Add ability to name namespace sensitive objects.

CHANGELOG.md

@@ -6,6 +6,10 @@ This CHANGELOG follows the format located [here](https://github.com/sensu-plugin
 
 ## [Unreleased]
 
+### Added
+
+- Added ability to name namespace-sensitive assets in Sensu (@devinlyons)
+
 ## [1.4.0] - 2020-03-10
 
 ### Fixed

README.md

@@ -283,6 +283,7 @@ The sensu_check resource is used to define check objects.
 * `interval` The frequency in seconds the check is executed.
 * `low_flap_threshold` The flap detection low threshold, in percent
 * `namespace` the Sensu RBAC namespace that this check belongs to, default: *default*
+* `check_name` The name to give the check in Sensu, default: *resource id*
 * `proxy_entity_name` Used to create a proxy entity for an external resource
 * `proxy_requests`  A [Sensu Proxy Request](https://docs.sensu.io/sensu-go/latest/reference/checks/#proxy-requests-attributes), representing Sensu entity attributes to match entities in the registry.
 * `publish` If check requests are published for the check
@@ -338,7 +339,8 @@ end
 * `filters` an array of Sensu event filter names to use
 * `handlers` an array of Sensu event handler names to use for events
 * `mutator` mutator to use to mutate event data for the handler
-* `namespace` the Sensu RBAC namespace that this check belongs to, default: *default*
+* `namespace` the Sensu RBAC namespace that this handler belongs to, default: *default*
+* `handler_name` The name to give the handler in Sensu, default: *resource id*
 * `runtime_assets` An array of [Sensu assets](https://docs.sensu.io/sensu-go/latest/reference/assets/) required at runtime for the execution of the `command`
 * `secrets` an array of hashes of name/secret pairs to use with command execution
 * `socket` the socket definition scope, used to configure the TCP/UDP handler socket
@@ -364,7 +366,8 @@ Used to define hooks for sensu checks
 #### Properties
 
 * `command` **required** command to be executed
-* `namespace` the Sensu RBAC namespace that this check belongs to, default: *default*
+* `namespace` the Sensu RBAC namespace that this filter belongs to, default: *default*
+* `hook_name` The name to give the hook in Sensu, default: *resource id*
 * `timeout` duration timeout in seconds (hard stop)
 * `stdin`  If the Sensu agent writes JSON serialized Sensu entity and check data to the command process’ STDIN. The command must expect the JSON data via STDIN, read it, and close STDIN. This attribute cannot be used with existing Sensu check plugins, nor Nagios plugins etc, as Sensu agent will wait indefinitely for the hook process to read and close STDIN
 
@@ -394,7 +397,8 @@ Used to define filters for sensu checks
 
 * `filter_action` **required** action to take with the event if the filter statements match. One of: `allow`, `deny`
 * `expressions` **required** filter expressions to be compared with event data.
-* `namespace` the Sensu RBAC namespace that this check belongs to, default: *default*
+* `namespace` the Sensu RBAC namespace that this filter belongs to, default: *default*
+* `filter_name` The name to give the filter in Sensu, default: *resource id*
 * `when` the [when definition scope](https://docs.sensu.io/sensu-go/latest/reference/filters/#when-attributes), used to determine when a filter is applied with time windows
 
 #### Examples
@@ -425,7 +429,8 @@ A handler can specify a mutator to transform event data. This resource can defin
 
 * `command` **required** the command to run
 * `env_vars` an array of environment variables to use with command execution
-* `namespace` the Sensu RBAC namespace that this check belongs to, default: *default*
+* `namespace` the Sensu RBAC namespace that this mutator belongs to, default: *default*
+* `mutator_name` The name to give the mutator in Sensu, default: *resource id*
 * `secrets` an array of hashes of name/secret pairs to use with command execution
 * `timeout` the execution duration timeout in seconds
 
@@ -450,6 +455,7 @@ At runtime the agent can sequentially fetch assets and store them in its local c
 * `sha512` **required** the checksum of the asset.
 * `url` **required** the URL location of the asset.
 * `namespace` the Sensu RBAC namespace that this check belongs to, default: *default*
+* `asset_name` The name to give the asset in Sensu, default: *resource id*
 * `builds` List, defines multiple artifacts that provide the named asset.
 * `headers` Optional HTTP headers to apply to dynamic runtime asset retrieval
 
