.travis.yml

@@ -47,21 +47,6 @@ matrix:
     env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 6" FIXTURES_YML=".fixtures-latest.yml"
     stage: unit
     bundler_args: --without system_tests development
-  - rvm: 2.4.9
-    services: docker
-    env: BEAKER_set="centos-6" BEAKER_PUPPET_COLLECTION=puppet5
-    script: bundle exec rake beaker
-    stage: acceptance
-  - rvm: 2.5.7
-    services: docker
-    env: BEAKER_set="centos-6" BEAKER_PUPPET_COLLECTION=puppet6
-    script: bundle exec rake beaker
-    stage: acceptance
-  - rvm: 2.5.7
-    services: docker
-    env: BEAKER_sensu_ci_build=yes BEAKER_set="centos-6" BEAKER_PUPPET_COLLECTION=puppet6
-    script: bundle exec rake beaker
-    stage: acceptance
   - rvm: 2.4.9
     services: docker
     env: BEAKER_set="centos-7" BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_sensu_mode=full
@@ -199,22 +184,12 @@ matrix:
     stage: acceptance
   - rvm: 2.5.7
     services: docker
-    env: BEAKER_sensu_ci_build=yes BEAKER_set="ubuntu-1604" BEAKER_PUPPET_COLLECTION=puppet6
-    script: bundle exec rake beaker
-    stage: acceptance
-  - rvm: 2.4.9
-    services: docker
-    env: BEAKER_set="debian-8" BEAKER_PUPPET_COLLECTION=puppet5
-    script: bundle exec rake beaker
-    stage: acceptance
-  - rvm: 2.5.7
-    services: docker
-    env: BEAKER_set="debian-8" BEAKER_PUPPET_COLLECTION=puppet6
+    env: BEAKER_set="ubuntu-1604" BEAKER_PUPPET_COLLECTION=puppet7
     script: bundle exec rake beaker
     stage: acceptance
   - rvm: 2.5.7
     services: docker
-    env: BEAKER_sensu_ci_build=yes BEAKER_set="debian-8" BEAKER_PUPPET_COLLECTION=puppet6
+    env: BEAKER_sensu_ci_build=yes BEAKER_set="ubuntu-1604" BEAKER_PUPPET_COLLECTION=puppet6
     script: bundle exec rake beaker
     stage: acceptance
   - rvm: 2.4.9
@@ -269,8 +244,6 @@ matrix:
     env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 5" FIXTURES_YML=".fixtures-latest.yml"
   - rvm: 2.5.7
     env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 6" FIXTURES_YML=".fixtures-latest.yml"
-  - rvm: 2.5.7
-    env: BEAKER_sensu_ci_build=yes BEAKER_set="centos-6" BEAKER_PUPPET_COLLECTION=puppet6
   - rvm: 2.5.7
     env: BEAKER_sensu_ci_build=yes BEAKER_set="centos-7" BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_sensu_mode=full
   - rvm: 2.5.7
@@ -287,8 +260,6 @@ matrix:
     env: BEAKER_sensu_ci_build=yes BEAKER_set="debian-10" BEAKER_PUPPET_COLLECTION=puppet6
   - rvm: 2.5.7
     env: BEAKER_sensu_ci_build=yes BEAKER_set="ubuntu-1604" BEAKER_PUPPET_COLLECTION=puppet6
-  - rvm: 2.5.7
-    env: BEAKER_sensu_ci_build=yes BEAKER_set="debian-8" BEAKER_PUPPET_COLLECTION=puppet6
   - rvm: 2.5.7
     env: BEAKER_sensu_ci_build=yes BEAKER_set="ubuntu-1804" BEAKER_PUPPET_COLLECTION=puppet6
   - rvm: 2.5.7

CHANGELOG.md

@@ -1,6 +1,21 @@
 # Changelog
 
-## [v5.3.1](https://github.com/sensu/sensu-puppet/tree/v5.3.1) (2020-11-05)
+## [v5.4.0](https://github.com/sensu/sensu-puppet/tree/v5.4.0) (2020-12-09)
+
+[Full Changelog](https://github.com/sensu/sensu-puppet/compare/v5.3.1...v5.4.0)
+
+### Added
+
+- Add token\_file parameter to sensu\_secrets\_vault\_provider [\#1291](https://github.com/sensu/sensu-puppet/pull/1291) ([treydock](https://github.com/treydock))
+- Remove Debian 8 support, is EOL [\#1290](https://github.com/sensu/sensu-puppet/pull/1290) ([treydock](https://github.com/treydock))
+- \[ci skip\] README updates for where to define resources [\#1287](https://github.com/sensu/sensu-puppet/pull/1287) ([treydock](https://github.com/treydock))
+
+### Fixed
+
+- Remove EL6 acceptance tests that fail after EOL [\#1293](https://github.com/sensu/sensu-puppet/pull/1293) ([treydock](https://github.com/treydock))
+- Update documentation for secrets property [\#1289](https://github.com/sensu/sensu-puppet/pull/1289) ([treydock](https://github.com/treydock))
+
+## [v5.3.1](https://github.com/sensu/sensu-puppet/tree/v5.3.1) (2020-11-06)
 
