Allow disabling agent entity validation and API validation

Fix acceptance tests to work around systemd issues Test against PostgreSQL 11 as 9.6 no longer available Remove broken Amazon Linux 2 acceptance tests, unable to work around systemd issues Limit Windows appveyor tests to avoid transient failures
elfranne · Feb 27, 2023 · ab528d9 · ab528d9
1 parent 5a067b9
commit ab528d9
Show file tree

Hide file tree

Showing 22 changed files with 123 additions and 92 deletions.
diff --git a/.github/workflows/acceptance.yaml b/.github/workflows/acceptance.yaml
@@ -20,7 +20,6 @@ jobs:
         - debian-10
         - ubuntu-1804
         - ubuntu-2004
-        - amazonlinux-2
         - amazonlinux-201803
         puppet:
         - puppet6

diff --git a/.github/workflows/unit.yaml b/.github/workflows/unit.yaml
@@ -46,6 +46,6 @@ jobs:
           bundler-cache: true
           bundler: '2.1.0'
       - name: Validate
-        run: bundle exec rake validate lint strings:generate reference
+        run: bundle exec rake sensu_validate lint strings:generate reference
       - name: Run tests
         run: bundle exec rake parallel_spec
diff --git a/README.md b/README.md
@@ -484,6 +484,20 @@ sensu::agent::annotation { 'ec2_access_key':
 }
 ```
 
+### Advanced agent - Disable validations
+
+In some cases it might be desired to disable API and entity validations when agents are managing their own entity.
+
+```puppet
+class { 'sensu':
+  validate_api => false,
+}
+class { 'sensu::agent':
+  agent_managed_entity => true,
+  validate_entity      => false,
+}
+```
+
 ### Advanced agent - Custom config entries
 
 It is possible to define config entries for `agent.yml` in many locations in Puppet:
@@ -648,7 +662,7 @@ The following example will add a PostgreSQL server and database to the sensu-bac
 ```puppet
 class { 'postgresql::globals':
   manage_package_repo => true,
-  version             => '9.6',
+  version             => '11',
 }
 class { 'postgresql::server': }
 class { 'sensu::backend':

diff --git a/Rakefile b/Rakefile
@@ -24,7 +24,7 @@ RSpec::Core::RakeTask.new(:acceptance) do |t|
 end
 
 desc 'Validate manifests, templates, ruby files and shell scripts'
-task :validate do
+task :sensu_validate do
   # lib/* gets checked by puppetlabs_spec_helper, though it skips spec entirely
   puts "\nValidating ruby files ignored by puppetlabs_spec_helper (Vagrantfile', 'spec/**/*.rb)"
   Dir['Vagrantfile', 'spec/**/*.rb'].each do |ruby_file|

diff --git a/appveyor.yml b/appveyor.yml
@@ -40,21 +40,16 @@ install:
 test_script:
 - bundle exec rake acceptance:windows
 image:
-  # Windows 2012 R2
-  - Visual Studio 2015
-  # Windows 2016
-  - Visual Studio 2017
+  # Only test newest build images to avoid transient errors with older builds
   # Windows 2019
   - Visual Studio 2019
 environment:
   matrix:
-    - PUPPET_GEM_VERSION: '~>6.x'
-      FACTER_GEM_VERSION: '~>2.x'
-      PUPPET_REPO: puppet6
-      RUBY_VERSION: 25-x64
+    # Seen transient errors with Ruby 2.5 used with Puppet 6
+    # so just test Puppet 7 and Ruby 2.7
     - PUPPET_GEM_VERSION: '~>7.x'
       FACTER_GEM_VERSION: '~>4.x'
       PUPPET_REPO: puppet7
-      RUBY_VERSION: 26-x64
+      RUBY_VERSION: 27-x64
 matrix:
   fast_finish: false
diff --git a/examples/postgresql-replication/README.md b/examples/postgresql-replication/README.md
@@ -9,9 +9,9 @@ Adjustments will have to be made for IP addresses and password.
 Once the primary and standby have applied their Puppet catalog you must bootstrap the standby:
 
 ```
-systemctl stop postgresql-9.6.service
-rm -rf /var/lib/pgsql/9.6/data/*
-sudo -u postgres pg_basebackup -h 192.168.52.11 -D /var/lib/pgsql/9.6/data -P -U repl -R --xlog-method=stream
+systemctl stop postgresql-11.service
+rm -rf /var/lib/pgsql/11/data/*
+sudo -u postgres pg_basebackup -h 192.168.52.11 -D /var/lib/pgsql/11/data -P -U repl -R --xlog-method=stream
 ```
 
