From c76218cdec8f7573c22c278ca39fdf4a3c1c552c Mon Sep 17 00:00:00 2001 From: Lennart Betz Date: Fri, 20 Sep 2024 05:30:15 +0200 Subject: [PATCH] Replace config template by conversion to yaml --- manifests/config.pp | 47 ++++----------- manifests/globals.pp | 1 + manifests/init.pp | 49 ++++++++++++++++ spec/classes/icingadb_spec.rb | 9 ++- templates/config.yml.epp | 106 +--------------------------------- 5 files changed, 68 insertions(+), 144 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index 41ed9a9..6673e7f 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -6,11 +6,17 @@ class icingadb::config { assert_private() + $stdlib_version = $icingadb::globals::stdlib_version $conf_dir = $icingadb::globals::conf_dir $user = $icingadb::globals::user $group = $icingadb::globals::group $redis_tls_files = $icingadb::redis_tls_files $db_tls_files = $icingadb::db_tls_files + $config_file = if versioncmp($stdlib_version, '9.0.0') < 0 { + to_yaml($icingadb::config) + } else { + stdlib::to_yaml($icingadb::config) + } icinga::cert { 'icingadb tls files for the database client connect': owner => $user, @@ -25,41 +31,12 @@ } file { "${conf_dir}/config.yml": - ensure => file, - owner => $user, - group => $group, - mode => '0640', - content => epp( - 'icingadb/config.yml.epp', { - redis_host => $icingadb::redis_host, - redis_port => $icingadb::redis_port, - redis_password => $icingadb::redis_password, - db_type => $icingadb::db_type, - db_host => $icingadb::db_host, - db_port => $icingadb::db_port, - db_name => $icingadb::db_name, - db_username => $icingadb::db_username, - db_password => $icingadb::db_password, - db_tls => $icingadb::db_use_tls, - db_tls_cert => $db_tls_files['cert_file'], - db_tls_key => $db_tls_files['key_file'], - db_tls_cacert => $db_tls_files['cacert_file'], - db_tls_insecure => $icingadb::db_tls_insecure, - db_options => $icingadb::db_options, - redis_tls => $icingadb::redis_use_tls, - redis_tls_cert => $redis_tls_files['cert_file'], - redis_tls_key => $redis_tls_files['key_file'], - redis_tls_cacert => $redis_tls_files['cacert_file'], - redis_tls_insecure => $icingadb::redis_tls_insecure, - logging_level => $icingadb::logging_level, - logging_output => $icingadb::logging_output, - logging_interval => $icingadb::logging_interval, - logging_options => $icingadb::logging_options, - retention_history_data => $icingadb::retention_history_data, - retention_sla_data => $icingadb::retention_sla_data, - retention_options => $icingadb::retention_options, - } - ), + ensure => file, + show_diff => false, + owner => $user, + group => $group, + mode => '0640', + content => $config_file, } -> File <| ensure != 'directory' and tag == 'icingadb::config::file' |> diff --git a/manifests/globals.pp b/manifests/globals.pp index d5b745e..32ae60e 100644 --- a/manifests/globals.pp +++ b/manifests/globals.pp @@ -24,4 +24,5 @@ Stdlib::Absolutepath $mysql_db_schema, Stdlib::Absolutepath $pgsql_db_schema, ) { + $stdlib_version = load_module_metadata('stdlib')['version'] } diff --git a/manifests/init.pp b/manifests/init.pp index 9752057..22116bf 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -211,6 +211,55 @@ $redis_tls_cacert, ) + # + # config file content + # + $retention = delete_undef_values({ + history-days => $icingadb::retention_history_data, + sla-days => $icingadb::retention_sla_data, + options => if $icingadb::retention_options.empty { undef } else { $icingadb::retention_options }, + }) + + $config = { + database => delete_undef_values({ + type => $db_type, + host => $db_host, + port => $db_port, + database => $db_name, + user => $db_username, + password => unwrap($db_password), + tls => $db_use_tls, + cert => $db_tls_files['cert_file'], + key => $db_tls_files['key_file'], + ca => $db_tls_files['cacert_file'], + insecure => $db_tls_insecure, + options => if $db_options.empty { undef } else { $db_options }, + }), + redis => delete_undef_values({ + host => $redis_host, + port => $redis_port, + password => unwrap($redis_password), + tls => $redis_use_tls, + cert => $redis_tls_files['cert_file'], + key => $redis_tls_files['key_file'], + ca => $redis_tls_files['cacert_file'], + insecure => $redis_tls_insecure, + }), + logging => delete_undef_values({ + level => $logging_level, + output => $logging_output, + interval => $logging_interval, + options => if $logging_options.empty { undef } else { $logging_options }, + }), + } + unless $retention.empty { + { retention => $retention } + } else { + {} + } + + # + # declarations + # class { 'icingadb::install': } -> class { 'icingadb::config': notify => Class['icingadb::service'], diff --git a/spec/classes/icingadb_spec.rb b/spec/classes/icingadb_spec.rb index fa05431..9468e20 100644 --- a/spec/classes/icingadb_spec.rb +++ b/spec/classes/icingadb_spec.rb @@ -20,9 +20,10 @@ 'group' => 'icingadb', 'mode' => '0640' }, - ).with_content(%r{database:\n