diff --git a/.travis.yml b/.travis.yml index 3d121b2..889e927 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,6 +3,9 @@ group: xenial language: python python: "2.7" env: + global: + - ANSIBLE_MODULE_UTILS=$TRAVIS_BUILD_DIR/module_utils + matrix: - SCENARIO=debian - SCENARIO=ubuntu - SCENARIO=centos diff --git a/Pipfile.lock b/Pipfile.lock index 254426d..29807d2 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -18,10 +18,10 @@ "default": { "ansible": { "hashes": [ - "sha256:e7e6de461b7d07cb4d8b2dd2a32b231af7c56e6bf39b851024671aaa52fd377e" + "sha256:e1d51d3a88e21238f9e7a49b2b17a49e76c13880242b936ac8a37aee4fe84445" ], "index": "pypi", - "version": "==2.7.11" + "version": "==2.8.1" }, "asn1crypto": { "hashes": [ @@ -37,30 +37,6 @@ "markers": "python_version < '3.5'", "version": "==3.7.0.1" }, - "bcrypt": { - "hashes": [ - "sha256:0ba875eb67b011add6d8c5b76afbd92166e98b1f1efab9433d5dc0fafc76e203", - "sha256:21ed446054c93e209434148ef0b362432bb82bbdaf7beef70a32c221f3e33d1c", - "sha256:28a0459381a8021f57230954b9e9a65bb5e3d569d2c253c5cac6cb181d71cf23", - "sha256:2aed3091eb6f51c26b7c2fad08d6620d1c35839e7a362f706015b41bd991125e", - "sha256:2fa5d1e438958ea90eaedbf8082c2ceb1a684b4f6c75a3800c6ec1e18ebef96f", - "sha256:3a73f45484e9874252002793518da060fb11eaa76c30713faa12115db17d1430", - "sha256:3e489787638a36bb466cd66780e15715494b6d6905ffdbaede94440d6d8e7dba", - "sha256:44636759d222baa62806bbceb20e96f75a015a6381690d1bc2eda91c01ec02ea", - "sha256:678c21b2fecaa72a1eded0cf12351b153615520637efcadc09ecf81b871f1596", - "sha256:75460c2c3786977ea9768d6c9d8957ba31b5fbeb0aae67a5c0e96aab4155f18c", - "sha256:8ac06fb3e6aacb0a95b56eba735c0b64df49651c6ceb1ad1cf01ba75070d567f", - "sha256:8fdced50a8b646fff8fa0e4b1c5fd940ecc844b43d1da5a980cb07f2d1b1132f", - "sha256:9b2c5b640a2da533b0ab5f148d87fb9989bf9bcb2e61eea6a729102a6d36aef9", - "sha256:a9083e7fa9adb1a4de5ac15f9097eb15b04e2c8f97618f1b881af40abce382e1", - "sha256:b7e3948b8b1a81c5a99d41da5fb2dc03ddb93b5f96fcd3fd27e643f91efa33e1", - "sha256:b998b8ca979d906085f6a5d84f7b5459e5e94a13fc27c28a3514437013b6c2f6", - "sha256:dd08c50bc6f7be69cd7ba0769acca28c846ec46b7a8ddc2acf4b9ac6f8a7457e", - "sha256:de5badee458544ab8125e63e39afeedfcf3aef6a6e2282ac159c95ae7472d773", - "sha256:ede2a87333d24f55a4a7338a6ccdccf3eaa9bed081d1737e0db4dbd1a4f7e6b6" - ], - "version": "==3.1.6" - }, "certifi": { "hashes": [ "sha256:59b7658e26ca9c7339e00f8f4636cdfe59d34fa37b9b04f6f9e9926b3cece1a5", @@ -166,7 +142,7 @@ "sha256:64b28eec5e78e7510698f6d4da08800a5c575caa4a286c93d651c5d3ff7b6794", "sha256:b146c751ea45cad6188dd6cf2d9b757f6f4f8d6ffb96a023e6f2e26eea02a72c" ], - "markers": "python_version < '3.3'", + "markers": "python_version < '3'", "version": "==1.0.22" }, "jinja2": { @@ -209,43 +185,12 @@ ], "version": "==1.1.1" }, - "paramiko": { - "hashes": [ - "sha256:69c219df239775800a2589ee60159aa7cfd87175809b6557da7fb9dcb44ca430", - "sha256:9f081281064b5180dc0ef60e256224a280ff16f603a99f3dd4ba6334ebb65f7e" - ], - "version": "==2.5.0" - }, "pycparser": { "hashes": [ "sha256:a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3" ], "version": "==2.19" }, - "pynacl": { - "hashes": [ - "sha256:05c26f93964373fc0abe332676cb6735f0ecad27711035b9472751faa8521255", - "sha256:0c6100edd16fefd1557da078c7a31e7b7d7a52ce39fdca2bec29d4f7b6e7600c", - "sha256:0d0a8171a68edf51add1e73d2159c4bc19fc0718e79dec51166e940856c2f28e", - "sha256:1c780712b206317a746ace34c209b8c29dbfd841dfbc02aa27f2084dd3db77ae", - "sha256:2424c8b9f41aa65bbdbd7a64e73a7450ebb4aa9ddedc6a081e7afcc4c97f7621", - "sha256:2d23c04e8d709444220557ae48ed01f3f1086439f12dbf11976e849a4926db56", - "sha256:30f36a9c70450c7878053fa1344aca0145fd47d845270b43a7ee9192a051bf39", - "sha256:37aa336a317209f1bb099ad177fef0da45be36a2aa664507c5d72015f956c310", - "sha256:4943decfc5b905748f0756fdd99d4f9498d7064815c4cf3643820c9028b711d1", - "sha256:57ef38a65056e7800859e5ba9e6091053cd06e1038983016effaffe0efcd594a", - "sha256:5bd61e9b44c543016ce1f6aef48606280e45f892a928ca7068fba30021e9b786", - "sha256:6482d3017a0c0327a49dddc8bd1074cc730d45db2ccb09c3bac1f8f32d1eb61b", - "sha256:7d3ce02c0784b7cbcc771a2da6ea51f87e8716004512493a2b69016326301c3b", - "sha256:a14e499c0f5955dcc3991f785f3f8e2130ed504fa3a7f44009ff458ad6bdd17f", - "sha256:a39f54ccbcd2757d1d63b0ec00a00980c0b382c62865b61a505163943624ab20", - "sha256:aabb0c5232910a20eec8563503c153a8e78bbf5459490c49ab31f6adf3f3a415", - "sha256:bd4ecb473a96ad0f90c20acba4f0bf0df91a4e03a1f4dd6a4bdc9ca75aa3a715", - "sha256:e2da3c13307eac601f3de04887624939aca8ee3c9488a0bb0eca4fb9401fc6b1", - "sha256:f67814c38162f4deb31f68d590771a29d5ae3b1bd64b75cf232308e5c74777e0" - ], - "version": "==1.3.0" - }, "pyyaml": { "hashes": [ "sha256:57acc1d8533cbe51f6662a55434f0dbecfa2b9eaf115bede8f6fd00115a0c0d3", @@ -294,10 +239,10 @@ "develop": { "ansible": { "hashes": [ - "sha256:e7e6de461b7d07cb4d8b2dd2a32b231af7c56e6bf39b851024671aaa52fd377e" + "sha256:e1d51d3a88e21238f9e7a49b2b17a49e76c13880242b936ac8a37aee4fe84445" ], "index": "pypi", - "version": "==2.7.11" + "version": "==2.8.1" }, "ansible-lint": { "hashes": [ @@ -545,7 +490,6 @@ "sha256:6dfd58dfe281e8d240937776065dd3624ad5469c835248219bd16cf2e12dbeb7", "sha256:cb6ee23b46173539939964df59d3d72c3e0c1b5d54b84f1d8a7e912fe43612db" ], - "index": "pypi", "version": "==0.18" }, "ipaddress": { @@ -553,7 +497,7 @@ "sha256:64b28eec5e78e7510698f6d4da08800a5c575caa4a286c93d651c5d3ff7b6794", "sha256:b146c751ea45cad6188dd6cf2d9b757f6f4f8d6ffb96a023e6f2e26eea02a72c" ], - "markers": "python_version < '3.3'", + "markers": "python_version < '3'", "version": "==1.0.22" }, "jinja2": { diff --git a/handlers/main.yml b/handlers/main.yml index 57df26f..116f31c 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,27 +1,27 @@ --- -- name: restart sensu-backend +- name: Restart sensu-backend service: name: sensu-backend state: restarted - notify: wait for sensu-backend to accept connections + notify: Wait for sensu-backend to accept connections when: sensu_go_final_services.backend.state != 'stopped' -- name: wait for sensu-backend to accept connections +- name: Wait for sensu-backend to accept connections wait_for: port: 8081 connect_timeout: 1 -- name: restart sensu-agent +- name: Restart sensu-agent service: name: sensu-agent state: restarted when: sensu_go_final_services.agent.state != 'stopped' -- name: update apt cache +- name: Update apt cache apt: update_cache: true -- name: yum-clean-metadata +- name: Clean yum metadata command: yum clean metadata args: warn: no diff --git a/library/sensu_go_check.py b/library/sensu_go_check.py index 9208ef7..11281ca 100755 --- a/library/sensu_go_check.py +++ b/library/sensu_go_check.py @@ -119,7 +119,7 @@ password: aliases: - url_password - default: P@ssword! + default: P@ssw0rd! description: - "Password to use when initially authenticating to the Sensu Go API." - "Can be overriden with the environmental variable C(ANSIBLE_SENSU_GO_PASSWORD)" @@ -284,10 +284,9 @@ def