voxpupuli · bastelfreak · Dec 30, 2024 · Dec 30, 2024
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -6950,6 +6950,9 @@ The following parameters are available in the `prometheus::mysqld_exporter` clas
 * [`proxy_type`](#-prometheus--mysqld_exporter--proxy_type)
 * [`web_config_file`](#-prometheus--mysqld_exporter--web_config_file)
 * [`web_config_content`](#-prometheus--mysqld_exporter--web_config_content)
+* [`cnf_ssl_ca`](#-prometheus--mysqld_exporter--cnf_ssl_ca)
+* [`cnf_ssl_cert`](#-prometheus--mysqld_exporter--cnf_ssl_cert)
+* [`cnf_ssl_key`](#-prometheus--mysqld_exporter--cnf_ssl_key)
 * [`export_scrape_job`](#-prometheus--mysqld_exporter--export_scrape_job)
 * [`scrape_host`](#-prometheus--mysqld_exporter--scrape_host)
 * [`scrape_port`](#-prometheus--mysqld_exporter--scrape_port)
@@ -7096,7 +7099,7 @@ Default value: `true`
 
 Data type: `Boolean`
 
-Should puppet manage the service? (default true)
+Should puppet manage the service?
 
 Default value: `true`
 
@@ -7140,31 +7143,33 @@ Default value: `true`
 
 Data type: `Boolean`
 
-Should puppet restart the service on configuration change? (default true)
+Should puppet restart the service on configuration change?
 
 Default value: `true`
 
 ##### <a name="-prometheus--mysqld_exporter--service_enable"></a>`service_enable`
 
 Data type: `Boolean`
 
-Whether to enable the service from puppet (default true)
+Whether to enable the service from puppet
 
 Default value: `true`
 
 ##### <a name="-prometheus--mysqld_exporter--service_ensure"></a>`service_ensure`
 
 Data type: `Stdlib::Ensure::Service`
 
-State ensured for the service (default 'running')
+State ensured for the service
 
 Default value: `'running'`
 
 ##### <a name="-prometheus--mysqld_exporter--service_name"></a>`service_name`
 
 Data type: `String[1]`
 
-Name of the mysqld exporter service (default 'mysqld_exporter')
+Name of the mysqld exporter service
+
+Default value: `'mysqld_exporter'`
 
 ##### <a name="-prometheus--mysqld_exporter--user"></a>`user`
 
@@ -7184,15 +7189,15 @@ Default value: `'0.15.1'`
 
 Data type: `Optional[String[1]]`
 
-Optional proxy server, with port number if needed. ie: https://example.com:8080
+proxy server, with port number if needed. ie: https://example.com:8080
 
 Default value: `undef`
 
 ##### <a name="-prometheus--mysqld_exporter--proxy_type"></a>`proxy_type`
 
 Data type: `Optional[Enum['none', 'http', 'https', 'ftp']]`
 
-Optional proxy server type (none|http|https|ftp)
+proxy server type
 
 Default value: `undef`
 
@@ -7212,6 +7217,30 @@ Unless empty the content of the web-config yaml which will handed over as option
 
 Default value: `{}`
 
+##### <a name="-prometheus--mysqld_exporter--cnf_ssl_ca"></a>`cnf_ssl_ca`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+The path name of the Certificate Authority (CA) certificate file in PEM format.
+
+Default value: `undef`
+
+##### <a name="-prometheus--mysqld_exporter--cnf_ssl_cert"></a>`cnf_ssl_cert`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+The path name of the client SSL public key certificate file in PEM format.
+
+Default value: `undef`
+
+##### <a name="-prometheus--mysqld_exporter--cnf_ssl_key"></a>`cnf_ssl_key`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+The path name of the client SSL private key file in PEM format.
+
+Default value: `undef`
+
 ##### <a name="-prometheus--mysqld_exporter--export_scrape_job"></a>`export_scrape_job`
 
 Data type: `Boolean`

diff --git a/data/defaults.yaml b/data/defaults.yaml
@@ -148,7 +148,6 @@ prometheus::mysqld_exporter::extra_groups: []
 prometheus::mysqld_exporter::group: 'mysqld-exporter'
 prometheus::mysqld_exporter::package_ensure: 'latest'
 prometheus::mysqld_exporter::package_name: 'mysqld_exporter'
-prometheus::mysqld_exporter::service_name: 'mysqld_exporter'
 prometheus::mysqld_exporter::user: 'mysqld-exporter'
 prometheus::node_exporter::download_extension: 'tar.gz'
 prometheus::node_exporter::download_url_base: 'https://github.com/prometheus/node_exporter/releases'

