # Must only contain lower case letters, numbers, underscores, periods, hyphens and colons
-      unless value =~ %r{^[a-z0-9\/\_\.\-\:]+$}
+      # Must only contain upper case letters, lower case letters, numbers, underscores, periods, hyphens and colons
+      unless value =~ %r{^[A-Za-z0-9\/\_\.\-\:]+$}
         raise ArgumentError, "sensu_asset name invalid"
       end
     end

lib/puppet/type/sensu_user.rb

@@ -102,6 +102,11 @@ def should_to_s(newvalue)
     defaultto 'http://127.0.0.1:8080'
   end
 
+  newparam(:configure_trusted_ca_file) do
+    desc "Path to trusted CA to use with 'sensuctl configure'"
+    defaultto('/etc/sensu/ssl/ca.crt')
+  end
+
   validate do
     required_properties = [
       :password

manifests/backend.pp

@@ -193,13 +193,14 @@
   }
 
   sensu_user { 'admin':
-    ensure        => 'present',
-    password      => $password,
-    old_password  => $sensu::old_password,
-    groups        => ['cluster-admins'],
-    disabled      => false,
-    configure     => true,
-    configure_url => $api_url,
+    ensure                    => 'present',
+    password                  => $password,
+    old_password              => $sensu::old_password,
+    groups                    => ['cluster-admins'],
+    disabled                  => false,
+    configure                 => true,
+    configure_url             => $api_url,
+    configure_trusted_ca_file => $trusted_ca_file,
   }
 
   if $manage_agent_user {

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "sensu-sensu",
-  "version": "4.4.0",
+  "version": "4.4.1",
   "author": "sensu",
   "summary": "A module to install the Sensu monitoring framework",
   "license": "MIT",

spec/classes/backend_spec.rb

@@ -32,13 +32,14 @@
         it { should have_sensu_user_resource_count(2) }
         it {
           should contain_sensu_user('admin').with({
-            'ensure'        => 'present',
-            'password'      => 'P@ssw0rd!',
-            'old_password'  => nil,
-            'groups'        => ['cluster-admins'],
-            'disabled'      => 'false',
-            'configure'     => 'true',
-            'configure_url' => 'https://test.example.com:8080',
+            'ensure'                    => 'present',
+            'password'                  => 'P@ssw0rd!',
+            'old_password'              => nil,
+            'groups'                    => ['cluster-admins'],
+            'disabled'                  => 'false',
+            'configure'                 => 'true',
+            'configure_url'             => 'https://test.example.com:8080',
+            'configure_trusted_ca_file' => '/etc/sensu/ssl/ca.crt',
           })
         }
         it {
@@ -191,6 +192,19 @@
         it { should_not contain_file('sensu_ssl_cert') }
         it { should_not contain_file('sensu_ssl_key') }
 
+        it {
+          should contain_sensu_user('admin').with({
+            'ensure'                    => 'present',
+            'password'                  => 'P@ssw0rd!',
+            'old_password'              => nil,
+            'groups'                    => ['cluster-admins'],
+            'disabled'                  => 'false',
+            'configure'                 => 'true',
+            'configure_url'             => 'http://test.example.com:8080',
+            'configure_trusted_ca_file' => 'absent',
+          })
+        }
+
         backend_content = <<-END.gsub(/^\s+\|/, '')
           |---
           |state-dir: "/var/lib/sensu/sensu-backend"

spec/unit/provider/sensu_user/sensu_api_spec.rb

@@ -48,7 +48,7 @@
         :disabled => false,
       }
       expect(resource.provider).to receive(:api_request).with('users', data, {:method => 'post'})
-      expect(Puppet::Provider::Sensuctl).to receive(:sensuctl).with(['configure','-n','--url','http://127.0.0.1:8080','--username','test','--password','P@ssw0rd!'])
+      expect(Puppet::Provider::Sensuctl).to receive(:sensuctl).with(['configure','-n','--url','http://127.0.0.1:8080','--username','test','--password','P@ssw0rd!','--trusted-ca-file','/etc/sensu/ssl/ca.crt'])
       resource.provider.create
       property_hash = resource.provider.instance_variable_get("@property_hash")
       expect(property_hash[:ensure]).to eq(:present)
@@ -76,7 +76,7 @@
         :disabled => false,
       }
       expect(resource.provider).to receive(:api_request).with('users/test', data, {:method => 'put'})
-      expect(Puppet::Provider::Sensuctl).to receive(:sensuctl).with(['configure','-n','--url','http://127.0.0.1:8080','--username','test','--password','foobar'])
+      expect(Puppet::Provider::Sensuctl).to receive(:sensuctl).with(['configure','-n','--url','http://127.0.0.1:8080','--username','test','--password','foobar','--trusted-ca-file','/etc/sensu/ssl/ca.crt'])
       resource.provider.password = 'foobar'
       resource.provider.flush
     end

