Code Monkey home page Code Monkey logo

terraform-provider-sensu's Introduction

terraform-provider-sensu

Sensu Go resource provider for Terraform

This provider is maintained on a volunteer basis. Please excuse any delay in response.

Prerequisites

Terraform Configuration Example

provider "sensu" {
	api_url   = "http://127.0.0.1:8080"
	username  = "admin"
	password  = "password"
	namespace = "default"
}

resource "sensu_check" "check_1" {
	name     = "check_1"
	command  = "/bin/foo"
	interval = 600

	subscriptions = [
		"foo",
		"bar",
	]
}

Installation

Using a Pre-Built Binary

Downloading and installing a pre-compiled terraform-provider-sensu release is the recommended method of installation since it requires no additional tools or libraries to be installed on your workstation.

  1. Visit the releases page and download the latest release for your target architecture.

  2. Unzip the downloaded file and copy the terraform-provider-sensu binary to a designated directory as described in Terraform's plugin installation instructions.

Building from Source

Note: Terraform requires Go 1.9 or later to successfully compile.

  1. Follow these instructions to setup a Golang development environment.
  2. Run:
$ go get -v -u github.com/jtopjian/terraform-provider-sensu
$ cd $GOPATH/src/github.com/jtopjian/terraform-provider-sensu
$ make build

You should now have a terraform-provider-sensu binary located at $GOPATH/bin/terraform-provider-sensu. Copy this binary to a designated directory as described in Terraform's plugin installation instructions

Development

  • This provider attempts to adere to the best practices of developing Terraform providers.
  • This project is using Go modules for dependencies.

Documentation

Full documentation can be found in the docs directory.

terraform-provider-sensu's People

Contributors

devinlyons avatar fgouteroux avatar jtopjian avatar korjek avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

yelp mylesw42 fgouteroux bd16s tubular cixelsyd packetsloth wat-org devinlyons shubhambjadhavar piyushvasandani

terraform-provider-sensu's Issues

Change user password

Hi!
First of all I want to than you for your work, this terraform provider has greatly simplified my workflow.

I would like to let you know one small issue I have experienced.

The process I have followed to encounter this issue is:

  1. Deploy sensu
  2. Apply configuration with terraform, changing the default user agent password to one of my choosing
  3. Delete sensu deployment and deploy again without persisting the past configuration (a clean installation)
  4. Apply the configuration with terraform

This creates two situations:

  1. terraform plan outputs there are no changes to the user, even though the default agent password is in place, not the one I want. This is due to the fact that terraform knows the password of the tfstate but not the actual password of the user agent
  2. If I change the password, terraform plan correctly outputs a change in the user, and terraform apply succeds. But the password of the user is not changed, because the call to the API endpoint /api/core/v2/users/agent/password is done with the password stored in the tfstate instead of the default/correct one

One way to mitigate this issue would be to attempt to login with the API endpoint /auth with the stored credentials in the tfstate before actually applying the change. If the login doesn't succeed, try with the default password.

I understand this is a very edge case and not really an important issue, I just wanted to bring it to your attention.

Feel free to close this issue if you view it as an extremely rare case and have a great day!

"runtime_assets" not supported for sensu handlers

Any reason why "runtime_assets" are not supported for sensu handlers? It seems like you're supporting "runtime_assets" for sensu checks already.

This can probably not let anyone using this provider to configure handlers properly.

Add cluster-role/cluster-role-binding support

Hello.

This is a feature request.

There is no possibility to create cluster-role/cluster-role-binding with sensu provider.
That would be great if the support of cluster-role/cluster-role-binding added to sensu provider.

check_hook block

Hello!

First of all I would like to thank your work. It´s a great provider!

I have found a problem using check_hook under check resource item.

