One should be able to configure /etc/sudoers so that some of the checks can be run with elevated privileges, like so:
sudo check-systemd-unit -u ssh.service
It's currently hard to configure sudoers, because of the necessity to change the secure_path variable in config management system every time the asset is updated. (The path contains the checksum of the asset)
Replacing checksum in the directory name with the asset name
I didn鈥檛 think this would work at first, and it wouldn鈥檛 have with our previous asset implementation, but now it will because changes to the asset cache are serialized and checks will block waiting for asset installation. We just need to make sure we include also the namespace of the asset in the directory structure. &
$cacheDir/assets/namespace/name should work.
Having a named asset dir would also help with using env_vars like PYTHONPATH in a check, where an asset has modules that need importing.
This issue has been mentioned on Sensu Community. There might be relevant details there:
https://discourse.sensu.io/t/sensu-go-plugin-distribution-model/1724/4
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Most helpful comment
I didn鈥檛 think this would work at first, and it wouldn鈥檛 have with our previous asset implementation, but now it will because changes to the asset cache are serialized and checks will block waiting for asset installation. We just need to make sure we include also the namespace of the asset in the directory structure. &
$cacheDir/assets/namespace/name should work.