spec/unit/provider/sensu_user/sensuctl_spec.rb

@@ -35,7 +35,7 @@
     it 'should create user and reconfigure sensuctl' do
       resource[:configure] = true
       expect(resource.provider).to receive(:sensuctl).with(['user', 'create', 'test', '--password', 'P@ssw0rd!', '--groups', 'test'])
-      expect(resource.provider).to receive(:sensuctl).with(['configure','-n','--url','http://127.0.0.1:8080','--username','test','--password','P@ssw0rd!'])
+      expect(resource.provider).to receive(:sensuctl).with(['configure','-n','--url','http://127.0.0.1:8080','--username','test','--password','P@ssw0rd!','--trusted-ca-file','/etc/sensu/ssl/ca.crt'])
       resource.provider.create
       property_hash = resource.provider.instance_variable_get("@property_hash")
       expect(property_hash[:ensure]).to eq(:present)
@@ -61,7 +61,7 @@
       resource[:old_password] = 'foo'
       expect(resource.provider).to receive(:password_insync?).with('test', 'foo').and_return(true)
       expect(resource.provider).to receive(:sensuctl).with(['user', 'change-password', 'test', '--current-password', 'foo', '--new-password', 'foobar'])
-      expect(resource.provider).to receive(:sensuctl).with(['configure','-n','--url','http://127.0.0.1:8080','--username','test','--password','foobar'])
+      expect(resource.provider).to receive(:sensuctl).with(['configure','-n','--url','http://127.0.0.1:8080','--username','test','--password','foobar','--trusted-ca-file','/etc/sensu/ssl/ca.crt'])
       resource.provider.password = 'foobar'
       resource.provider.flush
     end

spec/unit/provider/sensuctl_configure/sensuctl_spec.rb

@@ -117,16 +117,7 @@
       resource.provider.flush
     end
     it 'should remove SSL trusted ca' do
-      sensuctl_config = {
-        "api-url" => 'foo.example.com:8081',
-        "trusted-ca-file" => '/etc/sensu/ssl/ca.crt',
-      }
-      expected_config = sensuctl_config.clone
-      expected_config['trusted-ca-file'] = ''
-      allow(resource.provider).to receive(:config_path).and_return('/root/.config/sensu/sensuctl/cluster')
-      allow(resource.provider).to receive(:sensuctl_config).and_return(sensuctl_config)
       expect(resource.provider).to receive(:sensuctl).with(['configure','--non-interactive','--url','http://localhost:8080','--username','admin','--password','foobar'])
-      expect(resource.provider).to receive(:save_config).with(expected_config)
       resource.provider.trusted_ca_file = 'absent'
       resource.provider.flush
     end

spec/unit/sensu_asset_spec.rb

@@ -32,6 +32,8 @@
   end
 
   valid_names = [
+    'Foo',
+    'fooBar',
     'foo',
     'foo-bar',
     'foo.bar',
@@ -42,8 +44,6 @@
   ]
   invalid_names = [
     'foo!',
-    'Foo',
-    'fooBar',
   ]
   valid_names.each do |name|
     it "allows valid name #{name}" do

spec/unit/sensu_user_spec.rb

@@ -62,13 +62,15 @@
     'disabled': :false,
     'configure': :false,
     'configure_url': 'http://127.0.0.1:8080',
+    'configure_trusted_ca_file': '/etc/sensu/ssl/ca.crt',
   }
 
   # String properties
   [
     :password,
     :old_password,
-    :configure_url
+    :configure_url,
+    :configure_trusted_ca_file,
   ].each do |property|
     it "should accept valid #{property}" do
       config[property] = 'foo'