I´m using this provider info:

provider "aws" {
  region  = var.aws_region
  profile = "***************"
  assume_role {
    role_arn     = "arn:aws:iam::***************:role/***************"
    session_name = "session"
  }
  alias = "aws"
}

provider "sensu" {
  api_url                  = "https://***************/"
  username                 = "***************"
  password                 = "***************"
  namespace                = "default"
  insecure_skip_tls_verify = true
}

# S3 Backend
terraform {
  required_version = ">= 0.14.8"
  backend "s3" {
    bucket         = "***************"
    key            = "***************/***************"
    region         = "eu-west-1"
    profile        = "***************"
    dynamodb_table = "***************"
    role_arn       = "arn:aws:iam::******:role/***********"
  }
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.58.0"
    }
    sensu = {
      source  = "jtopjian/sensu"
      version = "~> 0.12.0"
    }
  }
}

Then I define the hook:

resource "sensu_hook" "ntp_hook" {
  name    = "ntp_hook"
  command = "sudo systemctl restart ntpd.service"
}

This works like a charm.

When I configure this hook under check resource:

resource "sensu_check" "ntp_linux" {
  namespace = data.sensu_namespace.default.name
  name      = "ntp_linux"
  annotations = {
    "sensu.io.json_attributes" = "{\"keepalive\":false}"
  }
  command  = "check-ntp.rb"
  publish  = true
  interval = 3600
  timeout  = 30
  ttl      = 7200
  handlers = ["default", "*******", "*******"]

  subscriptions = [
    "Linux"
  ]

  check_hook {
    hook    = "ntp_hook"
    trigger = "1"
  }

}

It crashes the terraform apply with this output:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated
with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # sensu_check.ntp_linux will be updated in-place
  ~ resource "sensu_check" "ntp_linux" {
        id                     = "ntp_linux"
        name                   = "ntp_linux"
        # (17 unchanged attributes hidden)

      + check_hook {
          + hook    = "ntp_hook"
          + trigger = "1"
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

sensu_check.ntp_linux: Modifying... [id=ntp_linux]
╷
│ Error: Plugin did not respond
│
│   with sensu_check.ntp_linux,
│   on 09-linux_ntp.tf line 1, in resource "sensu_check" "ntp_linux":
│    1: resource "sensu_check" "ntp_linux" {
│
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ApplyResourceChange call.
│ The plugin logs may contain more details.
╵
Releasing state lock. This may take a few moments...

Stack trace from the terraform-provider-sensu_v0.12.0 plugin:

panic: interface conversion: interface {} is *schema.Set, not []interface {}

goroutine 98 [running]:
github.com/jtopjian/terraform-provider-sensu/sensu.resourceCheckUpdate(0xc0004ed500, 0x20aeca0, 0xc0001ae780, 0x24, 0x2e926e0)
        github.com/jtopjian/terraform-provider-sensu/sensu/resource_check.go:482 +0x1d27
github.com/hashicorp/terraform-plugin-sdk/helper/schema.(*Resource).Apply(0xc00028f580, 0xc0000baaf0, 0xc00082fe60, 0x20aeca0, 0xc0001ae780, 0x1f43501, 0xc0001b7888, 0xc0005a85a0)
        github.com/hashicorp/[email protected]/helper/schema/resource.go:311 +0x263
github.com/hashicorp/terraform-plugin-sdk/helper/schema.(*Provider).Apply(0xc00028fe00, 0xc00017ba38, 0xc0000baaf0, 0xc00082fe60, 0xc0006fd168, 0xc000287590, 0x1f46220)
        github.com/hashicorp/[email protected]/helper/schema/provider.go:294 +0x99
github.com/hashicorp/terraform-plugin-sdk/internal/helper/plugin.(*GRPCProviderServer).ApplyResourceChange(0xc0000a0cb8, 0x240f6e0, 0xc0002ba0f0, 0xc00082a4e0, 0xc0000a0cb8, 0xc0002ba0f0, 0xc0006c5ba0)
        github.com/hashicorp/[email protected]/internal/helper/plugin/grpc_provider.go:885 +0x8b4
github.com/hashicorp/terraform-plugin-sdk/internal/tfplugin5._Provider_ApplyResourceChange_Handler(0x20b3500, 0xc0000a0cb8, 0x240f6e0, 0xc0002ba0f0, 0xc00082a480, 0x0, 0x240f6e0, 0xc0002ba0f0, 0xc00018e800, 0x762)
        github.com/hashicorp/[email protected]/internal/tfplugin5/tfplugin5.pb.go:3189 +0x217
google.golang.org/grpc.(*Server).processUnaryRPC(0xc000489040, 0x241d880, 0xc000642900, 0xc0003a4400, 0xc0004fdfb0, 0x2e52f60, 0x0, 0x0, 0x0)
        google.golang.org/[email protected]/server.go:1082 +0x50a
google.golang.org/grpc.(*Server).handleStream(0xc000489040, 0x241d880, 0xc000642900, 0xc0003a4400, 0x0)
        google.golang.org/[email protected]/server.go:1405 +0xccd
google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc0006a0360, 0xc000489040, 0x241d880, 0xc000642900, 0xc0003a4400)
        google.golang.org/[email protected]/server.go:746 +0xa1
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/[email protected]/server.go:744 +0xa1

