Puppet Function: icinga2::db::connect

Defined in:
functions/db/connect.pp
Function type:
Puppet Language

Summary

This function returns a string to connect databases with or without TLS information.

Overview

icinga2::db::connect(Struct[{ type => Enum['pgsql','mysql','mariadb'], host => Stdlib::Host, port => Optional[Stdlib::Port], database => String, username => String, password => Optional[Variant[String, Sensitive[String]]], }] $db, Hash[String, Any] $tls, Optional[Boolean] $use_tls = undef)String

Parameters:

  • db (Struct[{ type => Enum['pgsql','mysql','mariadb'], host => Stdlib::Host, port => Optional[Stdlib::Port], database => String, username => String, password => Optional[Variant[String, Sensitive[String]]], }])
  • tls (Hash[String, Any])
  • use_tls (Optional[Boolean]) (defaults to: undef)

Returns:

  • (String)

    Connection string to connect database.



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'functions/db/connect.pp', line 8

function icinga2::db::connect(
  Struct[{
      type     => Enum['pgsql','mysql','mariadb'],
      host     => Stdlib::Host,
      port     => Optional[Stdlib::Port],
      database => String,
      username => String,
      password => Optional[Variant[String, Sensitive[String]]],
  }]                   $db,
  Hash[String, Any]    $tls,
  Optional[Boolean]    $use_tls = undef,
) >> String {
  # @param db
  #    Data hash with database information.
  #
  # @param tls
  #   Data hash with TLS connection information.
  #
  # @param use_tls
  #   Wether or not to use TLS encryption.
  #
  if $use_tls {
    case $db['type'] {
      'pgsql': {
        $tls_options = regsubst(join(any2array(delete_undef_values({
                  'sslmode='     => if $tls['noverify'] { 'require' } else { 'verify-full' },
                  'sslcert='     => $tls['cert_file'],
                  'sslkey='      => $tls['key_file'],
                  'sslrootcert=' => $tls['cacert_file'],
        })), ' '), '= ', '=', 'G')
      }
      'mariadb': {
        $tls_options = join(any2array(delete_undef_values({
                '--ssl'        => '',
                '--ssl-ca'     => $tls['cacert_file'],
                '--ssl-cert'   => $tls['cert_file'],
                '--ssl-key'    => $tls['key_file'],
                '--ssl-capath' => $tls['capath'],
                '--ssl-cipher' => $tls['cipher'],
        })), ' ')
      }
      'mysql': {
        $tls_options = join(any2array(delete_undef_values({
                '--ssl-mode'   => 'required',
                '--ssl-ca'     => $tls['cacert_file'],
                '--ssl-cert'   => $tls['cert_file'],
                '--ssl-key'    => $tls['key_file'],
                '--ssl-capath' => $tls['capath'],
                '--ssl-cipher' => $tls['cipher'],
        })), ' ')
      }
      default: {
        fail('The database type you provided is not supported.')
      }
    }
  } else {
    $tls_options = ''
  }

  if $db['type'] == 'pgsql' {
    $options = regsubst(join(any2array(delete_undef_values({
              'host='        => $db['host'],
              'user='        => $db['username'],
              'port='        => $db['port'],
              'dbname='      => $db['database'],
    })), ' '), '= ', '=', 'G')
  } else {
    $_password = icinga2::unwrap($db['password'])
    $options = join(any2array(delete_undef_values({
            '-h'               => $db['host'] ? {
              /localhost/  => undef,
              default      => $db['host'],
            },
            '-P'               => $db['port'],
            '-u'               => $db['username'],
            "-p'${_password}'" => '',
            '-D'               => $db['database'],
    })), ' ')
  }

  "${options} ${tls_options}"
}