 Once the bootstrap is done, re-run Puppet.

diff --git a/examples/postgresql-replication/postgresql.pp b/examples/postgresql-replication/postgresql.pp
@@ -14,7 +14,7 @@
 
 class { 'postgresql::globals':
   manage_package_repo => true,
-  version             => '9.6',
+  version             => '11',
 }
 class { 'postgresql::server':
   listen_addresses     => '*',

diff --git a/examples/postgresql-ssl/postgresql.pp b/examples/postgresql-ssl/postgresql.pp
@@ -6,7 +6,7 @@
 
 class { 'postgresql::globals':
   manage_package_repo => true,
-  version             => '9.6',
+  version             => '11',
 }
 
 class { 'postgresql::server':

diff --git a/manifests/agent.pp b/manifests/agent.pp
@@ -74,6 +74,9 @@
 #   Defaults to `C:\ProgramData\sensu\log\sensu-agent.log`
 # @param agent_entity_config_provider
 #   The provider to use when managing sensu_agent_entity_config resources
+# @param validate_entity
+#   Sets whether to validate the agent's entity before attempting
+#   to configure the entity
 #
 class sensu::agent (
   Optional[String] $version = undef,
@@ -98,6 +101,7 @@
   Boolean $show_diff = true,
   Optional[Stdlib::Absolutepath] $log_file = undef,
   Enum['sensuctl','sensu_api'] $agent_entity_config_provider = 'sensu_api',
+  Boolean $validate_entity = true,
 ) {
 
   include sensu
@@ -295,9 +299,11 @@
     subscribe => $service_subscribe,
   }
 
-  sensu_agent_entity_validator { $config['name']:
-    ensure    => 'present',
-    namespace => $config['namespace'],
-    provider  => 'sensu_api',
+  if $validate_entity {
+    sensu_agent_entity_validator { $config['name']:
+      ensure    => 'present',
+      namespace => $config['namespace'],
+      provider  => 'sensu_api',
+    }
   }
 }
diff --git a/manifests/api.pp b/manifests/api.pp
@@ -15,10 +15,12 @@
     validate_namespaces => $sensu::validate_namespaces,
   }
 
-  sensu_api_validator { 'sensu':
-    ensure           => 'present',
-    sensu_api_server => $sensu::api_host,
-    sensu_api_port   => $sensu::api_port,
-    use_ssl          => $sensu::use_ssl,
+  if $sensu::validate_api {
+    sensu_api_validator { 'sensu':
+      ensure           => 'present',
+      sensu_api_server => $sensu::api_host,
+      sensu_api_port   => $sensu::api_port,
+      use_ssl          => $sensu::use_ssl,
+    }
   }
 }
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -60,6 +60,8 @@
 #   Defaults to value used for `agent_password`.
 # @param validate_namespaces
 #   Determines if sensuctl and sensu_api types will validate their namespace exists
+# @param validate_api
+#   Determines if Sensu API is validated
 class sensu (
   String $version = 'installed',
   Stdlib::Absolutepath $etc_dir = '/etc/sensu',
@@ -80,6 +82,7 @@
   String $agent_password = 'P@ssw0rd!',
   Optional[String] $agent_entity_config_password = undef,
   Boolean $validate_namespaces = true,
+  Boolean $validate_api = true,
 ) {
 