@@ -486,7 +492,8 @@ An entity is a representation of anything that needs to be monitored. From Sensu
 * `entity_class` **required** the entity type, should be either `agent` or `proxy`.
 * `deregister` Whether or not the entity should be removed from Sensu once the Sensu agent process's keepalive dies. Not needed for proxy entities.
 * `deregistration` Hash of handlers for use when the entity is deregistered. Not needed for proxy entities.
-* `namespace` the Sensu RBAC namespace that this check belongs to, default: *default*
+* `namespace` the Sensu RBAC namespace that this entity belongs to, default: *default*
+* `entity_name` The name to give the entity in Sensu, default: *resource id*
 * `redact` List of items to redact from log messages and dashboard. If a value is provided, it overwrites the default list of items to be redacted.
 * `sensu_agent_version` Version of the agent entity running on the machine. Not needed for proxy entities.
 * `subscriptions` An array of subscriptions. If no subscriptions are provided, it defaults to an entity-specific subscription list: `[entity:{ID}]`.
@@ -707,7 +714,8 @@ Create a secret that Sensu can grab from a secret provider so that sensitive inf
 #### Properties
 
 * `id` **required** The key to use to retrive the secret. For the Env secrets provider, this is the environment variable. For the Vault secrets provider, this is the path and key in the form of `secret/path#key`. Currently, the Vault secrets provider does not support any base engine paths other than "secret/" for v2 K/V secrets engine.
-* `namespace` the Sensu RBAC namespace that this check belongs to, default: *default*
+* `namespace` the Sensu RBAC namespace that this secret belongs to, default: *default*
+* `secret_name` The name to give the secret in Sensu, default: *resource id*
 * `secrets_provider` **required** Name of the provider, all in lowercase, ex: `'env'`, `'vault'`
 
 #### Examples
@@ -827,6 +835,7 @@ Create a save search that can be used in the Sensu web interface (commercial fea
 #### Properties
 
 * `namespace` namespace for the save search
+* `search_name` The name to give the search in Sensu, default: *resource id*
 * `parameters` **required** parameters the search will apply
 * `resource`  **required** fully qualified name of the resource
 

libraries/helpers.rb

@@ -9,22 +9,41 @@ def type_from_name
     # Pluralize object directory name
     def object_dir(plural = true)
       dirname = new_resource.declared_type.to_s.gsub(/^sensu_/, '')
+
+      base_path = ::File.join(new_resource.config_home, dirname)
       if plural
-        ::File.join(new_resource.config_home, dirname) + 's'
+        base_path += 's'
+      else
+
+      prop_name = dirname + "_name"
+      if !new_resource[prop_name].nil? && !new_resource["namespace"].nil?
+        ::File.join(base_path, new_resource.namespace)
       else
-        ::File.join(new_resource.config_home, dirname)
+        base_path
       end
     end
 
     def object_file(plural = true)
-      ::File.join(object_dir(plural), new_resource.name) + '.json'
+      prop_name = new_resource.declared_type.to_s.gsub(/^sensu_/, '') + '_name'
+      file_name = new_resource.name
+
+      if !new_resource[prop_name].nil? && !new_resource["namespace"].nil?
+        file_name = new_resource[prop_name]
+      end
+
+      ::File.join(object_dir(plural), file_name) + '.json'
     end
 
-    def base_resource(new_resource, spec = Mash.new, api_version = 'core/v2')
+    def base_resource(new_resource, spec = Mash.new, api_version = 'core/v2', override_name = nil)
       obj = Mash.new
       meta = Mash.new
 
-      meta['name'] = new_resource.name
+      if override_name == nil
+        meta['name'] = new_resource.name
+      else
+        meta['name'] = override_name
+      end
+
       meta['labels'] = new_resource.labels if new_resource.labels
       meta['annotations'] = new_resource.annotations if new_resource.annotations
 
@@ -64,7 +83,7 @@ def check_from_resource
       spec['output_metric_format'] = new_resource.output_metric_format if new_resource.output_metric_format
       spec['output_metric_handlers'] = new_resource.output_metric_handlers if new_resource.output_metric_handlers
 
-      c = base_resource(new_resource, spec)
+      c = base_resource(new_resource, spec, override_name = new_resource.check_name)
       c['metadata']['namespace'] = new_resource.namespace
       c
     end
@@ -79,8 +98,7 @@ def asset_from_resource
         spec['builds'] = new_resource.builds
       end
       spec['headers'] = new_resource.headers if new_resource.headers
-      a = base_resource(new_resource, spec)
-      a['metadata']['namespace'] = new_resource.namespace
+      a = base_resource(new_resource, spec, override_name = new_resource.asset_name)
       a
     end
 
