Skip to content

Commit

Permalink
Merge pull request #386 from alexjfisher/sensitive_password
Browse files Browse the repository at this point in the history
Accept `Sensitive` mysqld_exporter `cnf_password`
  • Loading branch information
bastelfreak authored Nov 15, 2019
2 parents 8a8579c + 4722dc0 commit 0fb4e51
Show file tree
Hide file tree
Showing 5 changed files with 74 additions and 44 deletions.
5 changes: 0 additions & 5 deletions data/defaults.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -176,11 +176,6 @@ prometheus::rabbitmq_exporter::rabbit_exporters:
- 'node'
- 'overview'
- 'queue'
prometheus::mysqld_exporter::cnf_config_path: '/etc/.my.cnf'
prometheus::mysqld_exporter::cnf_host: 'localhost'
prometheus::mysqld_exporter::cnf_password: 'password'
prometheus::mysqld_exporter::cnf_port: 3306
prometheus::mysqld_exporter::cnf_user: 'login'
prometheus::mysqld_exporter::download_extension: 'tar.gz'
prometheus::mysqld_exporter::download_url_base: 'https://github.com/prometheus/mysqld_exporter/releases'
prometheus::mysqld_exporter::extra_groups: []
Expand Down
68 changes: 38 additions & 30 deletions manifests/mysqld_exporter.pp
Original file line number Diff line number Diff line change
@@ -1,32 +1,27 @@
# Class: prometheus::mysqld_exporter
# @summary manages prometheus mysqld_exporter
#
# This module manages prometheus mysqld_exporter
# @see https://github.com/prometheus/mysqld_exporter
#
# Parameters:
# @param cnf_config_path
# The path to put the my.cnf file
# @param cnf_host
# The mysql host.
# @param cnf_password
# The mysql user password.
# @param cnf_port
# The port for which the mysql host is running.
# @param cnf_socket
# The socket which the mysql host is running. If defined, host and port are not used.
# @param cnf_user
# The mysql user to use when connecting.
#
# Other parameters: (TODO: Convert to puppet strings)
# [*arch*]
# Architecture (amd64 or i386)
#
# [*bin_dir*]
# Directory where binaries are located
#
# [*cnf_config_path*]
# The path to put the my.cnf file
#
# [*cnf_host*]
# The mysql host. Defaults to 'localhost'
#
# [*cnf_password*]
# The mysql user password. Defaults to 'password'
#
# [*cnf_port*]
# The port for which the mysql host is running. Defaults to 3306
#
# [*cnf_socket*]
# The socket which the mysql host is running. If defined, host and port are not used.
#
# [*cnf_user*]
# The mysql user to use when connecting. Defaults to 'login'
#
# [*config_mode*]
# The permissions of the configuration files
#
Expand Down Expand Up @@ -91,11 +86,6 @@
# The binary release version

class prometheus::mysqld_exporter (
Stdlib::Absolutepath $cnf_config_path,
String $cnf_host,
String $cnf_password,
Stdlib::Port $cnf_port,
String $cnf_user,
String $download_extension,
Prometheus::Uri $download_url_base,
Array $extra_groups,
Expand All @@ -104,6 +94,14 @@
String $package_name,
String $user,
String $version,

Stdlib::Absolutepath $cnf_config_path = '/etc/.my.cnf',
Stdlib::Host $cnf_host = localhost,
Stdlib::Port $cnf_port = 3306,
String[1] $cnf_user = login,
Variant[Sensitive[String],String] $cnf_password = 'password',
Optional[Stdlib::Absolutepath] $cnf_socket = undef,

Boolean $purge_config_dir = true,
Boolean $restart_on_change = true,
Boolean $service_enable = true,
Expand All @@ -117,7 +115,6 @@
String $extra_options = '',
Optional[Prometheus::Uri] $download_url = undef,
String $config_mode = $prometheus::config_mode,
Optional[Stdlib::Absolutepath] $cnf_socket = undef,
String $arch = $prometheus::real_arch,
Stdlib::Absolutepath $bin_dir = $prometheus::bin_dir,
Boolean $export_scrape_job = false,
Expand All @@ -126,18 +123,29 @@
) inherits prometheus {

#Please provide the download_url for versions < 0.9.0
$real_download_url = pick($download_url,"${download_url_base}/download/v${version}/${package_name}-${version}.${os}-${arch}.${download_extension}")
$real_download_url = pick($download_url,"${download_url_base}/download/v${version}/${package_name}-${version}.${os}-${arch}.${download_extension}")
$notify_service = $restart_on_change ? {
true => Service['mysqld_exporter'],
default => undef,
}

file { $cnf_config_path:
ensure => 'file',
ensure => file,
mode => $config_mode,
owner => $user,
group => $group,
content => template('prometheus/my.cnf.erb'),
content => Sensitive(
epp(
'prometheus/my.cnf.epp',
{
'cnf_user' => $cnf_user,
'cnf_password' => $cnf_password,
'cnf_port' => $cnf_port,
'cnf_host' => $cnf_host,
'cnf_socket' => $cnf_socket,
},
)
),
notify => $notify_service,
}

Expand Down
13 changes: 13 additions & 0 deletions spec/classes/mysqld_exporter_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,19 @@
it { is_expected.to contain_prometheus__daemon('mysqld_exporter').with('options' => '-config.my-cnf=/etc/.my.cnf ') }
end
end

context 'with Sensitive password' do
let(:params) do
{
cnf_password: RSpec::Puppet::RawString.new("Sensitive('secret')")
}
end

it do
content = catalogue.resource('file', '/etc/.my.cnf').send(:parameters)[:content]
expect(content).to include('secret')
end
end
end
end
end
23 changes: 23 additions & 0 deletions templates/my.cnf.epp
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
<%- |
String $cnf_user,
Variant[Sensitive[String],String] $cnf_password,
Stdlib::Port $cnf_port,
Stdlib::Host $cnf_host,
Optional[Stdlib::Absolutepath] $cnf_socket = undef,
| -%>
# THIS FILE IS MANAGED BY PUPPET
[client]
user = <%= $cnf_user %>
<%-
$_cnf_password = $cnf_password ? {
Sensitive => $cnf_password.unwrap,
default => $cnf_password,
}
-%>
password = <%= $_cnf_password %>
<% if $cnf_socket { -%>
socket = <%= $cnf_socket %>
<%- } else { -%>
host = <%= $cnf_host %>
port = <%= $cnf_port %>
<% } -%>
9 changes: 0 additions & 9 deletions templates/my.cnf.erb

This file was deleted.

0 comments on commit 0fb4e51

Please sign in to comment.