diff --git a/README.md b/README.md index 5a2fdf37..aadcf070 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ Once the `datadog_agent` module is installed on your `puppetserver`/`puppetmaste ```conf class { 'datadog_agent': - api_key => "", + api_key => Sensitive(""), } ``` @@ -54,7 +54,7 @@ Once the `datadog_agent` module is installed on your `puppetserver`/`puppetmaste ```conf class { 'datadog_agent': - api_key => "", + api_key => Sensitive(""), datadog_site => "datadoghq.eu", } ``` @@ -63,7 +63,7 @@ Once the `datadog_agent` module is installed on your `puppetserver`/`puppetmaste ```conf class { 'datadog_agent': - api_key => "", + api_key => Sensitive(""), service_provider => 'upstart' } ``` @@ -84,7 +84,7 @@ Once the `datadog_agent` module is installed on your `puppetserver`/`puppetmaste ```conf class { 'datadog_agent': - api_key => "", + api_key => Sensitive(""), integrations => { "ntp" => { init_config => {}, @@ -128,7 +128,7 @@ To enable reporting of Puppet runs to your Datadog timeline, enable the report p ```ruby class { 'datadog-agent': - api_key => '', + api_key => Sensitive(''), puppet_run_reports => true # ... } @@ -265,7 +265,7 @@ If you don't see any reports coming in, check your Puppet server logs. 2. Add this to each node's `site.pp` file: ```conf class { "datadog_agent": - api_key => "", + api_key => Sensitive(""), puppet_run_reports => true } ``` @@ -288,7 +288,7 @@ To generate tags from custom facts classify your nodes with Puppet facts as an a ```conf class { "datadog_agent": - api_key => "", + api_key => Sensitive(""), facts_to_tags => ["os.family","networking.domain","my_custom_fact"], } ``` diff --git a/environments/etc/installer-manifests/site.pp b/environments/etc/installer-manifests/site.pp index 392773d6..06d8ccac 100644 --- a/environments/etc/installer-manifests/site.pp +++ b/environments/etc/installer-manifests/site.pp @@ -1,6 +1,6 @@ node default { class { 'datadog_agent': - api_key => 'somenonnullapikeythats32charlong', + api_key => Sensitive('somenonnullapikeythats32charlong'), manage_install => false, datadog_installer_enabled => true, apm_instrumentation_enabled => 'host', diff --git a/environments/etc/manifests/site.pp b/environments/etc/manifests/site.pp index dc594938..dd00433a 100644 --- a/environments/etc/manifests/site.pp +++ b/environments/etc/manifests/site.pp @@ -1,6 +1,6 @@ node default { class { 'datadog_agent': - api_key => 'somenonnullapikeythats32charlong', + api_key => Sensitive('somenonnullapikeythats32charlong'), agent_extra_options => { use_http => true, }, diff --git a/manifests/init.pp b/manifests/init.pp index f4fdf417..f8fa0b3b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -250,7 +250,7 @@ # OR # # class { 'datadog_agent': -# api_key => 'your key', +# api_key => Sensitive('your key'), # tags => ['env:production', 'linux'], # puppet_run_reports => false, # puppetmaster_user => puppet, @@ -261,7 +261,7 @@ String $dd_url = '', String $datadog_site = $datadog_agent::params::datadog_site, String $host = '', - String $api_key = 'your_API_key', + Sensitive[String] $api_key = Sensitive('your_API_key'), Enum['datadog-agent', 'Datadog Agent', 'datadog-iot-agent'] $agent_flavor = $datadog_agent::params::package_name, Boolean $collect_ec2_tags = false, Boolean $collect_gce_tags = false, @@ -762,7 +762,7 @@ $_trusted_facts_tags = datadog_agent::tag6($trusted_facts_to_tags, true, $trusted) $_agent_config = { - 'api_key' => $api_key, + 'api_key' => $api_key.unwrap, 'dd_url' => $dd_url, 'site' => $datadog_site, 'cmd_port' => $cmd_port, diff --git a/manifests/installer_telemetry.pp b/manifests/installer_telemetry.pp index 3a1850b1..0d6a4ffd 100644 --- a/manifests/installer_telemetry.pp +++ b/manifests/installer_telemetry.pp @@ -1,11 +1,11 @@ # This class handles the installation telemetry for the Datadog installer. # -# @param api_key String:Your DataDog API Key. +# @param api_key Sensitive[String]:Your DataDog API Key. # @param datadog_site String: The site of the Datadog intake to send Agent data to. Defaults to 'datadoghq.com'. # @param packages_to_install String: The packages to be installed by the Datadog installer. # class datadog_agent::installer_telemetry ( - String $api_key = 'your_API_key', + Sensitive[String] $api_key = Sensitive('your_API_key'), String $datadog_site = 'datadoghq.com', String $packages_to_install = 'datadog-agent', ) { diff --git a/manifests/redhat_installer.pp b/manifests/redhat_installer.pp index bc8e6b99..cffc1912 