.github/workflows/acceptance-cluster.yaml

@@ -23,10 +23,6 @@ jobs:
         - yes
         ci_build:
         - no
-        include:
-        - puppet: puppet6
-          use_agent: no
-          ci_build: yes
     env:
       BEAKER_debug: true
     name: Sensu Go Cluster ${{ matrix.puppet }} (use-agent=${{ matrix.use_agent }} CI=${{ matrix.ci_build }})

.github/workflows/acceptance-full.yaml

@@ -40,14 +40,9 @@ jobs:
           puppet: puppet7
           use_agent: yes
           ci_build: no
-        - sensu_mode: types
-          puppet: puppet6
-          use_agent: no
-          ci_build: yes
-        - sensu_mode: examples
-          puppet: puppet6
-          use_agent: no
-          ci_build: yes
+        # TODO: Uncomment once bolt tests are updated to work with latest bolt
+        #- sensu_mode: bolt
+        #  puppet: puppet6
     env:
       BEAKER_debug: true
     name: ${{ matrix.set }} ${{ matrix.puppet }} (mode=${{ matrix.sensu_mode }} use-agent=${{ matrix.use_agent }} CI=${{ matrix.ci_build }})

.github/workflows/acceptance.yaml

@@ -30,7 +30,6 @@ jobs:
         - puppet7
         ci_build:
         - no
-        - yes
         exclude:
         - puppet: puppet5
           ci_build: yes

CHANGELOG.md

@@ -1,5 +1,18 @@
 # Changelog
 
+## [v5.7.0](https://github.com/sensu/sensu-puppet/tree/v5.7.0) (2021-02-17)
+
+[Full Changelog](https://github.com/sensu/sensu-puppet/compare/v5.6.0...v5.7.0)
+
+### Added
+
+- Support refresh of sensu\_secrets\_vault\_provider token\_file [\#1305](https://github.com/sensu/sensu-puppet/pull/1305) ([treydock](https://github.com/treydock))
+
+### Fixed
+
+- Fix acceptance testing [\#1306](https://github.com/sensu/sensu-puppet/pull/1306) ([treydock](https://github.com/treydock))
+- Fix descriptions [\#1301](https://github.com/sensu/sensu-puppet/pull/1301) ([treydock](https://github.com/treydock))
+
 ## [v5.6.0](https://github.com/sensu/sensu-puppet/tree/v5.6.0) (2021-01-23)
 
 [Full Changelog](https://github.com/sensu/sensu-puppet/compare/v5.5.1...v5.6.0)
@@ -110,7 +123,6 @@
 - Remove acceptance test skipping for plugins [\#1272](https://github.com/sensu/sensu-puppet/pull/1272) ([treydock](https://github.com/treydock))
 - Make sensu\_ad\_auth group\_search optional [\#1266](https://github.com/sensu/sensu-puppet/pull/1266) ([treydock](https://github.com/treydock))
 - Add sensu::backend\_upgrade task [\#1265](https://github.com/sensu/sensu-puppet/pull/1265) ([treydock](https://github.com/treydock))
-- Allow disabling namespace validation for large environments [\#1254](https://github.com/sensu/sensu-puppet/pull/1254) ([treydock](https://github.com/treydock))
 
 ## [v4.13.1](https://github.com/sensu/sensu-puppet/tree/v4.13.1) (2020-08-13)
 
@@ -136,6 +148,10 @@
 
 [Full Changelog](https://github.com/sensu/sensu-puppet/compare/v4.11.0...v4.12.0)
 
+### Added
+
+- Allow disabling namespace validation for large environments [\#1254](https://github.com/sensu/sensu-puppet/pull/1254) ([treydock](https://github.com/treydock))
+
 ## [v4.11.0](https://github.com/sensu/sensu-puppet/tree/v4.11.0) (2020-06-29)
 
 [Full Changelog](https://github.com/sensu/sensu-puppet/compare/v4.10.0...v4.11.0)
@@ -231,7 +247,6 @@
 - Add more examples [\#1214](https://github.com/sensu/sensu-puppet/pull/1214) ([treydock](https://github.com/treydock))
 - Better organization of class variables [\#1213](https://github.com/sensu/sensu-puppet/pull/1213) ([treydock](https://github.com/treydock))
 - Better documentation of private types [\#1212](https://github.com/sensu/sensu-puppet/pull/1212) ([treydock](https://github.com/treydock))
-- Changes to support Sensu Go 5.17.1 [\#1207](https://github.com/sensu/sensu-puppet/pull/1207) ([treydock](https://github.com/treydock))
 