Error: The terraform-provider-sensu_v0.12.0 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Time: 0h:00m:26s

Did you see something I can fix????

Thanks for this great work!!!!

Support sensu secrets

I am keen to see sensu secrets get added to this provider. I am happy to help implement it.

I am thinking it could look something like this:

resource "sensu_secret" "check_1" {
  name     = "pagerduty_key"
  namespace = "default"
  spec {
    id = "SENSU_PAGERDUTY_KEY"
    provider = "env"
  }
}

I had a quick look at the sensu client code (https://github.com/jtopjian/terraform-provider-sensu/tree/master/vendor/github.com/sensu/sensu-go/cli/client) but it was not clear to me how to create/delete/update sensu secrets from there, I would definitely appreciate some pointers to where I could find that if you know!

Probably a better idea to compile this provider with static binaries?

I have tried to run this provider on Alpine docker image, and I keep getting this error on terraform plan/apply:

* provider.sensu: fork/exec /tmp/prod/us-east-2/sensu/sensu-config/.terraform.d/plugins/linux_amd64/terraform-provider-sensu_v0.4.0_x4: no such file or directory

On a quick google search to see if there are any other providers which hit this issue, I found that the same issue was encountered by terraform-provider-helm.

Here are some links which helped me find the workaround of using libc6-compat package:
hashicorp/terraform-provider-helm#104
hashicorp/terraform-provider-helm#111

Filter has default when block which makes the filter not behave correctly.

For filters, the when block is optional. However, from our testing, if we do not specify when block, the resulting filter would have an empty when block that render the filter useless. The empty when block is not there if we use sensu-go UI to crate it.

Filter terraform code:

resource "sensu_filter" "filter_interval" {
  name = "filter_interval"
  action = "allow"
  expressions = [
    "event.check.interval == 10",
    "event.check.occurrences == 0 || event.check.occurrences %3 == 0",
  ]
}

resulting filter config from sensuctl command:

{
    "metadata": {
      "name": "filter_interval",
      "namespace": "test",
      "created_by": "admin"
    },
    "action": "allow",
    "expressions": [
      "event.check.interval == 10",
      "event.check.occurrences == 0 || event.check.occurrences % 3 == 0"
    ],
    "when": {
      "days": {}
    },
    "runtime_assets": null
  },

Filter config with same expression using sensu UI:

{
    "metadata": {
      "name": "manual_filter",
      "namespace": "test"
    },
    "action": "allow",
    "expressions": [
      "event.check.interval == 10",
      "event.check.occurrences == 0 || event.check.occurrences % 3 == 0"
    ],
    "runtime_assets": null
  }

Fix Sensu Check Subdues

The Sensu Check subdues feature is not working as expected. Sensu has upgraded the feature and this terraform provider is not able to properly create the subdues anymore. More specifically the provider is not able to handle the improved date time format that is recommended in the Sensu docs.

Here is an example error: Error: Unable to update check check_systemd: resource is invalid: parsing time "2023-11-27T13:10:00-07:00": hour out of range.