 [Full Changelog](https://github.com/sensu/sensu-puppet/compare/v5.3.0...v5.3.1)
 
@@ -267,7 +282,6 @@
 ### Changed
 
 - BREAKING: Add API providers [\#1191](https://github.com/sensu/sensu-puppet/pull/1191) ([treydock](https://github.com/treydock))
-- Add several parameters to sensu::agent class [\#1185](https://github.com/sensu/sensu-puppet/pull/1185) ([treydock](https://github.com/treydock))
 
 ### Added
 
@@ -288,11 +302,6 @@
 
 [Full Changelog](https://github.com/sensu/sensu-puppet/compare/v3.12.0...v3.13.0)
 
-### Added
-
-- Updates to travis-ci [\#1186](https://github.com/sensu/sensu-puppet/pull/1186) ([treydock](https://github.com/treydock))
-- Support PDK [\#1184](https://github.com/sensu/sensu-puppet/pull/1184) ([treydock](https://github.com/treydock))
-
 ## [v3.12.0](https://github.com/sensu/sensu-puppet/tree/v3.12.0) (2019-11-25)
 
 [Full Changelog](https://github.com/sensu/sensu-puppet/compare/v3.11.0...v3.12.0)

README.md

@@ -10,6 +10,7 @@
     * [Setup requirements](#setup-requirements)
     * [Beginning with Sensu](#beginning-with-sensu)
 3. [Usage - Configuration options and additional functionality](#usage)
+    * [Location of Resources](#location-of-resources)
     * [Basic Sensu backend](#basic-sensu-backend)
     * [Basic Sensu agent](#basic-sensu-agent)
     * [Basic Sensu CLI](#basic-sensu-cli)
@@ -227,6 +228,12 @@ The output should look like the following:
 
 ## Usage
 
+### Location of Resources
+
+Sensu Go is designed to have resources like checks and assets defined on the backend host.
+For Puppet this means that the simplest configuration will be one where checks and other resources are defined on the host using `sensu::backend` class.
+Hosts with only the `sensu::agent` class do not need to have checks defined on them, rather just have to have a subscription assigned that matches a check.
+
 ### Basic Sensu backend
 
 The following example will configure sensu-backend, sensu-agent on backend and add a check.
@@ -1254,7 +1261,6 @@ Linux.
 * EL 6
 * EL 7
 * EL 8
-* Debian 8
 * Debian 9
 * Debian 10
 * Ubuntu 16.04 LTS

REFERENCE.md

@@ -2335,7 +2335,8 @@ An array of Sensu assets (names), required at runtime for the execution of the c
 
 ##### `secrets`
 
-List of Sensu secrets to set for the check execution environment.
+Array of the name/secret pairs to use with command execution.
+Example: [{'name' => 'ANSIBLE_HOST', 'secret' => 'sensu-ansible-host' }]
 
 ##### `silenced`
 
@@ -3174,7 +3175,8 @@ An array of Sensu assets (names), required at runtime for the execution of the c
 
 ##### `secrets`
 
-List of Sensu secrets to set for the handler execution environment.
+Array of the name/secret pairs to use with command execution.
+Example: [{'name' => 'ANSIBLE_HOST', 'secret' => 'sensu-ansible-host' }]
 
 ##### `socket`
 
@@ -3539,7 +3541,8 @@ An array of Sensu assets (names), required at runtime for the execution of the c
 
 ##### `secrets`
 
-List of Sensu secrets to set for the mutator execution environment.
+Array of the name/secret pairs to use with command execution.
+Example: [{'name' => 'ANSIBLE_HOST', 'secret' => 'sensu-ansible-host' }]
 
 ##### `timeout`
 
@@ -4268,6 +4271,10 @@ The name of the secrets provider.
 The specific backend to use for this `sensu_secrets_vault_provider` resource. You will seldom need to specify this ---
 Puppet will usually discover the appropriate provider for your platform.
 