 ### Fixed
 
@@ -254,6 +269,10 @@
 
 [Full Changelog](https://github.com/sensu/sensu-puppet/compare/v4.4.0...v4.4.1)
 
+### Added
+
+- Changes to support Sensu Go 5.17.1 [\#1207](https://github.com/sensu/sensu-puppet/pull/1207) ([treydock](https://github.com/treydock))
+
 ## [v4.4.0](https://github.com/sensu/sensu-puppet/tree/v4.4.0) (2020-01-31)
 
 [Full Changelog](https://github.com/sensu/sensu-puppet/compare/v4.3.0...v4.4.0)
@@ -291,16 +310,11 @@
 ### Added
 
 - Add examples for Slack and InfluxDB [\#1199](https://github.com/sensu/sensu-puppet/pull/1199) ([treydock](https://github.com/treydock))
-- Allow SSL files to be defined via content parameters [\#1198](https://github.com/sensu/sensu-puppet/pull/1198) ([treydock](https://github.com/treydock))
 
 ## [v4.1.0](https://github.com/sensu/sensu-puppet/tree/v4.1.0) (2020-01-15)
 
 [Full Changelog](https://github.com/sensu/sensu-puppet/compare/v4.0.0...v4.1.0)
 
-### Added
-
-- Add support for sensuctl 'command' subcommand [\#1195](https://github.com/sensu/sensu-puppet/pull/1195) ([treydock](https://github.com/treydock))
-
 ## [v4.0.0](https://github.com/sensu/sensu-puppet/tree/v4.0.0) (2020-01-10)
 
 [Full Changelog](https://github.com/sensu/sensu-puppet/compare/v3.14.0...v4.0.0)

REFERENCE.md

@@ -4336,6 +4336,15 @@ Puppet will usually discover the appropriate provider for your platform.
 
 Path to file that contains token to use for authentication.
 
+To update this resource with new content for the file, requires sending notify event from the file resource.
+
+Example:
+
+file { '/etc/sensu/provider-secret':
+  ...
+  notify => Sensu_secrets_vault_provider['my-vault'],
+}
+
 ### `sensu_tessen`
 
 **NOTE** This is a private type not intended to be used directly.
@@ -4846,25 +4855,19 @@ Generate targets from Sensu Go
 
 Data type: `Optional[String[1]]`
 
-
+Namespace to pull entities from
 
 ##### `subscription`
 
 Data type: `Optional[String[1]]`
 
-
+Find entities with this subscription
 
 ##### `interface_list`
 
 Data type: `Optional[Array]`
 
-
-
-##### `uri_ipaddress`
-
-Data type: `Optional[Boolean]`
-
-
+Interfaces to search if more than one present
 
 ### `silenced`
 

lib/puppet/provider/sensu_secrets_vault_provider/sensu_api.rb

@@ -95,8 +95,8 @@ def create
     @property_hash[:ensure] = :present
   end
 
-  def flush
-    if !@property_flush.empty?
+  def flush(update = false)
+    if !@property_flush.empty? || update
       spec = {}
       metadata = {}
       metadata[:name] = resource[:name]

lib/puppet/provider/sensu_secrets_vault_provider/sensuctl.rb

@@ -92,8 +92,8 @@ def create
     @property_hash[:ensure] = :present
   end
 
-  def flush
-    if !@property_flush.empty?
+  def flush(update = false)
+    if !@property_flush.empty? || update
       spec = {}
       metadata = {}
       metadata[:name] = resource[:name]

lib/puppet/type/sensu_agent_entity_config.rb

@@ -54,15 +54,7 @@
   extend PuppetX::Sensu::Type
   add_autorequires()
 
