nishiki/ansible-role-sensu
1
0
Fork 0
Code Issues Pull requests Releases 5 Wiki Activity

feat: add sensu_agent_redact variable to add new redact keywords

Browse source
This commit is contained in:
Adrien Waksberg 2019-03-13 21:45:02 +01:00
parent 27f07c7a30
commit 78422e57e0
5 changed files with 28 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -4,6 +4,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
Which is based on [Keep A Changelog](http://keepachangelog.com/) Which is based on [Keep A Changelog](http://keepachangelog.com/)
## [Unreleased] ## [Unreleased]
- feat: add sensu_agent_redact variable to add new redact keywords
- doc: add example in readme - doc: add example in readme
## [1.1.0] - 2019-02-17 ## [1.1.0] - 2019-02-17

7
README.md
View file

@ -49,6 +49,13 @@ Notice: for debian9 set `sensu_repository_system` to `ubuntu` and `sensu_reposit
disk_warning: 75 disk_warning: 75
``` ```
* `sensu_agent_redact` - array with the redact keywords
```
- supersecret
- apikey
```
* `sensu_agent_backends` - array with the backends url * `sensu_agent_backends` - array with the backends url
``` ```

12
defaults/main.yml
View file

@ -15,6 +15,17 @@ sensu_agent_password: 'P@ssw0rd!'
sensu_agent_plugins: [] sensu_agent_plugins: []
sensu_agent_subscriptions: [] sensu_agent_subscriptions: []
sensu_agent_labels: {} sensu_agent_labels: {}
sensu_agent_default_redact:
- password
- passwd
- pass
- secret
- api_key
- api_token
- access_key
- secret_key
- private_key
sensu_agent_redact: []
sensu_agent_backends: sensu_agent_backends:
- 'ws://localhost:8081' - 'ws://localhost:8081'
sensu_agent_namespace: default sensu_agent_namespace: default
@ -26,6 +37,7 @@ sensu_agent_default_config:
password: '{{ sensu_agent_password }}' password: '{{ sensu_agent_password }}'
subscriptions: '{{ sensu_agent_subscriptions }}' subscriptions: '{{ sensu_agent_subscriptions }}'
labels: '{{ sensu_agent_labels }}' labels: '{{ sensu_agent_labels }}'
redact: '{{ sensu_agent_default_redact + sensu_agent_redact }}'
sensu_agent_config: {} sensu_agent_config: {}
sensu_agent_full_config: '{{ sensu_agent_default_config|combine(sensu_agent_config) }}' sensu_agent_full_config: '{{ sensu_agent_default_config|combine(sensu_agent_config) }}'

6
test/integration/default/default.yml
View file

@ -3,14 +3,14 @@
connection: local connection: local
vars: vars:
sensu_backend: yes sensu_backend: yes
sensu_agent_redact:
- supersecret
sensu_agent_plugins: sensu_agent_plugins:
- name: sensu-plugins-disk-checks - name: sensu-plugins-disk-checks
version: 3.1.1 version: 3.1.1
sensu_agent_labels: sensu_agent_labels:
test: coucou test: coucou
hello: supersecret: password
warning: 30
critical: 50
sensu_namespaces: sensu_namespaces:
- name: production - name: production
- name: dev - name: dev

5
test/integration/default/serverspec/default_spec.rb
View file

@ -52,6 +52,11 @@ describe command('sensuctl user list') do
its(:stdout) { should match(/johndoe.*\s+devops,users\s+.*true/) } its(:stdout) { should match(/johndoe.*\s+devops,users\s+.*true/) }
end end
describe command('sensuctl entity info localhost --format json') do
its(:exit_status) { should eq 0 }
its(:stdout) { should match(/"supersecret": "REDACTED"/) }
end
%w[production dev].each do |namespace| %w[production dev].each do |namespace|
describe command("sensuctl asset list --namespace #{namespace}") do describe command("sensuctl asset list --namespace #{namespace}") do
its(:exit_status) { should eq 0 } its(:exit_status) { should eq 0 }