+##### `token_file`
+
+Path to file that contains token to use for authentication.
+
 ### `sensu_tessen`
 
 **NOTE** This is a private type not intended to be used directly.

lib/puppet/provider/sensu_secrets_vault_provider/sensu_api.rb

@@ -54,12 +54,25 @@ def initialize(value = {})
     end
   end
 
+  def get_token
+    if resource[:token_file]
+      token = File.read(resource[:token_file]).chomp
+    else
+      token = @property_flush[:token] || resource[:token]
+    end
+    token
+  rescue Errno::ENOENT => e
+    raise Puppet::Error "Unable to read token_file #{resource[:token_file]}: #{e}"
+  end
+
   def create
     spec = {}
     metadata = {}
     metadata[:name] = resource[:name]
     spec[:client] = {}
+    spec[:client][:token] = get_token
     type_properties.each do |property|
+      next if property == :token
       value = resource[property]
       next if value.nil?
       next if value == :absent || value == [:absent]
@@ -88,7 +101,9 @@ def flush
       metadata = {}
       metadata[:name] = resource[:name]
       spec[:client] = {}
+      spec[:client][:token] = get_token
       type_properties.each do |property|
+        next if property == :token
         if @property_flush[property]
           value = @property_flush[property]
         else

lib/puppet/provider/sensu_secrets_vault_provider/sensuctl.rb

@@ -57,12 +57,25 @@ def initialize(value = {})
     end
   end
 
+  def get_token
+    if resource[:token_file]
+      token = File.read(resource[:token_file]).chomp
+    else
+      token = @property_flush[:token] || resource[:token]
+    end
+    token
+  rescue Errno::ENOENT => e
+    raise Puppet::Error "Unable to read token_file #{resource[:token_file]}: #{e}"
+  end
+
   def create
     spec = {}
     metadata = {}
     metadata[:name] = resource[:name]
     spec[:client] = {}
+    spec[:client][:token] = get_token
     type_properties.each do |property|
+      next if property == :token
       value = resource[property]
       next if value.nil?
       next if value == :absent || value == [:absent]
@@ -85,7 +98,9 @@ def flush
       metadata = {}
       metadata[:name] = resource[:name]
       spec[:client] = {}
+      spec[:client][:token] = get_token
       type_properties.each do |property|
+        next if property == :token
         if @property_flush[property]
           value = @property_flush[property]
         else

lib/puppet/type/sensu_check.rb

@@ -272,7 +272,10 @@
   end
 
   newproperty(:secrets, :array_matching => :all, :parent => PuppetX::Sensu::SecretsProperty) do
-    desc 'List of Sensu secrets to set for the check execution environment.'
+    desc <<-EOS
+    Array of the name/secret pairs to use with command execution.
+    Example: [{'name' => 'ANSIBLE_HOST', 'secret' => 'sensu-ansible-host' }]
+    EOS
   end
 
   newproperty(:namespace, :namevar => true) do

lib/puppet/type/sensu_handler.rb

@@ -136,7 +136,10 @@
   end
 
   newproperty(:secrets, :array_matching => :all, :parent => PuppetX::Sensu::SecretsProperty) do
-    desc 'List of Sensu secrets to set for the handler execution environment.'
+    desc <<-EOS
+    Array of the name/secret pairs to use with command execution.
+    Example: [{'name' => 'ANSIBLE_HOST', 'secret' => 'sensu-ansible-host' }]
+    EOS
   end
 
   newproperty(:namespace, :namevar => true) do

lib/puppet/type/sensu_mutator.rb

@@ -75,7 +75,10 @@
   end
 
   newproperty(:secrets, :array_matching => :all, :parent => PuppetX::Sensu::SecretsProperty) do
-    desc 'List of Sensu secrets to set for the mutator execution environment.'
+    desc <<-EOS
+    Array of the name/secret pairs to use with command execution.
+    Example: [{'name' => 'ANSIBLE_HOST', 'secret' => 'sensu-ansible-host' }]
+    EOS
   end
 
   newproperty(:namespace, :namevar => true) do

lib/puppet/type/sensu_secrets_vault_provider.rb

@@ -60,6 +60,10 @@ def should_to_s(newvalue)
     end
   end
 
+  newparam(:token_file) do
+    desc 'Path to file that contains token to use for authentication.'
+  end
+
   newproperty(:version) do
     desc 'HashiCorp Vault HTTP API version'
   end
@@ -142,13 +146,18 @@ def should_to_s(newvalue)
   validate do
     required_properties = [
       :address,
-      :token,
       :version,
     ]
     required_properties.each do |property|
       if self[:ensure] == :present && self[property].nil?
         fail "You must provide a #{property}"
       end
     end
+    if self[:ensure] == :present && self[:token].nil? && self[:token_file].nil?
+      fail "You must provide either token or token_file"
+    end
+    if self[:ensure] == :present && self[:token] && self[:token_file]
+      fail "token and token_file are mutually exclusive"
+    end
   end
 end

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "sensu-sensu",
-  "version": "5.3.1",
+  "version": "5.4.0",
   "author": "sensu",
   "summary": "A module to install the Sensu monitoring framework",
   "license": "MIT",
@@ -45,7 +45,6 @@
     {
       "operatingsystem": "Debian",
       "operatingsystemrelease": [
-        "8",
         "9",
         "10"
       ]