-  ensurable do
-    newvalue(:present) do
-      @resource.provider.create
-    end
-    newvalue(:absent) do
-      @resource.provider.destroy
-    end
-    defaultto(:present)
-  end
+  ensurable
 
   newparam(:name, :namevar => true) do
     desc <<-EOS

lib/puppet/type/sensu_secrets_vault_provider.rb

@@ -61,7 +61,18 @@ def should_to_s(newvalue)
   end
 
   newparam(:token_file) do
-    desc 'Path to file that contains token to use for authentication.'
+    desc <<-EOS
+    Path to file that contains token to use for authentication.
+
+    To update this resource with new content for the file, requires sending notify event from the file resource.
+
+    Example:
+
+    file { '/etc/sensu/provider-secret':
+      ...
+      notify => Sensu_secrets_vault_provider['my-vault'],
+    }
+    EOS
   end
 
   newproperty(:version) do
@@ -143,6 +154,12 @@ def should_to_s(newvalue)
     end
   end
 
+  def refresh
+    if provider.exists? && @parameters[:ensure].value.to_s == 'present' && ! @parameters[:token_file].value.nil?
+      provider.flush(true)
+    end
+  end
+
   validate do
     required_properties = [
       :address,

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "sensu-sensu",
-  "version": "5.6.0",
+  "version": "5.7.0",
   "author": "sensu",
   "summary": "A module to install the Sensu monitoring framework",
   "license": "MIT",

spec/acceptance/sensu_bolt_tasks_spec.rb

@@ -1,6 +1,6 @@
 require 'spec_helper_acceptance'
 
-describe 'sensu event task', if: RSpec.configuration.sensu_mode == 'full' do
+describe 'sensu event task', if: RSpec.configuration.sensu_mode == 'bolt' do
   backend = hosts_as('sensu-backend')[0]
   agent = hosts_as('sensu-agent')[0]
   context 'setup' do
@@ -57,7 +57,7 @@ class { 'sensu::agent':
   end
 end
 
-describe 'sensu silenced task', if: RSpec.configuration.sensu_mode == 'full' do
+describe 'sensu silenced task', if: RSpec.configuration.sensu_mode == 'bolt' do
   backend = hosts_as('sensu-backend')[0]
   context 'setup agent' do
     it 'should work without errors' do
@@ -104,7 +104,7 @@ class { 'sensu::agent':
   end
 end
 
-describe 'sensu install_agent task', if: RSpec.configuration.sensu_mode == 'full' do
+describe 'sensu install_agent task', if: RSpec.configuration.sensu_mode == 'bolt' do
   backend = hosts_as('sensu-backend')[0]
   agent = hosts_as('sensu-agent')[0]
   context 'setup' do
@@ -148,7 +148,7 @@ class { '::sensu':
   end
 end
 
-describe 'sensu check_execute task', if: RSpec.configuration.sensu_mode == 'full' do
+describe 'sensu check_execute task', if: RSpec.configuration.sensu_mode == 'bolt' do
   backend = hosts_as('sensu-backend')[0]
   agent = hosts_as('sensu-agent')[0]
   context 'setup' do
@@ -186,7 +186,7 @@ class { 'sensu::agent':
   end
 end
 
-describe 'sensu assets_outdated task', if: RSpec.configuration.sensu_mode == 'full' do
+describe 'sensu assets_outdated task', if: RSpec.configuration.sensu_mode == 'bolt' do
   backend = hosts_as('sensu-backend')[0]
   context 'setup' do
     it 'should work without errors' do
@@ -209,7 +209,7 @@ class { 'sensu::agent':
   end
 end
 
-describe 'sensu apikey task', if: RSpec.configuration.sensu_mode == 'full' do
+describe 'sensu apikey task', if: RSpec.configuration.sensu_mode == 'bolt' do
   backend = hosts_as('sensu-backend')[0]
   context 'setup' do
     it 'should work without errors' do
@@ -251,7 +251,7 @@ class { 'sensu::agent':
   end
 end
 
-describe 'sensu agent_event task', if: RSpec.configuration.sensu_mode == 'full' do
+describe 'sensu agent_event task', if: RSpec.configuration.sensu_mode == 'bolt' do
   backend = hosts_as('sensu-backend')[0]
   agent = hosts_as('sensu-agent')[0]
   context 'setup' do
@@ -285,7 +285,7 @@ class { 'sensu::agent':
   end
 end
 