ClusterRole only supports a single rule block - Sensu Go allows multiple rules for a ClusterRole

According to https://registry.terraform.io/providers/jtopjian/sensu/latest/docs/resources/cluster_role, only one rule block is allowed.

resource "sensu_cluster_role" "cluster_role_1" {
  name = "my_role"
  rule {
    verbs = ["get", "list"]
    resource = ["checks"]
  }
}

In Sensu Go 6's ClusterRole spec, multiple rules are possible.
https://docs.sensu.io/sensu-go/latest/operations/control-access/rbac/#role-example

---
type: Role
api_version: core/v2
metadata:
  name: namespaced-resources-all-verbs
  namespace: default
spec:
  rules:
  - resource_names: []
    resources:
    - assets
    - checks
    - entities
    - events
    - filters
    - handlers
    - hooks
    - mutators
    - rolebindings
    - roles
    - silenced
    verbs:
    - get
    - list
    - create
    - update
    - delete

Possible that the spec has changed for Sensu Go 6

Unable to configure sensu filters

In the documentation, it was mentioned that when is optional, but when I try to configure as follows, this doesn't work:

resource "sensu_filter" "filters" {
  count = "${length(var.filters_list)}"
  name = "${lookup(var.filters_list[count.index], "name", "common")}"
  action = "${lookup(var.filters_list[count.index], "action", "")}"

  expressions = [ "${compact(split(",", lookup(var.filters_list[count.index], "expressions")))}" ]
}

On a plan/apply:

Terraform will perform the following actions:

  + sensu_filter.filters
      id:            <computed>
      action:        "deny"
      expressions.#: "1"
      expressions.0: "((event.check.status == 1) && (event.check.occurrences % (3600 / event.check.interval) != 0))"
      name:          "filter_elasticsearch_status_hourly"
      namespace:     <computed>


Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

sensu_filter.filters: Creating...
  action:        "" => "deny"
  expressions.#: "" => "1"
  expressions.0: "" => "((event.check.status == 1) && (event.check.occurrences % (3600 / event.check.interval) != 0))"
  name:          "" => "filter_elasticsearch_status_hourly"
  namespace:     "" => "<computed>"

Error: Error applying plan:

1 error(s) occurred:

* sensu_filter.filters: 1 error(s) occurred:

* sensu_filter.filters: Unable to create filter filter_elasticsearch_status_hourly: {"message":"filter_elasticsearch_status_hourly","code":3}

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

Am I missing something?

Sensu asset will not update using new `build` block syntax

In the doc page for assets the basic example shows the new way to define an asset using the build block. It seems that assets do not get updated when using the build block.

terraform plan and apply both correctly show what should be updated but when you run apply the resource is unchanged.

Here is our example resource

resource "sensu_asset" "sensu-plugins-foo" {
  name = "sensu-plugins-foo"

  build {
    sha512 = "fa6b95de15bd598024305b2c105f625a9f3275cc1e3b8c195b2731d903f7c1308cdcc5c2f14b8a9662566595d32180973ae9bcf9edfc8665799f69f1481858df"
    url    = "http://here.foo/sensu-plugin-foo_0.19.0_linux_amd64.tar.gz"
    filters = [
      "entity.system.os == 'linux'",
      "entity.system.arch == 'amd64'",
    ]
  }
}

If we update the version and hash we see the expected changes when running terraform

  # sensu_asset.sensu-plugins-foo will be updated in-place
  ~ resource "sensu_asset" "sensu-plugins-foo" {
        annotations = {}
        filters     = []
        headers     = {}
        id          = "sensu-plugins-foo"
        labels      = {}
        name        = "sensu-plugins-foo"
        namespace   = "infra"

      ~ build {
            filters = [
                "entity.system.os == 'linux'",
                "entity.system.arch == 'amd64'",
            ]
            headers = {}
          ~ sha512  = "2f5ade30cf2db44556d84e21860142bf211dda1d7b50105cfba448731df0a861d4eaeafd292813d15cabca85b23a0c4093b3c6e608cef5ac9750a5730fcc361c" -> "f
a6b95de15bd598024305b2c105f625a9f3275cc1e3b8c195b2731d903f7c1308cdcc5c2f14b8a9662566595d32180973ae9bcf9edfc8665799f69f1481858df"
          ~ url     = "http://here.foo/sensu-plugin-foo_0.19.0_linux_amd64.tar.gz" -> "http://here.foo/sensu-plugin-foo_0.20.0_linux_amd64.tar.gz"
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

And when the change is applied, terraform reports success (1 item changed).

When we look at the assets defined with sensuctl we still have the old asset.

If we remove the build block and go back to the deprecated syntax everything works as expected.

When time allows we'll dig into this further and look at opening a PR to fix but figured I'd open the issue in-case someone else has time to dig in first :-)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.