   if $ssl_ca_content {

diff --git a/spec/acceptance/06_postgresql_spec.rb b/spec/acceptance/06_postgresql_spec.rb
@@ -15,7 +15,7 @@ class { 'sensu::agent':
       pp = <<-EOS
       class { 'postgresql::globals':
         manage_package_repo => true,
-        version             => '9.6',
+        version             => '11',
       }
       class { 'postgresql::server':}
       class { 'sensu::backend':

diff --git a/spec/acceptance/nodesets/amazonlinux-2.yml b/spec/acceptance/nodesets/amazonlinux-2.yml
diff --git a/spec/acceptance/nodesets/centos-7-cluster.yml b/spec/acceptance/nodesets/centos-7-cluster.yml
@@ -14,6 +14,8 @@ HOSTS:
     docker_image_commands:
       - "sed -i -r '/^tsflags/d' /etc/yum.conf"
       - 'yum install -y wget which iproute'
+      - 'wget --no-check-certificate https://copr.fedorainfracloud.org/coprs/jsynacek/systemd-backports-for-centos-7/repo/epel-7/jsynacek-systemd-backports-for-centos-7-epel-7.repo -O /etc/yum.repos.d/jsynacek-systemd-centos-7.repo'
+      - 'yum update -y systemd'
     docker_container_name: 'sensu-backend1-el7'
   sensu-backend2:
     roles:
@@ -28,6 +30,8 @@ HOSTS:
     docker_image_commands:
       - "sed -i -r '/^tsflags/d' /etc/yum.conf"
       - 'yum install -y wget which iproute'
+      - 'wget --no-check-certificate https://copr.fedorainfracloud.org/coprs/jsynacek/systemd-backports-for-centos-7/repo/epel-7/jsynacek-systemd-backports-for-centos-7-epel-7.repo -O /etc/yum.repos.d/jsynacek-systemd-centos-7.repo'
+      - 'yum update -y systemd'
     docker_container_name: 'sensu-backend2-el7'
   sensu-backend3:
     roles:
@@ -42,6 +46,8 @@ HOSTS:
     docker_image_commands:
       - "sed -i -r '/^tsflags/d' /etc/yum.conf"
       - 'yum install -y wget which iproute'
+      - 'wget --no-check-certificate https://copr.fedorainfracloud.org/coprs/jsynacek/systemd-backports-for-centos-7/repo/epel-7/jsynacek-systemd-backports-for-centos-7-epel-7.repo -O /etc/yum.repos.d/jsynacek-systemd-centos-7.repo'
+      - 'yum update -y systemd'
     docker_container_name: 'sensu-backend3-el7'
 CONFIG:
   log_level: debug

diff --git a/spec/acceptance/nodesets/centos-7.yml b/spec/acceptance/nodesets/centos-7.yml
@@ -12,6 +12,8 @@ HOSTS:
     docker_image_commands:
       - "sed -i -r '/^tsflags/d' /etc/yum.conf"
       - 'yum install -y wget which iproute'
+      - 'wget --no-check-certificate https://copr.fedorainfracloud.org/coprs/jsynacek/systemd-backports-for-centos-7/repo/epel-7/jsynacek-systemd-backports-for-centos-7-epel-7.repo -O /etc/yum.repos.d/jsynacek-systemd-centos-7.repo'
+      - 'yum update -y systemd'
     docker_env:
       - LANG=en_US.UTF-8
       - LANGUAGE=en_US.UTF-8
@@ -32,6 +34,8 @@ HOSTS:
     docker_image_commands:
       - "sed -i -r '/^tsflags/d' /etc/yum.conf"
       - 'yum install -y wget which initscripts iproute'
+      - 'wget --no-check-certificate https://copr.fedorainfracloud.org/coprs/jsynacek/systemd-backports-for-centos-7/repo/epel-7/jsynacek-systemd-backports-for-centos-7-epel-7.repo -O /etc/yum.repos.d/jsynacek-systemd-centos-7.repo'
+      - 'yum update -y systemd'
     docker_env:
       - LANG=en_US.UTF-8
       - LANGUAGE=en_US.UTF-8