@@ -97,7 +115,7 @@ def handler_from_resource
       spec['timeout'] = new_resource.timeout if new_resource.timeout
       spec['type'] = new_resource.type
 
-      h = base_resource(new_resource, spec)
+      h = base_resource(new_resource, spec, override_name = new_resource.handler_name)
       h['metadata']['namespace'] = new_resource.namespace
       h
     end
@@ -108,7 +126,7 @@ def hook_from_resource
       spec['timeout'] = new_resource.timeout if new_resource.timeout
       spec['stdin'] = new_resource.stdin if new_resource.stdin
 
-      h = base_resource(new_resource, spec)
+      h = base_resource(new_resource, spec, override_name = new_resource.hook_name)
       h['metadata']['namespace'] = new_resource.namespace
       h
     end
@@ -120,7 +138,7 @@ def filter_from_resource
       spec['when'] = new_resource.when if new_resource.when
       spec['runtime_assets'] = new_resource.runtime_assets if new_resource.runtime_assets
 
-      f = base_resource(new_resource, spec)
+      f = base_resource(new_resource, spec, override_name = new_resource.filter_name)
       f['type'] = 'Event' + type_from_name
       f['metadata']['namespace'] = new_resource.namespace
       f
@@ -133,7 +151,7 @@ def mutator_from_resource
       spec['secrets'] = new_resource.secrets if new_resource.secrets
       spec['timeout'] = new_resource.timeout if new_resource.timeout
 
-      m = base_resource(new_resource, spec)
+      m = base_resource(new_resource, spec, override_name = new_resource.mutator_name)
       m['metadata']['namespace'] = new_resource.namespace
       m
     end
@@ -149,7 +167,7 @@ def entity_from_resource
       spec['system'] = new_resource.system if new_resource.system
       spec['user'] = new_resource.user if new_resource.user
 
-      e = base_resource(new_resource, spec)
+      e = base_resource(new_resource, spec, override_name = new_resource.entity_name)
       e['metadata']['namespace'] = new_resource.namespace
       e
     end
@@ -166,7 +184,7 @@ def role_from_resource
         'rules' => new_resource.rules,
       }
 
-      role = base_resource(new_resource, spec)
+      role = base_resource(new_resource, spec, override_name = new_resource.role_name)
       role['metadata']['namespace'] = new_resource.namespace
       role
     end
@@ -187,7 +205,7 @@ def role_binding_from_resource
         'subjects' => new_resource.subjects,
       }
 
-      binding = base_resource(new_resource, spec)
+      binding = base_resource(new_resource, spec, override_name = new_resource.role_binding_name)
       binding['metadata']['namespace'] = new_resource.namespace
       binding
     end
@@ -243,7 +261,7 @@ def secret_from_resource
       spec = {}
       spec['id'] = new_resource.id
       spec['provider'] = new_resource.secrets_provider
-      secret = base_resource(new_resource, spec, 'secrets/v1')
+      secret = base_resource(new_resource, spec, 'secrets/v1', override_name = new_resource.secret_name)
       secret['metadata']['namespace'] = new_resource.namespace
       secret
     end
@@ -283,7 +301,7 @@ def search_from_resource
       spec = {}
       spec['parameters'] = new_resource.parameters
       spec['resource'] = new_resource.resource
-      search = base_resource(new_resource, spec, 'searches/v1')
+      search = base_resource(new_resource, spec, 'searches/v1', override_name = new_resource.search_name)
       search['metadata']['namespace'] = new_resource.namespace
       search
     end

resources/asset.rb

@@ -58,6 +58,7 @@
 }
 property :namespace, String, default: 'default'
 property :headers, Hash, default: {}
+property :asset_name, String
 
 action_class do
   include SensuCookbook::Helpers
@@ -86,10 +87,10 @@
 action :update do
   file object_file do
     action :delete
-    notifies :run, "execute[sensuctl asset update #{new_resource.name}]"
+    notifies :run, "execute[sensuctl asset update #{new_resource.name} --namespace #{new_resource.namespace}]"
   end
 