100644 --- a/manifests/redhat_installer.pp +++ b/manifests/redhat_installer.pp @@ -1,7 +1,7 @@ # Class: datadog_agent::redhat_installer # This class installs and configures the Datadog agent on RedHat-based systems. # -# @param api_key String:Your DataDog API Key. +# @param api_key Sensitive[String]:Your DataDog API Key. # @param datadog_site String: The site of the Datadog intake to send Agent data to. Defaults to 'datadoghq.com'. # @param agent_major_version Integer: The major version of the Datadog agent to install. Defaults to 7. # @param agent_minor_version Optional[String]: The minor version of the Datadog agent to install. @@ -13,7 +13,7 @@ # @param remote_policies Boolean: Whether to enable Agent remote policies. Default: false. # class datadog_agent::redhat_installer ( - String $api_key = 'your_API_key', + Sensitive[String] $api_key = Sensitive('your_API_key'), String $datadog_site = $datadog_agent::params::datadog_site, Integer $agent_major_version = $datadog_agent::params::default_agent_major_version, Optional[String] $agent_minor_version = undef, diff --git a/manifests/reports.pp b/manifests/reports.pp index 53dba54e..0a9df036 100644 --- a/manifests/reports.pp +++ b/manifests/reports.pp @@ -4,8 +4,7 @@ # the datadog service. # # Parameters: -# $api_key: -# Your DataDog API Key. Please replace with your key value +# @param api_key Sensitive[String]:Your DataDog API Key. # $datadog_site: # URL to use to talk to the Datadog API # @@ -16,7 +15,7 @@ # Sample Usage: # class datadog_agent::reports ( - String $api_key, + Sensitive[String] $api_key, String $puppetmaster_user, String $dogapi_version, Boolean $manage_dogapi_gem = true, diff --git a/manifests/suse_installer.pp b/manifests/suse_installer.pp index 2773d8ed..08eda015 100644 --- a/manifests/suse_installer.pp +++ b/manifests/suse_installer.pp @@ -1,7 +1,7 @@ # Class: datadog_agent::suse_installer # This class installs and configures the Datadog agent on RedHat-based systems. # -# @param api_key String:Your DataDog API Key. +# @param api_key Sensitive[String]:Your DataDog API Key. # @param datadog_site String: The site of the Datadog intake to send Agent data to. Defaults to 'datadoghq.com'. # @param agent_major_version Integer: The major version of the Datadog agent to install. Defaults to 7. # @param agent_minor_version Optional[String]: The minor version of the Datadog agent to install. @@ -13,7 +13,7 @@ # @param remote_policies Boolean: Whether to enable Agent remote policies. Default: false. # class datadog_agent::suse_installer ( - String $api_key = 'your_API_key', + Sensitive[String] $api_key = Sensitive('your_API_key'), String $datadog_site = $datadog_agent::params::datadog_site, Integer $agent_major_version = $datadog_agent::params::default_agent_major_version, Optional[String] $agent_minor_version = undef, diff --git a/manifests/ubuntu_installer.pp b/manifests/ubuntu_installer.pp index 6f22c797..953343f9 100644 --- a/manifests/ubuntu_installer.pp +++ b/manifests/ubuntu_installer.pp @@ -1,7 +1,7 @@ # Class: datadog_agent::ubuntu_installer # This class installs and configures the Datadog agent on Debian distributions. # -# @param api_key String:Your DataDog API Key. +# @param api_key Sensitive[String]:Your DataDog API Key. # @param datadog_site String: The site of the Datadog intake to send Agent data to. Defaults to 'datadoghq.com'. # @param agent_major_version Integer: The major version of the Datadog agent to install. Defaults to 7. # @param agent_minor_version Optional[String]: The minor version of the Datadog agent to install. @@ -18,7 +18,7 @@ # @param remote_policies Boolean: Whether to enable Agent remote policies. Default: false. # class datadog_agent::ubuntu_installer ( - String $api_key = 'your_API_key', + Sensitive[String] $api_key = Sensitive('your_API_key'), String $datadog_site = $datadog_agent::params::datadog_site, Integer $agent_major_version = $datadog_agent::params::default_agent_major_version, Optional[String] $agent_minor_version = undef, diff --git a/manifests/windows.pp b/manifests/windows.pp index f899099a..98bbfd87 100644 --- a/manifests/windows.pp +++ b/manifests/windows.pp @@ -7,7 +7,7 @@ String $agent_version = $datadog_agent::params::agent_version, Optional[String] $agent_repo_uri = undef, String $msi_location = 'C:/Windows/temp', - String $api_key = $datadog_agent::api_key, + Sensitive[String] $api_key = $datadog_agent::api_key, String $hostname = $datadog_agent::host, Array $tags = $datadog_agent::tags, String $tags_join = join($tags,','), diff --git a/spec/classes/datadog_agent_reports_spec.rb b/spec/classes/datadog_agent_reports_spec.rb index 1ef0ec64..295b3722 100644 --- a/spec/classes/datadog_agent_reports_spec.rb +++ b/spec/classes/datadog_agent_reports_spec.rb @@ -8,7 +8,7 @@ context 'all supported operating systems' do let(:params) do { - api_key: 'notanapikey', + api_key: Sensitive('notanapikey'), puppetmaster_user: 'puppet', dogapi_version: 'installed', } @@ -79,7 +79,7 @@ context 'specific dogapi version' do let(:params) do { - api_key: 'notanapikey', + api_key: Sensitive('notanapikey'), puppetmaster_user: 'puppet', dogapi_version: '1.2.2', } @@ -131,7 +131,7 @@ context 'specific gem provider' do let(:params) do { - api_key: 'notanapikey', + api_key: Sensitive('notanapikey'), puppetmaster_user: 'puppet', dogapi_version: '1.2.2', puppet_gem_provider: 'gem', @@ -177,7 +177,7 @@ context 'EU site in report' do let(:params) do { - api_key: 'notanapikey', + api_key: Sensitive('notanapikey'), puppetmaster_user: 'puppet', dogapi_version: 'installed', datadog_site: 'https://api.datadoghq.eu', @@ -226,7 +226,7 @@ context 'disabled ruby-manage' do let(:params) do { - api_key: 'notanapikey', + api_key: Sensitive('notanapikey'), hostname_extraction_regex: nil, dogapi_version: 'installed', puppetmaster_user: 'puppet', diff --git a/spec/classes/datadog_agent_spec.rb b/spec/classes/datadog_agent_spec.rb index a874bfb5..10af5ec5 100644 --- a/spec/classes/datadog_agent_spec.rb +++ b/spec/classes/datadog_agent_spec.rb @@ -287,7 +287,7 @@ { agent_major_version: 7, windows_npm_install: true, - api_key: 'notakey', + api_key: Sensitive('notakey'), host: 'notahost', } end @@ -295,7 +295,7 @@ it do is_expected.to contain_package('Datadog Agent').with( ensure: 'installed', - install_options: ['/norestart', { 'APIKEY' => 'notakey', 'HOSTNAME' => 'notahost', 'TAGS' => '""', 'ADDLOCAL' => 'MainApplication,NPM' }], + install_options: ['/norestart', { 'APIKEY' => Sensitive('notakey'), 'HOSTNAME' => 'notahost', 'TAGS' => '""', 'ADDLOCAL' => 'MainApplication,NPM' }], ) end end @@ -304,7 +304,7 @@ let(:params) do { agent_major_version: 7, - api_key: 'notakey', + api_key: Sensitive('notakey'), host: 'notahost', } end @@ -312,7 +312,7 @@ it do is_expected.to contain_package('Datadog Agent').with( ensure: 'installed', - install_options: ['/norestart', { 'APIKEY' => 'notakey', 'HOSTNAME' => 'notahost', 'TAGS' => '""' }], + install_options: ['/norestart', { 'APIKEY' => Sensitive('notakey'), 'HOSTNAME' => 'notahost', 'TAGS' => '""' }], ) end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 10336330..b815e663 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -168,4 +168,9 @@ def ensure_module_defined(module_name) end end +# Ensures that Puppet Sensitive is defined +def Sensitive(value) + Puppet::Pops::Types::PSensitiveType::Sensitive.new(value) +end + # 'spec_overrides' from sync.yml will appear below this line diff --git a/templates/datadog-reports.yaml.erb b/templates/datadog-reports.yaml.erb index fec20759..c29dc6cd 100644 --- a/templates/datadog-reports.yaml.erb +++ b/templates/datadog-reports.yaml.erb @@ -1,7 +1,7 @@ ### MANAGED BY PUPPET --- -:datadog_api_key: '<%= @api_key %>' +:datadog_api_key: '<%= @api_key.unwrap %>' :api_url: <%= @datadog_site %> <% if @hostname_extraction_regex -%> :hostname_extraction_regex: '<%= @hostname_extraction_regex %>' diff --git a/templates/datadog_header.conf.erb b/templates/datadog_header.conf.erb index 75fbaf08..a25452b6 100644 --- a/templates/datadog_header.conf.erb +++ b/templates/datadog_header.conf.erb @@ -37,7 +37,7 @@ skip_ssl_validation: <%= @skip_ssl_validation %> # The Datadog api key to associate your Agent's data with your organization. # Can be found here: # https://app.datadoghq.com/account/settings -api_key: <%= @api_key %> +api_key: <%= @api_key.unwrap %> # Force the hostname to whatever you want. <% if @host.empty? -%> diff --git a/templates/installer/telemetry/send_telemetry.sh.epp b/templates/installer/telemetry/send_telemetry.sh.epp index d628670e..187c5476 100644 --- a/templates/installer/telemetry/send_telemetry.sh.epp +++ b/templates/installer/telemetry/send_telemetry.sh.epp @@ -36,7 +36,7 @@ send_payload() { local file=$1 curl -f -sSL --retry 5 -o /dev/null -X POST \ -H 'Content-Type: application/json' \ - -H 'DD-API-KEY: <%= $api_key %>' \ + -H 'DD-API-KEY: <%= $api_key.unwrap %>' \ -d "@$file" \ "$TELEMETRY_URL" }