type: mysql\n host: localhost\n database: icingadb\n user: icingadb\n password: supersecret\n\nredis:\n host: localhost\n port: 6380\n\n}) + ).with_content(%r{database:\n type: mysql\n host: localhost\n database: icingadb\n user: icingadb\n password: supersecret\nredis:\n host: localhost\n port: 6380\n}) } + it { is_expected.not_to contain_file('/etc/icingadb/config.yml').with_content(%r{^retention:}) } it { is_expected.not_to contain_exec('icingadb-mysql-import-schema') } it { is_expected.to contain_service('icingadb').with('ensure' => 'running', 'enable' => true) } end @@ -79,10 +80,9 @@ end it { is_expected.not_to contain_exec('icingadb-mysql-import-schema') } - it { is_expected.not_to contain_file('/etc/icingadb/config.yml').with_content(%r{tls}) } it { is_expected.to contain_file('/etc/icingadb/config.yml') - .with_content(%r{database:\n type: mysql\n host: db.example.org\n port: 4711\n database: foo\n user: bar\n password: supersecret\n\n}) + .with_content(%r{database:\n type: mysql\n host: db.example.org\n port: 4711\n database: foo\n user: bar\n password: supersecret\n tls: false\n}) } end @@ -135,10 +135,9 @@ end it { is_expected.not_to contain_exec('icingadb-pgsql-import-schema') } - it { is_expected.not_to contain_file('/etc/icingadb/config.yml').with_content(%r{tls}) } it { is_expected.to contain_file('/etc/icingadb/config.yml') - .with_content(%r{database:\n type: pgsql\n host: db.example.org\n port: 4711\n database: foo\n user: bar\n password: supersecret\n\n}) + .with_content(%r{database:\n type: pgsql\n host: db.example.org\n port: 4711\n database: foo\n user: bar\n password: supersecret\n tls: false\n}) } end diff --git a/templates/config.yml.epp b/templates/config.yml.epp index b679bc6..9162b0d 100644 --- a/templates/config.yml.epp +++ b/templates/config.yml.epp @@ -1,107 +1,5 @@ -<%- | Enum['mysql', 'pgsql'] $db_type, - Stdlib::Host $db_host, - Optional[Stdlib::Port] $db_port = undef, - String $db_name, - String $db_username, - Variant[String, Sensitive[String]] $db_password, - Optional[Boolean] $db_tls = undef, - Optional[String] $db_tls_cert = undef, - Optional[String] $db_tls_key = undef, - Optional[String] $db_tls_cacert = undef, - Optional[Boolean] $db_tls_insecure = undef, - Hash[String[1], Integer[1]] $db_options = {}, - Stdlib::Host $redis_host, - Optional[Stdlib::Port] $redis_port = undef, - Optional[Variant[String, Sensitive[String]]] $redis_password = undef, - Optional[Boolean] $redis_tls = undef, - Optional[String] $redis_tls_cert = undef, - Optional[String] $redis_tls_key = undef, - Optional[String] $redis_tls_cacert = undef, - Optional[Boolean] $redis_tls_insecure = undef, - String $logging_level, - Optional[String] $logging_output = undef, - String $logging_interval, - Hash[String, String] $logging_options, - Optional[Integer[1]] $retention_history_data = undef, - Optional[Integer[1]] $retention_sla_data = undef, - Hash[String, Integer[1]] $retention_options, +<%- | Hash[String[1],Any] $content, | -%> # This file is managed by Puppet. DO NOT EDIT. -database: - type: <%= $db_type %> - host: <%= $db_host %> -<% if $db_port { -%> - port: <%= $db_port %> -<% } -%> - database: <%= $db_name %> - user: <%= $db_username %> - password: <%= $db_password %> -<% if $db_tls { -%> - tls: <%= $db_tls %> -<% if $db_tls_cert { -%> - cert: <%= $db_tls_cert %> -<% } -%> -<% if $db_tls_key { -%> - key: <%= $db_tls_key %> -<% } -%> -<% if $db_tls_cacert { -%> - ca: <%= $db_tls_cacert %> -<% } -%> -<% if $db_tls_insecure =~ Boolean { -%> - insecure: <%= $db_tls_insecure %> -<% } -%> -<% } -%> -<% unless empty($db_options) { -%> - options: -<% $db_options.each |String $opt, Integer $val| { -%> - <%= $opt %>: <%= $val %> -<% } -%> -<% } -%> - -redis: - host: <%= $redis_host %> -<% if $redis_port { -%> - port: <%= $redis_port %> -<% } -%> -<% if $redis_password { -%> - password: <%= $redis_password %> -<% } -%> -<% if $redis_tls { -%> - tls: <%= $redis_tls %> -<% if $redis_tls_cert { -%> - cert: <%= $redis_tls_cert %> -<% } -%> -<% if $redis_tls_key { -%> - key: <%= $redis_tls_key %> -<% } -%> -<% if $redis_tls_cacert { -%> - ca: <%= $redis_tls_cacert %> -<% } -%> -<% if $redis_tls_insecure =~ Boolean { -%> - insecure: <%= $redis_tls_insecure %> -<% } -%> -<% } -%> - -logging: - level: <%= $logging_level %> -<% if $logging_output { -%> - output: <%= $logging_output %> -<% } -%> - interval: <%= $logging_interval %> - options: -<% $logging_options.each |String $opt, String $val| { -%> - <%= $opt %>: <%= $val %> -<% } -%> - -retention: -<% if $retention_history_data { -%> - history-days: <%= $retention_history_data %> -<% } -%> -<% if $retention_sla_data { -%> - sla-days: <%= $retention_sla_data %> -<% } -%> - options: -<% $retention_options.each |String $opt, Integer[1] $val| { -%> - <%= $opt %>: <%= $val %> -<% } -%> +<%= $content -%>