Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Sensu Entity Manager #154

Closed
wants to merge 1 commit into from
Closed

Add Sensu Entity Manager #154

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions integrations/sensu/entity-manager/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Changelog

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog][changelog] and this project adheres
to [Semantic Versioning][semver].

## Unreleased

- Initial implementation


[changelog]: http://keepachangelog.com/en/1.0.0/
[semver]: http://semver.org/spec/v2.0.0.html
120 changes: 120 additions & 0 deletions integrations/sensu/entity-manager/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
## Overview

<!-- Sensu Integration description; supports markdown -->

The Sensu Entity Manager integration provides automated management of agent subscriptions, labels, and annotations.

The Sensu Entity Manager works with any check or event producer that generates one instruction per line of `event.check.output` in any of the following formats:

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to add a section here mentioning what resources will be created on install

* **Subscriptions**

One subscription per line.

```
system/linux
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

weird formatting of readme inside all the block quotes when rendered by the Catalog ui. Catalog UI is adding extra indention for the first line. Catalog UI bug maybe?

Only workaround i can manifest is to add a blank line at the top of the block quote.

Not actionable here.

postgres
```

* **Labels & Annotations**

One key=value pair per line.

```
region=us-west-1
app_id=1234
```

* **Mix of subscriptions, labels, and annotations**

One command per line.

```
add-subscription system/linux
add-subscription postgres
add-label region=us-west-1
add-annotation application_id=1234
```

For more information, please visit the [sensu/sensu-entity-manager][sensu-entity-manager-github] project on GitHub.

## Dashboards

<!-- List of compatible dashboards w/ screenshots (supports png, jpeg, and gif images; relative paths only; e.g. `![](img/dashboard-1.png)` )-->

There are no compatible dashboards for this integration.

## Setup

<!-- Sensu Integration setup instructions, including Sensu agent configuration and external component configuration -->
<!-- EXAMPLE: what configuration (if any) is required in a third-party service to enable monitoring? -->

1. **Create an API Key for use with this integration, optionally including a dedicated "service account" user.**

Create an "entity-manager" service account (i.e. [role], [role-binding], and [user]):

```
sensuctl role create entity-manager --verb=update --resource entities
sensuctl role-binding create entity-manager --role=entity-manager --user=entity-manager
sensuctl user create entity-manager --password $(openssl rand -hex 16)
sensuctl api-key grant entity-manager
```

_NOTE: "service account users should be used for automation purposes only, with api-keys for authentication.
Generating and discarding a random password (e.g. `openssl rand -hex 16` or `uuid -v4`) is appropriate in this context._

The `sensuctl api-key grant` command should produce a response containing a 36-character UUID v4 formatted string:

```
Created: /api/core/v2/apikeys/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
```

Copy the `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` portion of the output.

If you are unable to generate a `role`, `role-binding`, `user`, and/or `api-key`, please contact your Sensu administrator.

## Plugins

<!-- Links to any Sensu Integration dependencies (i.e. Sensu Plugins) -->

- [sensu/sensu-entity-manager][sensu-entity-manager-bonsai] ([GitHub][sensu-entity-manager-github])

## Metrics & Events

<!-- List of all metrics or events collected by this integration. -->

This integration does not produce any [metrics].

## Alerts

<!-- List of all alerts generated by this integration. -->

<!-- This integration provides an alert & incident management processing pipeline for use with other monitoring integrations. By default this integration will process all events passing the [built-in `is_incident` filter][is_incident] (i.e. failing events and resolution events only). Event processing via this integration may be suppressed using [Sensu Silencing][silences] (see the [built-in `not_silenced` filter][not_silenced] for more details). -->

This integration does not produce any events that should be processed by an alert or incident management [pipeline].

## Reference Documentation

<!-- Please provide links to any relevant reference documentation to help users learn more and/or troubleshoot this integration; specifically including any third-party software documentation. -->

1. [Role-Based Access Controls (RBAC) for Sensu Go][rbac]
1. [Sensu Subscriptions][subscriptions]