diff --git a/spec/acceptance/windows_spec.rb b/spec/acceptance/windows_spec.rb
@@ -18,7 +18,8 @@
   context 'default' do
     pp = <<-EOS
     class { '::sensu':
-      api_host => 'localhost',
+      api_host     => 'localhost',
+      validate_api => false,
     }
     class { 'sensu::cli':
       install_source => 'https://s3-us-west-2.amazonaws.com/sensu.io/sensu-go/5.20.1/sensu-go_5.20.1_windows_amd64.zip',
@@ -65,14 +66,17 @@ class { 'sensu::cli':
 
   context 'default' do
     pp = <<-EOS
-    class { '::sensu': }
+    class { '::sensu':
+      validate_api => false,
+    }
     class { 'sensu::agent':
       backends         => ['sensu-backend:8081'],
       entity_name      => 'sensu-agent',
       service_env_vars => { 'SENSU_API_PORT' => '4041' },
       config_hash      => {
         'log-level' => 'info',
-      }
+      },
+      validate_entity  => false,
     }
     EOS
 
@@ -117,15 +121,18 @@ class { 'sensu::agent':
 
   context 'using package_source' do
     pp = <<-EOS
-    class { '::sensu': }
+    class { '::sensu':
+      validate_api => false,
+    }
     class { 'sensu::agent':
-      package_name   => 'Sensu Agent',
-      package_source => 'https://s3-us-west-2.amazonaws.com/sensu.io/sensu-go/5.20.1/sensu-go-agent_5.20.1.12427_en-US.x64.msi',
-      backends       => ['sensu-backend:8081'],
-      entity_name    => 'sensu-agent',
-      config_hash    => {
+      package_name    => 'Sensu Agent',
+      package_source  => 'https://s3-us-west-2.amazonaws.com/sensu.io/sensu-go/5.20.1/sensu-go-agent_5.20.1.12427_en-US.x64.msi',
+      backends        => ['sensu-backend:8081'],
+      entity_name     => 'sensu-agent',
+      config_hash     => {
         'log-level' => 'info',
-      }
+      },
+      validate_entity => false,
     }
     EOS
 

diff --git a/spec/classes/agent_spec.rb b/spec/classes/agent_spec.rb
@@ -117,8 +117,7 @@
           it { should_not contain_file('sensu-agent_env_vars') }
         end
 
-        context 'systemd systems deploy dropin', if: facts[:kernel] == 'Linux' do
-          let(:facts) { facts.merge({:service_provider => 'systemd'}) }
+        if facts[:service_provider] == 'systemd'
           it {
             should contain_systemd__dropin_file('sensu-agent-start.conf').with({
               'unit'    => 'sensu-agent.service',
@@ -127,7 +126,11 @@
             })
           }
         end
-        it { should_not contain_systemd__dropin_file('sensu-agent-start.conf') }
+
+        context 'when not systemd', if: facts[:kernel] == 'Linux' do
+          let(:facts) { facts.merge({:service_provider => 'sysvinit'}) }
+          it { should_not contain_systemd__dropin_file('sensu-agent-start.conf') }
+        end
 
         it {
           should contain_service('sensu-agent').with({
@@ -328,6 +331,16 @@
         it { should contain_package('sensu-go-agent').without_require }
       end
 
+      context 'when validate_entity => false' do
+        let(:params) do
+          {
+            validate_entity: false
+          }
+        end
+
+        it { is_expected.not_to contain_sensu_agent_entity_validator('localhost') }
+      end
+
       context 'with service_env_vars defined' do
         let(:params) {{ :service_env_vars => { 'SENSU_API_PORT' => '4041' } }}
         let(:service_env_vars_content) do

diff --git a/spec/classes/api_spec.rb b/spec/classes/api_spec.rb
@@ -38,6 +38,18 @@
         }
 
       end
+
+      context 'when validate_api => false' do
+        let(:pre_condition) do
+          <<-PP
+            class { 'sensu':
+              validate_api => false,
+            }
+          PP
+        end
+
+        it { is_expected.not_to contain_sensu_api_validator('sensu') }
+      end
     end
   end
 end