I have two entity definitions (that actually point to the same entity). One with redacted labels and one without. Against both entities, I’m running two almost identical checks that use the redacted labels in the command. For each almost identical check, I implemented two versions using the ‘index .labels “ldap.password”’ and in the other I use “labels.ldap.password”.
All the checks that run against the entity where the labels are not redacted succeed. All the checks that run against the entity where the labels are redacted fail. Is there an issue with using a redacted label in the command line? If not, can you help me figure out what I’m doing wrong?
I’m running Sensu Go 5.17.2 backend server and agent.
alex.yml
type: Entity
api_version: core/v2
sensu_agent_version: 1.0.0
metadata:
labels:
hardware: "synology"
ldap_server: "true"
ldap_password: "3vr52000"
ldap_port: "389"
ldap_user: "'uid=root,cn=users,dc=alexandria,dc=cyberbears,dc=net'"
ldap_base: "'dc=alexandria,dc=cyberbears,dc=net'"
snmp_password: "public"
name: alex.cyberbears.net
namespace: default
spec:
deregister: false
deregistration: {}
entity_class: proxy
last_seen: 0
redact:
system:
network:
interfaces: null
alexandria.yml
type: Entity
api_version: core/v2
sensu_agent_version: 1.0.0
metadata:
labels:
hardware: "synology"
ldap_server: "true"
ldap_password: "3vr52000"
ldap_port: "389"
ldap_user: "'uid=root,cn=users,dc=alexandria,dc=cyberbears,dc=net'"
ldap_base: "'dc=alexandria,dc=cyberbears,dc=net'"
snmp_password: "public"
name: alexandria.cyberbears.net
namespace: default
spec:
deregister: false
deregistration: {}
entity_class: proxy
last_seen: 0
redact:
- snmp_password
- ldap_password
system:
network:
interfaces: null
Entity Differences
diff alex.yml alexandria.yml
13c13
< name: alex.cyberbears.net
---
> name: alexandria.cyberbears.net
20a21,22
> - snmp_password
> - ldap_password
ldap_server1.yml
type: CheckConfig
api_version: core/v2
metadata:
name: ldap_server1
namespace: default
spec:
command: check_ldap -H {{ .name }} -b {{ index .labels "ldap_base" }} -D {{ index .labels "ldap_user" }} -3 -P {{ index .labels "ldap_password" }} -p {{ index .labels "ldap_port" | default 389 }}
interval: 10
proxy_requests:
entity_attributes:
- entity.entity_class == 'proxy'
- entity.labels.ldap_server == 'true'
publish: true
subscriptions:
- sensu-proxy
runtime_assets:
- base_nagios_plugins
ldap_server2.yml
type: CheckConfig
api_version: core/v2
metadata:
name: ldap_server2
namespace: default
spec:
command: check_ldap -H {{ .name }} -b {{ index .labels "ldap_base" }} -D {{ index .labels "ldap_user" }} -3 -P {{ .labels.ldap_password }} -p {{ index .labels "ldap_port" | default 389 }}
interval: 10
proxy_requests:
entity_attributes:
- entity.entity_class == 'proxy'
- entity.labels.ldap_server == 'true'
publish: true
subscriptions:
- sensu-proxy
runtime_assets:
- base_nagios_plugins
synology_status1.yml
type: CheckConfig
api_version: core/v2
metadata:
name: synology_status1
namespace: default
spec:
command: check_snmp_synology -2 {{ .labels.snmp_password }} -h {{ .name }} -v
interval: 10
proxy_requests:
entity_attributes:
- entity.entity_class == 'proxy'
- entity.labels.hardware == 'synology'
publish: true
subscriptions:
- sensu-proxy
runtime_assets:
- synology_plugins
synology_status2.yml
type: CheckConfig
api_version: core/v2
metadata:
name: synology_status2
namespace: default
spec:
command: check_snmp_synology -2 {{ index .labels "snmp_password" }} -h {{ .name }} -v
interval: 10
proxy_requests:
entity_attributes:
- entity.entity_class == 'proxy'
- entity.labels.hardware == 'synology'
publish: true
subscriptions:
- sensu-proxy
runtime_assets:
- synology_plugins