<!-- Links -->
[check]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-schedule/checks/
[asset]: https://docs.sensu.io/sensu-go/latest/plugins/assets/
[subscription]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-schedule/subscriptions/
[subscriptions]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-schedule/subscriptions/
[agents]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-schedule/agent/
[annotation]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-schedule/agent/#general-configuration-flags
[plugins]: https://docs.sensu.io/sensu-go/latest/plugins/
[metrics]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-schedule/metrics/
[pipeline]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-process/pipelines/
[handler]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-process/handlers/
[secret]: https://docs.sensu.io/sensu-go/latest/operations/manage-secrets/secrets/
[secrets]: https://docs.sensu.io/sensu-go/latest/operations/manage-secrets/secrets/
[tokens]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-schedule/tokens/
[handler-templating]: https://docs.sensu.io/sensu-go/latest/observability-pipeline/observe-process/handler-templates/
[sensu-plus]: https://sensu.io/features/analytics
[sensu-entity-manager-bonsai]: https://bonsai.sensu.io/assets/sensu/sensu-entity-manager
[sensu-entity-manager-github]: https://github.com/sensu/sensu-entity-manager
[rbac]: https://docs.sensu.io/sensu-go/latest/operations/control-access/rbac/
Binary file added integrations/sensu/entity-manager/logo.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
58 changes: 58 additions & 0 deletions integrations/sensu/entity-manager/sensu-integration.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
---
api_version: catalog/v1
type: Integration
metadata:
namespace: sensu
name: entity-manager
spec:
class: supported
provider: discovery
display_name: "Sensu Entity Manager"
short_description: "Real-time subscription and entity metadata management (for use with auto-discovery checks)"
supported_platforms:
- darwin
- linux
- windows
tags:
- sensu
- discovery
- auto discovery
- service discovery
contributors:
- "@sensu"
- "@calebhailey"
prompts:
- type: section
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to convert this section to using the optional secrets pattern like in elasticsearch integration

title: Secrets Management
- type: markdown
body: |
This integration requires a Sensu API Key that provides write access to the Entities API.
- type: question
name: secret_provider
input:
type: string
title: Secret Provider
enum:
- env
- vault
default: env
- type: question
name: secret_id
input:
type: string
title: Secret ID
description: >-
Provide the Secret identifier (i.e. environment variable name, or Vault secret key/path)
default: SENSU_ENTITY_MANAGER_API_KEY
resource_patches:
- resource:
api_version: secrets/v1
type: Secret
name: entity-manager-api-key
patches:
- path: /spec/provider
op: replace
value: "[[secret_provider]]"
- path: /spec/id
op: replace
value: "[[secret_id]]"
117 changes: 117 additions & 0 deletions integrations/sensu/entity-manager/sensu-resources.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,117 @@
---
type: Pipeline
api_version: core/v2
metadata:
name: entity-manager
labels:
provider: discovery
spec:
workflows:
- name: subscription-manager
filters:
- api_version: core/v2
type: EventFilter
name: has_subscriptions
handler:
api_version: core/v2
type: Handler
name: subscription-manager
- name: label-manager
filters:
- api_version: core/v2
type: EventFilter
name: has_labels
handler:
api_version: core/v2
type: Handler
name: label-manager
- name: annotation-manager
filters:
- api_version: core/v2
type: EventFilter
name: has_annotations
handler:
api_version: core/v2
type: Handler
name: annotation-manager

---
type: Handler
api_version: core/v2
metadata:
name: subscription-manager
spec:
type: pipe
command: >-
sensu-entity-manager
--api-url https://${SENSU_API_URL}:8080
--add-subscriptions
runtime_assets:
- sensu/sensu-entity-manager:0.3.0
timeout: 5
secrets:
- name: SENSU_API_KEY
secret: entity-manager-api-key

---
type: Handler
api_version: core/v2
metadata:
name: label-manager
spec:
type: pipe
command: >-
sensu-entity-manager
--api-url https://${SENSU_API_URL}:8080
--add-labels
runtime_assets:
- sensu/sensu-entity-manager:0.3.0
timeout: 5
secrets:
- name: SENSU_API_KEY
secret: entity-manager-api-key

---
type: Secret
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to remove this Secret defintion as part of hte refactor to use env vars with optional secrets

api_version: secrets/v1
metadata:
name: entity-manager-api-key
spec:
provider: env
id: SENSU_ENTITY_MANAGER_API_KEY

---
type: EventFilter
api_version: core/v2
metadata:
name: has_subscriptions
spec:
action: allow
expressions:
- event.check.annotations.discovery == subscriptions
- event.check.status == 0
- event.check.occurrences == 1

---
type: EventFilter
api_version: core/v2
metadata:
name: has_labels
spec:
action: allow
expressions:
- event.check.annotations.discovery == labels
- event.check.status == 0
- event.check.occurrences == 1

---
type: EventFilter
api_version: core/v2
metadata:
name: has_annotations
spec:
action: allow
expressions:
- event.check.annotations.discovery == annotations
- event.check.status == 0
- event.check.occurrences == 1
Loading