feat: add sensu_agent_redact variable to add new redact keywords

2019-03-13 21:45:02 +01:00 · 2019-03-13 21:45:02 +01:00 · 78422e57e0
commit 78422e57e0
parent 27f07c7a30
5 changed files with 28 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 Which is based on [Keep A Changelog](http://keepachangelog.com/)

 ## [Unreleased]
+- feat: add sensu_agent_redact variable to add new redact keywords
 - doc: add example in readme

 ## [1.1.0] - 2019-02-17
--- a/README.md
+++ b/README.md
@ -49,6 +49,13 @@ Notice: for debian9 set `sensu_repository_system` to `ubuntu` and `sensu_reposit
  disk_warning: 75
 ```

+* `sensu_agent_redact` - array with the redact keywords
+
+```
+  - supersecret
+  - apikey
+```
+
 * `sensu_agent_backends` - array with the backends url

 ```
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -15,6 +15,17 @@ sensu_agent_password: 'P@ssw0rd!'
 sensu_agent_plugins: []
 sensu_agent_subscriptions: []
 sensu_agent_labels: {}
+sensu_agent_default_redact:
+  - password
+  - passwd
+  - pass
+  - secret
+  - api_key
+  - api_token
+  - access_key
+  - secret_key
+  - private_key
+sensu_agent_redact: []
 sensu_agent_backends:
  - 'ws://localhost:8081'
 sensu_agent_namespace: default
@ -26,6 +37,7 @@ sensu_agent_default_config:
  password: '{{ sensu_agent_password }}'
  subscriptions: '{{ sensu_agent_subscriptions }}'
  labels: '{{ sensu_agent_labels }}'
+  redact: '{{ sensu_agent_default_redact + sensu_agent_redact }}'
 sensu_agent_config: {}
 sensu_agent_full_config: '{{ sensu_agent_default_config|combine(sensu_agent_config) }}'

--- a/test/integration/default/default.yml
+++ b/test/integration/default/default.yml
@ -3,14 +3,14 @@
  connection: local
  vars:
    sensu_backend: yes
+    sensu_agent_redact:
+      - supersecret
    sensu_agent_plugins:
      - name: sensu-plugins-disk-checks
        version: 3.1.1
    sensu_agent_labels:
      test: coucou
-      hello:
-        warning: 30
-        critical: 50
+      supersecret: password
    sensu_namespaces:
      - name: production
      - name: dev
--- a/test/integration/default/serverspec/default_spec.rb
+++ b/test/integration/default/serverspec/default_spec.rb
@ -52,6 +52,11 @@ describe command('sensuctl user list') do
  its(:stdout) { should match(/johndoe.*\s+devops,users\s+.*true/) }
 end

+describe command('sensuctl entity info localhost --format json') do
+  its(:exit_status) { should eq 0 }
+  its(:stdout) { should match(/"supersecret": "REDACTED"/) }
+end
+
 %w[production dev].each do |namespace|
  describe command("sensuctl asset list --namespace  #{namespace}") do
    its(:exit_status) { should eq 0 }