-  execute "sensuctl asset update #{new_resource.name}" do
+  execute "sensuctl asset update #{new_resource.name} --namespace #{new_resource.namespace}" do
     command sensuctl_asset_update_cmd
     action :nothing
   end

resources/check.rb

@@ -51,6 +51,7 @@
 property :output_metric_format, String
 property :output_metric_handlers, Array
 property :namespace, String, default: 'default'
+property :check_name, String
 
 action_class do
   include SensuCookbook::Helpers
@@ -75,10 +76,10 @@
 action :delete do
   file object_file do
     action :delete
-    notifies :run, "execute[sensuctl check delete #{new_resource.name} --skip-confirm]"
+    notifies :run, "execute[sensuctl check delete #{new_resource.name} --namespace #{new_resource.namespace} --skip-confirm]"
   end
 
-  execute "sensuctl check delete #{new_resource.name} --skip-confirm" do
+  execute "sensuctl check delete #{new_resource.name} --namespace #{new_resource.namespace} --skip-confirm" do
     action :nothing
   end
 end

resources/entity.rb

@@ -42,6 +42,7 @@
 property :system, Hash
 property :user, String
 property :namespace, String, default: 'default'
+property :entity_name, String
 
 action :create do
   directory object_dir do

resources/filter.rb

@@ -35,6 +35,7 @@
 property :when, Hash
 property :runtime_assets, Array
 property :namespace, String, default: 'default'
+property :filter_name, String
 
 action_class do
   include SensuCookbook::Helpers
@@ -59,10 +60,10 @@
 action :delete do
   file object_file do
     action :delete
-    notifies :run, "execute[sensuctl filter delete #{new_resource.name} --skip-confirm]"
+    notifies :run, "execute[sensuctl filter delete #{new_resource.name} --namespace #{new_resource.namespace} --skip-confirm]"
   end
 
-  execute "sensuctl filter delete #{new_resource.name} --skip-confirm" do
+  execute "sensuctl filter delete #{new_resource.name} --namespace #{new_resource.namespace} --skip-confirm" do
     action :nothing
   end
 end

resources/handler.rb

@@ -41,6 +41,7 @@
 property :timeout, Integer
 property :type, String, equal_to: %w(pipe tcp udp set), required: true
 property :namespace, String, default: 'default'
+property :handler_name, String
 
 action_class do
   include SensuCookbook::Helpers
@@ -65,10 +66,10 @@
 action :delete do
   file object_file do
     action :delete
-    notifies :run, "execute[sensuctl handler delete #{new_resource.name} --skip-confirm]"
+    notifies :run, "execute[sensuctl handler delete #{new_resource.name} --namespace #{new_resource.namespace} --skip-confirm]"
   end
 
-  execute "sensuctl handler delete #{new_resource.name} --skip-confirm" do
+  execute "sensuctl handler delete #{new_resource.name} --namespace #{new_resource.namespace} --skip-confirm" do
     action :nothing
   end
 end

resources/hook.rb

@@ -33,6 +33,7 @@
 property :timeout, Integer
 property :stdin, [true, false]
 property :namespace, String, default: 'default'
+property :hook_name, String
 
 action_class do
   include SensuCookbook::Helpers
@@ -57,10 +58,10 @@
 action :delete do
   file object_file do
     action :delete
-    notifies :run, "execute[sensu hook delete #{new_resource.name} --skip-confirm"
+    notifies :run, "execute[sensu hook delete #{new_resource.name} --namespace #{new_resource.namespace} --skip-confirm"
   end
 
-  execute "sensuctl hook delete #{new_resource.name} --skip-confirm" do
+  execute "sensuctl hook delete #{new_resource.name} --namespace #{new_resource.namespace} --skip-confirm" do
     action :nothing
   end
 end

resources/mutator.rb

@@ -35,6 +35,7 @@
 property :secrets, Array
 property :timeout, Integer
 property :namespace, String, default: 'default'
+property :mutator_name, String
 
 action_class do
   include SensuCookbook::Helpers

resources/role.rb

@@ -30,6 +30,7 @@
 provides :sensu_role
 
 property :namespace, String, default: 'default'
+property :role_name, String
 # rubocop:disable Style/TrailingCommaInHashLiteral
 property :rules, Array, required: true, callbacks: {
   'should be an array of hashes' => lambda do |arry|
@@ -63,10 +64,10 @@
 action :delete do
   file object_file do
     action :delete
-    notifies :run, "execute[sensu role delete #{new_resource.name} --skip-confirm"
+    notifies :run, "execute[sensu role delete #{new_resource.name} --namespace #{new_resource.namespace} --skip-confirm"
   end
 
-  execute "sensuctl role delete #{new_resource.name} --skip-confirm" do
+  execute "sensuctl role delete #{new_resource.name} --namespace #{new_resource.namespace} --skip-confirm" do
     action :nothing
   end
 end