diff --git a/manifests/mysqld_exporter.pp b/manifests/mysqld_exporter.pp
@@ -37,7 +37,7 @@
 # @param manage_group
 #  Whether to create a group for or rely on external code for that
 # @param manage_service
-#  Should puppet manage the service? (default true)
+#  Should puppet manage the service?
 # @param manage_user
 #  Whether to create user or rely on external code for that
 # @param os
@@ -49,36 +49,42 @@
 # @param purge_config_dir
 #  Purge config files no longer generated by Puppet
 # @param restart_on_change
-#  Should puppet restart the service on configuration change? (default true)
+#  Should puppet restart the service on configuration change?
 # @param service_enable
-#  Whether to enable the service from puppet (default true)
+#  Whether to enable the service from puppet
 # @param service_ensure
-#  State ensured for the service (default 'running')
+#  State ensured for the service
 # @param service_name
-#  Name of the mysqld exporter service (default 'mysqld_exporter')
+#  Name of the mysqld exporter service
 # @param user
 #  User which runs the service
 # @param version
 #  The binary release version
 # @param proxy_server
-#  Optional proxy server, with port number if needed. ie: https://example.com:8080
+#  proxy server, with port number if needed. ie: https://example.com:8080
 # @param proxy_type
-#  Optional proxy server type (none|http|https|ftp)
+#  proxy server type
 # @param web_config_file
 #  Path of file where the web-config will be saved to
 # @param web_config_content
 #  Unless empty the content of the web-config yaml which will handed over as option to the exporter
+# @param cnf_ssl_ca
+#  The path name of the Certificate Authority (CA) certificate file in PEM format.
+# @param cnf_ssl_cert
+#  The path name of the client SSL public key certificate file in PEM format.
+# @param cnf_ssl_key
+#  The path name of the client SSL private key file in PEM format.
 class prometheus::mysqld_exporter (
   String $download_extension,
   Prometheus::Uri $download_url_base,
   Array $extra_groups,
   String[1] $group,
   String[1] $package_ensure,
   String[1] $package_name,
-  String[1] $service_name,
   String[1] $user,
   # renovate: depName=prometheus/mysqld_exporter
   String[1] $version                                         = '0.15.1',
+  String[1] $service_name = 'mysqld_exporter',
   Stdlib::Absolutepath $cnf_config_path                      = '/etc/mysqld_exporter-my.cnf',
   Stdlib::Host $cnf_host                                     = localhost,
   Stdlib::Port $cnf_port                                     = 3306,
@@ -109,6 +115,9 @@
   Optional[Enum['none', 'http', 'https', 'ftp']] $proxy_type = undef,
   Stdlib::Absolutepath $web_config_file                      = '/etc/mysqld_exporter_web-config.yml',
   Prometheus::Web_config $web_config_content                 = {},
+  Optional[Stdlib::Absolutepath] $cnf_ssl_ca                 = undef,
+  Optional[Stdlib::Absolutepath] $cnf_ssl_cert               = undef,
+  Optional[Stdlib::Absolutepath] $cnf_ssl_key                = undef,
 ) inherits prometheus {
   #Please provide the download_url for versions < 0.9.0
   $real_download_url = pick($download_url,"${download_url_base}/download/v${version}/${package_name}-${version}.${os}-${arch}.${download_extension}")
@@ -117,6 +126,17 @@
     default => undef,
   }
 
+  $_cnf_settings = {
+    'user'     => $cnf_user,
+    'password' => $cnf_password,
+    'port'     => $cnf_port,
+    'host'     => $cnf_host,
+    'socket'   => $cnf_socket,
+    'ssl-ca'   => $cnf_ssl_ca,
+    'ssl-cert' => $cnf_ssl_cert,
+    'ssl-key'  => $cnf_ssl_key,
+  }.filter |$k, $v| { $v != undef }
+
   file { $cnf_config_path:
     ensure  => file,
     mode    => $config_mode,
@@ -125,13 +145,7 @@
     content => Sensitive(
       epp(
         'prometheus/my.cnf.epp',
-        {
-          'cnf_user'     => $cnf_user,
-          'cnf_password' => $cnf_password,
-          'cnf_port'     => $cnf_port,
-          'cnf_host'     => $cnf_host,
-          'cnf_socket'   => $cnf_socket,
-        },
+        { 'settings' => $_cnf_settings }
       )
     ),
     notify  => $notify_service,

diff --git a/spec/classes/mysqld_exporter_spec.rb b/spec/classes/mysqld_exporter_spec.rb
@@ -37,6 +37,24 @@
         it do
           content = catalogue.resource('file', '/etc/mysqld_exporter-my.cnf').send(:parameters)[:content]
           expect(content).to include('secret')
+          expect(content).not_to include('ssl-ca')
+        end
+      end
+
+      context 'with tls parameters for exporter' do
+        let(:params) do
+          {
+            cnf_ssl_ca: '/foo/bar/ca.pem',
+            cnf_ssl_cert: '/foo/bar/cert.pem',
+            cnf_ssl_key: '/foo/bar/key.pem'
+          }
+        end
+
+        it do
+          content = catalogue.resource('file', '/etc/mysqld_exporter-my.cnf').send(:parameters)[:content]
+          expect(content).to include('ssl-ca = "/foo/bar/ca.pem"')
+          expect(content).to include('ssl-cert = "/foo/bar/cert.pem"')
+          expect(content).to include('ssl-key = "/foo/bar/key.pem"')
         end
       end
 

diff --git a/templates/my.cnf.epp b/templates/my.cnf.epp
@@ -1,23 +1,10 @@
 <%- |
-  String $cnf_user,
-  Variant[Sensitive[String],String] $cnf_password,
-  Stdlib::Port $cnf_port,
-  Stdlib::Host $cnf_host,
-  Optional[Stdlib::Absolutepath] $cnf_socket = undef,
+  Hash[String[1],Variant[Sensitive[String],String,Integer]] $settings,
 | -%>
+
 # THIS FILE IS MANAGED BY PUPPET
 [client]
-user = <%= $cnf_user %>
-<%-
-  $_cnf_password = $cnf_password ? {
-    Sensitive => $cnf_password.unwrap,
-    default   => $cnf_password,
-  }
--%>
-password = <%= $_cnf_password %>
-<% if $cnf_socket { -%>
-socket = <%= $cnf_socket %>
-<%- } else { -%>
-host = <%= $cnf_host %>
-port = <%= $cnf_port %>
+
+<% $settings.each |$key, $value| { -%>
+<%= $key %> = "<%= $value %>"
 <% } -%>