From 78422e57e01db24263e90f9f16811adc985c139c Mon Sep 17 00:00:00 2001 From: Adrien Waksberg Date: Wed, 13 Mar 2019 21:45:02 +0100 Subject: [PATCH] feat: add sensu_agent_redact variable to add new redact keywords --- CHANGELOG.md | 1 + README.md | 7 +++++++ defaults/main.yml | 12 ++++++++++++ test/integration/default/default.yml | 6 +++--- test/integration/default/serverspec/default_spec.rb | 5 +++++ 5 files changed, 28 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5e5c272..2a0b874 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). Which is based on [Keep A Changelog](http://keepachangelog.com/) ## [Unreleased] +- feat: add sensu_agent_redact variable to add new redact keywords - doc: add example in readme ## [1.1.0] - 2019-02-17 diff --git a/README.md b/README.md index feb3a98..16dccf9 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,13 @@ Notice: for debian9 set `sensu_repository_system` to `ubuntu` and `sensu_reposit disk_warning: 75 ``` +* `sensu_agent_redact` - array with the redact keywords + +``` + - supersecret + - apikey +``` + * `sensu_agent_backends` - array with the backends url ``` diff --git a/defaults/main.yml b/defaults/main.yml index 578fc32..28c5c14 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -15,6 +15,17 @@ sensu_agent_password: 'P@ssw0rd!' sensu_agent_plugins: [] sensu_agent_subscriptions: [] sensu_agent_labels: {} +sensu_agent_default_redact: + - password + - passwd + - pass + - secret + - api_key + - api_token + - access_key + - secret_key + - private_key +sensu_agent_redact: [] sensu_agent_backends: - 'ws://localhost:8081' sensu_agent_namespace: default @@ -26,6 +37,7 @@ sensu_agent_default_config: password: '{{ sensu_agent_password }}' subscriptions: '{{ sensu_agent_subscriptions }}' labels: '{{ sensu_agent_labels }}' + redact: '{{ sensu_agent_default_redact + sensu_agent_redact }}' sensu_agent_config: {} sensu_agent_full_config: '{{ sensu_agent_default_config|combine(sensu_agent_config) }}' diff --git a/test/integration/default/default.yml b/test/integration/default/default.yml index d296d01..9b91045 100644 --- a/test/integration/default/default.yml +++ b/test/integration/default/default.yml @@ -3,14 +3,14 @@ connection: local vars: sensu_backend: yes + sensu_agent_redact: + - supersecret sensu_agent_plugins: - name: sensu-plugins-disk-checks version: 3.1.1 sensu_agent_labels: test: coucou - hello: - warning: 30 - critical: 50 + supersecret: password sensu_namespaces: - name: production - name: dev diff --git a/test/integration/default/serverspec/default_spec.rb b/test/integration/default/serverspec/default_spec.rb index a897ea1..6191945 100644 --- a/test/integration/default/serverspec/default_spec.rb +++ b/test/integration/default/serverspec/default_spec.rb @@ -52,6 +52,11 @@ describe command('sensuctl user list') do its(:stdout) { should match(/johndoe.*\s+devops,users\s+.*true/) } end +describe command('sensuctl entity info localhost --format json') do + its(:exit_status) { should eq 0 } + its(:stdout) { should match(/"supersecret": "REDACTED"/) } +end + %w[production dev].each do |namespace| describe command("sensuctl asset list --namespace #{namespace}") do its(:exit_status) { should eq 0 }