-describe 'sensu bolt inventory', if: RSpec.configuration.sensu_mode == 'full' do
+describe 'sensu bolt inventory', if: RSpec.configuration.sensu_mode == 'bolt' do
   backend = hosts_as('sensu-backend')[0]
   agent = hosts_as('sensu-agent')[0]
   context 'setup' do
@@ -327,7 +327,7 @@ class { 'sensu::agent':
 end
 
 # Skip this test when testing using CI repos as CI repos are missing 5.21.x packages
-describe 'sensu backend_upgrade task', if: (RSpec.configuration.sensu_mode == 'full' && !RSpec.configuration.add_ci_repo) do
+describe 'sensu backend_upgrade task', if: (RSpec.configuration.sensu_mode == 'bolt' && !RSpec.configuration.add_ci_repo) do
   backend = hosts_as('sensu-backend')[0]
   context 'setup' do
     it 'is successful' do

spec/acceptance/sensu_secrets_spec.rb

@@ -21,10 +21,15 @@
           "burst" => 100
         },
       }
+      file { '/tmp/secret':
+        ensure  => 'file',
+        content => "supersecret\n",
+        notify  => Sensu_secrets_vault_provider['my_vault-token_file'],
+      }
       sensu_secrets_vault_provider { 'my_vault-token_file':
         ensure       => 'present',
         address      => "https://vaultserver.example.com:8200",
-        token_file   => "/tmp/secret",
+        token_file   => '/tmp/secret',
         version      => "v1",
         max_retries  => 2,
         timeout      => "20s",
@@ -65,7 +70,6 @@
       }
       EOS
 
-      create_remote_file(node, '/tmp/secret', "supersecret\n")
       if RSpec.configuration.sensu_use_agent
         site_pp = "node 'sensu-backend' { #{pp} }"
         puppetserver = hosts_as('puppetserver')[0]
@@ -171,16 +175,24 @@
           "burst" => 200
         },
       }
+      file { '/tmp/secret':
+        ensure  => 'file',
+        content => "supersecret2\n",
+        notify  => Sensu_secrets_vault_provider['my_vault-token_file'],
+      }
       sensu_secrets_vault_provider { 'my_vault-token_file':
         ensure       => 'present',
-        address      => "https://vaultserver.example.com:8201",
+        address      => "https://vaultserver.example.com:8200",
         token_file   => '/tmp/secret',
         version      => "v1",
-        max_retries  => 4,
-        timeout      => "40s",
+        max_retries  => 2,
+        timeout      => "20s",
+        tls          => {
+          "ca_cert" => "/etc/ssl/certs/ca-bundle.crt"
+        },
         rate_limiter => {
-          "limit" => 20,
-          "burst" => 200
+          "limit" => 10,
+          "burst" => 100
         },
       }
       sensu_secrets_vault_provider { 'my_vault-api':
@@ -209,7 +221,6 @@
       }
       EOS
 
-      create_remote_file(node, '/tmp/secret', "supersecret2\n")
       if RSpec.configuration.sensu_use_agent
         site_pp = "node 'sensu-backend' { #{pp} }"
         puppetserver = hosts_as('puppetserver')[0]
@@ -256,13 +267,13 @@
         end
         data = resources.find { |r| r['metadata']['name'] == 'my_vault-token_file' }
         spec = data['spec']
-        expect(spec['client']['address']).to eq("https://vaultserver.example.com:8201")
+        expect(spec['client']['address']).to eq("https://vaultserver.example.com:8200")
         expect(spec['client']['token']).to eq("supersecret2")
         expect(spec['client']['version']).to eq("v1")
-        expect(spec['client']["max_retries"]).to eq(4)
-        expect(spec['client']["timeout"]).to eq("40s")
-        expect(spec['client']["tls"]).to be_nil
-        expect(spec['client']["rate_limiter"]).to eq({'limit' => 20, 'burst' => 200})
+        expect(spec['client']["max_retries"]).to eq(2)
+        expect(spec['client']["timeout"]).to eq("20s")
+        expect(spec['client']["tls"]["ca_cert"]).to eq("/etc/ssl/certs/ca-bundle.crt")
+        expect(spec['client']["rate_limiter"]).to eq({'limit' => 10, 'burst' => 100})
       end
     end
     it 'should have a valid VaultProvider using API' do