run_module(): low_flap_threshold=dict(type='int', default=0), metadata=dict( type='dict', - elements='dict', options=dict( - annotations=dict(type='dict', elements='dict'), - labels=dict(type='dict', elements='dict') + annotations=dict(type='dict'), + labels=dict(type='dict') ) ), output_metric_format=dict(type='str', default='', choices=['', 'nagios_perfdata', 'graphite_plaintext', 'influxdb_line', 'opentsdb_line']), @@ -295,7 +294,6 @@ def run_module(): proxy_entity_name=dict(type='str', default=''), proxy_requests=dict( type='dict', - elements='dict', options=dict( entity_attributes=dict(type='list', elements='tr'), splay=dict(type='bool', default=False), diff --git a/module_utils/sensu_go.py b/module_utils/sensu_go.py index daa991b..6afc9df 100755 --- a/module_utils/sensu_go.py +++ b/module_utils/sensu_go.py @@ -47,7 +47,7 @@ def __init__(self, argument_spec, attributes, resource, **kwargs): ), url_password=dict( type='str', - default='P@ssword!', + default='P@ssw0rd!', no_log=True, aliases=['password'], fallback=(env_fallback, ['ANSIBLE_SENSU_GO_PASSWORD']) diff --git a/molecule/debian/molecule.yml b/molecule/debian/molecule.yml index 4471c68..a6d682e 100644 --- a/molecule/debian/molecule.yml +++ b/molecule/debian/molecule.yml @@ -53,3 +53,5 @@ verifier: directory: ../shared/ lint: name: rubocop + env: + ANSIBLE_LIBRARY: ../../library/ diff --git a/molecule/shared/inspec.yml b/molecule/shared/inspec.yml new file mode 100644 index 0000000..431ef1e --- /dev/null +++ b/molecule/shared/inspec.yml @@ -0,0 +1,65 @@ +--- +- name: Install system dependencies for Inspec + package: + name: "{{ item }}" + state: present + with_items: "{{ inspec_package_deps }}" + +- name: Download Inspec + get_url: + url: "{{ inspec_downloads[inspec_version]['url'] }}" + dest: "{{ inspec_download_source_dir }}" + sha256sum: "{{ inspec_downloads[inspec_version]['sha256'] }}" + mode: 0755 + register: inspec_download + +- name: Install Inspec + yum: + name: "{{ inspec_download.dest }}" + state: latest + when: ansible_pkg_mgr == 'yum' + +- name: Install Inspec + dnf: + name: "{{ inspec_download.dest }}" + state: latest + when: ansible_pkg_mgr == 'dnf' + +- name: Install Inspec + apt: + deb: "{{ inspec_download.dest }}" + state: present + when: ansible_pkg_mgr == 'apt' + +- name: Create Molecule directory for test files + file: + path: "{{ inspec_test_directory }}" + state: directory + +- name: Copy Inspec tests to remote + copy: + src: "{{ item }}" + dest: "{{ inspec_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ playbook_dir }}/tests/test_*.rb" + +- name: Register test files + shell: "ls {{ inspec_test_directory }}/test_*.rb" + register: test_files + +- name: Execute Inspec tests + command: "{{ inspec_bin }} exec --chef-license accept {{ item }} --no-color --reporter progress" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + ignore_errors: true + +- name: Display details about the Inspec results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + +- name: Fail when tests fail + fail: + msg: "Inspec failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/molecule/shared/modules/main.yml b/molecule/shared/modules/main.yml new file mode 100644 index 0000000..cca2ff7 --- /dev/null +++ b/molecule/shared/modules/main.yml @@ -0,0 +1,101 @@ +--- +- name: Ensure https on http fails + sensu_go_check: + name: check_test + host: localhost + state: present + command: /bin/true + interval: 120 + protocol: https + register: https_on_http + failed_when: https_on_http is not failed +- name: Ensure agent port fails + sensu_go_check: + name: check_test + host: localhost + state: present + command: /bin/true + interval: 120 + port: 8081 + validate_certs: False + register: agent_port + failed_when: agent_port is not failed +- name: Ensure unknown host fails + sensu_go_check: + name: check_test + state: present + command: /bin/true + interval: 120 + host: what.is.this + register: unknown_host + failed_when: unknown_host is not failed +- name: Ensure bad password fails + sensu_go_check: + name: check_test + host: localhost + state: present + command: /bin/true + interval: 120 + password: thisisnottherightpassword + register: bad_password + failed_when: bad_password is not failed +- name: Ensure nonexistant namespace fails + sensu_go_check: + name: check_test + host: localhost + state: present + command: /bin/true + interval: 120 + namespace: thisdoesnotexist + register: bad_namespace + failed_when: bad_namespace is not failed +- name: Ensure interval and cron fails + sensu_go_check: + name: check_test + host: localhost + state: present + command: /bin/true + interval: 120 + cron: "* * * * * *" + register: interval_and_cron + failed_when: interval_and_cron is not failed +- name: Ensure check_example is configured + sensu_go_check: + name: check_example + host: localhost + command: /bin/true + interval: 300 + subscriptions: all +- name: Ensure check_example is already configured + sensu_go_check: + name: check_example + host: localhost + command: /bin/true + interval: 300 + subscriptions: all + register: check_example_already_configured + failed_when: check_example_already_configured is changed +- name: Ensure check_example is changed + sensu_go_check: + name: check_example + host: localhost + command: /bin/true + interval: 120 + timeout: 120 + metadata: + annotations: + ansible_managed: "true" + ttl: 300 + subscriptions: all +- name: Ensure check_example is absent + sensu_go_check: + name: check_example + host: localhost + state: absent +- name: Ensure check_example is already absent + sensu_go_check: + name: check_example + host: localhost + state: absent + register: check_example_is_already_absent + failed_when: check_example_is_already_absent is changed diff --git a/molecule/shared/modules/sensu_go_check/main.yml b/molecule/shared/modules/sensu_go_check/main.yml deleted file mode 100644 index 74c756a..0000000 --- a/molecule/shared/modules/sensu_go_check/main.yml +++ /dev/null @@ -1,97 +0,0 @@ ---- -- hosts: localhost - gather_facts: false - module_defaults: - sensu_go_check: - host: localhost - tasks: - - name: Ensure http on https fails - sensu_go_check: - name: check_test - state: present - command: /bin/true - interval: 120 - protocol: http - register: http_on_https - failed_when: http_on_https is not failed - - name: Ensure agent port fails - sensu_go_check: - name: check_test - state: present - command: /bin/true - interval: 120 - port: 8081 - validate_certs: False - register: agent_port - failed_when: agent_port is not failed - - name: Ensure unknown host fails - sensu_go_check: - name: check_test - state: present - command: /bin/true - interval: 120 - host: what.is.this - register: unknown_host - failed_when: unknown_host is not failed - - name: Ensure bad password fails - sensu_go_check: - name: check_test - state: present - command: /bin/true - interval: 120 - password: thisisnottherightpassword - register: bad_password - failed_when: bad_password is not failed - - name: Ensure nonexistant namespace fails - sensu_go_check: - name: check_test - state: present - command: /bin/true - interval: 120 - namespace: thisdoesnotexist - register: bad_namespace - failed_when: bad_namespace is not failed - - name: Ensure interval and cron fails - sensu_go_check: - name: check_test - state: present - command: /bin/true - interval: 120 - cron: "* * * * * *" - register: interval_and_cron - failed_when: interval_and_cron is not failed - - name: Ensure check_example is configured - sensu_go_check: - name: check_example - command: /bin/true - interval: 300 - subscriptions: all - - name: Ensure check_example is already configured - sensu_go_check: - name: check_example - command: /bin/true - interval: 300 - subscriptions: all - register: check_example_already_configured - failed_when: check_example_already_configured is changed - - name: Ensure check_example is changed - sensu_go_check: - name: check_example - command: /bin/true - interval: 120 - timeout: 120 - metadata: - annotations: - ansible_managed: "true" - ttl: 300 - subscriptions: all - - name: Ensure check_example is absent - sensu_go_check: - name: check_example - state: absent - - name: Ensure check_example is already absent - sensu_go_check: - name: check_example - state: absent - register: check_example_is_already_absent - failed_when: check_example_is_already_absent is changed diff --git a/molecule/shared/tests/test_default.rb b/molecule/shared/tests/test_default.rb index 446524b..ecee1e8 100644 --- a/molecule/shared/tests/test_default.rb +++ b/molecule/shared/tests/test_default.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Debian Specific Things if os.debian? describe package('curl') do diff --git a/molecule/shared/verify.yml b/molecule/shared/verify.yml index dcedb14..3c7fb83 100644 --- a/molecule/shared/verify.yml +++ b/molecule/shared/verify.yml @@ -26,72 +26,8 @@ - lsof - net-tools tasks: - - name: Install system dependencies for Inspec - package: - name: "{{ item }}" - state: present - with_items: "{{ inspec_package_deps }}" - - - name: Download Inspec - get_url: - url: "{{ inspec_downloads[inspec_version]['url'] }}" - dest: "{{ inspec_download_source_dir }}" - sha256sum: "{{ inspec_downloads[inspec_version]['sha256'] }}" - mode: 0755 - register: inspec_download - - - name: Install Inspec - yum: - name: "{{ inspec_download.dest }}" - state: latest - when: ansible_pkg_mgr == 'yum' - - - name: Install Inspec - dnf: - name: "{{ inspec_download.dest }}" - state: latest - when: ansible_pkg_mgr == 'dnf' - - - name: Install Inspec - apt: - deb: "{{ inspec_download.dest }}" - state: present - when: ansible_pkg_mgr == 'apt' - - - name: Create Molecule directory for test files - file: - path: "{{ inspec_test_directory }}" - state: directory - - - name: Copy Inspec tests to remote - copy: - src: "{{ item }}" - dest: "{{ inspec_test_directory }}/{{ item | basename }}" - with_fileglob: - - "{{ playbook_dir }}/tests/test_*.rb" - - - name: Register test files - shell: "ls {{ inspec_test_directory }}/test_*.rb" - register: test_files - - - name: Execute Inspec tests - command: "{{ inspec_bin }} exec --chef-license accept {{ item }} --no-color --reporter progress" - register: test_results - with_items: "{{ test_files.stdout_lines }}" - ignore_errors: true - - - name: Display details about the Inspec results - debug: - msg: "{{ item.stdout_lines }}" - with_items: "{{ test_results.results }}" - - - name: Fail when tests fail - fail: - msg: "Inspec failed to validate" - when: item.rc != 0 - with_items: "{{ test_results.results }}" - + - import_tasks: inspec.yml - name: Execute all custom module test plays include_tasks: "{{ item }}" with_fileglob: - - "{{ playbook_dir }}/modules/*/main.yml" + - "{{ playbook_dir }}/modules/*.yml" diff --git a/tasks/config/component.yml b/tasks/config/component.yml index 348dceb..18cd7bf 100644 --- a/tasks/config/component.yml +++ b/tasks/config/component.yml @@ -29,7 +29,7 @@ group: "{{ sensu_go_final_configs[component]['file']['group'] | default(sensu_go_final_configs['DEFAULT']['group']) }}" mode: "{{ sensu_go_final_configs[component]['file']['mode'] | default(sensu_go_final_configs['DEFAULT']['file_mode']) }}" when: sensu_go_final_configs[component]['config'] is defined - notify: "restart sensu-{{ component }}" + notify: "Restart sensu-{{ component }}" - name: Cleanup example agent config file: diff --git a/tasks/repo/dnf.yml b/tasks/repo/dnf.yml index 4982608..46ecf9d 100644 --- a/tasks/repo/dnf.yml +++ b/tasks/repo/dnf.yml @@ -19,4 +19,4 @@ file: path: /etc/yum.repos.d/sensu_prerelease state: absent - notify: yum-clean-metadata + notify: Clean yum metadata diff --git a/tasks/repo/sensu_community/apt.yml b/tasks/repo/sensu_community/apt.yml index b7734c8..248ab68 100644 --- a/tasks/repo/sensu_community/apt.yml +++ b/tasks/repo/sensu_community/apt.yml @@ -14,7 +14,7 @@ repo: "{{ sensu_go_final_community_repos[ansible_pkg_mgr]['deb'] }}" update_cache: false when: sensu_go_final_community_repos[ansible_pkg_mgr]['deb'] is defined - notify: update apt cache + notify: Update apt cache - name: Configure Sensu Go Community apt source repos apt_repository: @@ -22,4 +22,4 @@ repo: "{{ sensu_go_final_community_repos[ansible_pkg_mgr]['deb-src'] }}" update_cache: false when: sensu_go_final_community_repos[ansible_pkg_mgr]['deb-src'] is defined - notify: update apt cache + notify: Update apt cache diff --git a/tasks/repo/sensu_go/apt.yml b/tasks/repo/sensu_go/apt.yml index a9f64f4..cd693ab 100644 --- a/tasks/repo/sensu_go/apt.yml +++ b/tasks/repo/sensu_go/apt.yml @@ -12,7 +12,7 @@ file: path: /etc/apt/sources.list.ld/sensu_prerelease.list state: absent - notify: update apt cache + notify: Update apt cache - name: Configure Sensu Go apt repos apt_repository: @@ -20,7 +20,7 @@ repo: "{{ sensu_go_final_repos[ansible_pkg_mgr]['deb'] }}" update_cache: false when: sensu_go_final_repos[ansible_pkg_mgr]['deb'] is defined - notify: update apt cache + notify: Update apt cache - name: Configure Sensu Go apt source repos apt_repository: @@ -28,4 +28,4 @@ repo: "{{ sensu_go_final_repos[ansible_pkg_mgr]['deb-src'] }}" update_cache: false when: sensu_go_final_repos[ansible_pkg_mgr]['deb-src'] is defined - notify: update apt cache + notify: Update apt cache diff --git a/tasks/repo/sensu_go/yum.yml b/tasks/repo/sensu_go/yum.yml index 738f75f..084800d 100644 --- a/tasks/repo/sensu_go/yum.yml +++ b/tasks/repo/sensu_go/yum.yml @@ -39,7 +39,7 @@ file: path: /etc/yum.repos.d/sensu_prerelease state: absent - notify: yum-clean-metadata + notify: Clean yum metadata # HACK: https://github.com/ansible/ansible/issues/20711#issuecomment-306260869 # Can be removed once we're running w/ a version of Ansible that has https://github.com/ansible/ansible/pull/35989 diff --git a/tasks/repo/yum.yml b/tasks/repo/yum.yml index 86d42a4..8237fb4 100644 --- a/tasks/repo/yum.yml +++ b/tasks/repo/yum.yml @@ -19,4 +19,4 @@ file: path: /etc/yum.repos.d/sensu_prerelease state: absent - notify: yum-clean-metadata + notify: Clean yum metadata