20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
# File 'functions/db/connect.pp', line 20
function icinga2::db::connect(
Struct[{
type => Enum['pgsql','mysql','mariadb'],
host => Stdlib::Host,
port => Optional[Stdlib::Port],
database => String,
username => String,
password => Optional[Variant[String, Sensitive[String]]],
}] $db,
Hash[String, Any] $tls,
Optional[Boolean] $use_tls = undef,
Optional[Enum['verify-full', 'verify-ca']] $ssl_mode = undef,
) >> String {
if $use_tls {
case $db['type'] {
'pgsql': {
$real_ssl_mode = if $ssl_mode { $ssl_mode } else { 'verify-full' }
$tls_options = regsubst(join(any2array(delete_undef_values({
'sslmode=' => if $tls['noverify'] { 'require' } else { $real_ssl_mode },
'sslcert=' => $tls['cert_file'],
'sslkey=' => $tls['key_file'],
'sslrootcert=' => $tls['cacert_file'],
})), ' '), '= ', '=', 'G')
}
'mariadb': {
$tls_options = join(any2array(delete_undef_values({
'--ssl' => '',
'--ssl-ca' => if $tls['noverify'] { undef } else { $tls['cacert_file'] },
'--ssl-cert' => $tls['cert_file'],
'--ssl-key' => $tls['key_file'],
'--ssl-capath' => if $tls['noverify'] { undef } else { $tls['capath'] },
'--ssl-cipher' => $tls['cipher'],
})), ' ')
}
'mysql': {
$tls_options = join(any2array(delete_undef_values({
'--ssl-mode' => if $tls['noverify'] { 'REQUIRED' } else { 'VERIFY_CA' },
'--ssl-ca' => if $tls['noverify'] { undef } else { $tls['cacert_file'] },
'--ssl-cert' => $tls['cert_file'],
'--ssl-key' => $tls['key_file'],
'--ssl-capath' => if $tls['noverify'] { undef } else { $tls['capath'] },
'--ssl-cipher' => $tls['cipher'],
})), ' ')
}
default: {
fail('The database type you provided is not supported.')
}
}
} else {
$tls_options = ''
}
if $db['type'] == 'pgsql' {
$options = regsubst(join(any2array(delete_undef_values({
'host=' => $db['host'],
'user=' => $db['username'],
'port=' => $db['port'],
'dbname=' => $db['database'],
})), ' '), '= ', '=', 'G')
} else {
$_password = icinga2::unwrap($db['password'])
$options = join(any2array(delete_undef_values({
'-h' => $db['host'] ? {
/localhost/ => undef,
default => $db['host'],
},
'-P' => $db['port'],
'-u' => $db['username'],
"-p'${_password}'" => if $db['password'] { '' } else { undef },
'-D' => $db['database'],
})), ' ')
}
strip(regsubst("${options} ${tls_options}", '\s{2,}', ' '))
}
|