Skip to content

Commit

Permalink
Merge pull request #693 from pixelpark/rework_web_config_support
Browse files Browse the repository at this point in the history
Rework web-config support for multiple exporters
rwaffen authored Nov 17, 2023
2 parents 443d1ca + f6e42ad commit eb76304
Showing 21 changed files with 813 additions and 294 deletions.
415 changes: 236 additions & 179 deletions REFERENCE.md

Large diffs are not rendered by default.

42 changes: 39 additions & 3 deletions manifests/apache_exporter.pp
Original file line number Diff line number Diff line change
@@ -53,6 +53,10 @@
# Optional proxy server, with port number if needed. ie: https://example.com:8080
# @param proxy_type
# Optional proxy server type (none|http|https|ftp)
# @param web_config_file
# Path of file where the web-config will be saved to
# @param web_config_content
# Unless empty the content of the web-config yaml which will handed over as option to the exporter
class prometheus::apache_exporter (
String[1] $scrape_uri = 'http://localhost/server-status/?auto',
String $download_extension = 'tar.gz',
@@ -86,6 +90,8 @@
Optional[Hash] $scrape_job_labels = undef,
Optional[String[1]] $proxy_server = undef,
Optional[Enum['none', 'http', 'https', 'ftp']] $proxy_type = undef,
Stdlib::Absolutepath $web_config_file = '/etc/apache_exporter_web-config.yml',
Prometheus::Web_config $web_config_content = {},
) inherits prometheus {
#Please provide the download_url for versions < 0.9.0
$real_download_url = pick($download_url,"${download_url_base}/download/v${version}/${package_name}-${version}.${os}-${arch}.${download_extension}")
@@ -94,12 +100,42 @@
default => undef,
}

if versioncmp($version, '0.8.0') < 0 {
$options = "-scrape_uri '${scrape_uri}' ${extra_options}"
$_web_config_ensure = $web_config_content.empty ? {
true => absent,
default => file,
}

file { $web_config_file:
ensure => $_web_config_ensure,
owner => $user,
group => $group,
mode => '0640',
content => $web_config_content.stdlib::to_yaml,
notify => $notify_service,
}

$_web_config = if $web_config_content.empty {
''
} else {
$options = "--scrape_uri '${scrape_uri}' ${extra_options}"
if versioncmp($version, '1.0.0') >= 0 {
"--web.config.file=${$web_config_file}"
} else {
"--web.config=${$web_config_file}"
}
}

$_scrape_uri = if versioncmp($version, '0.8.0') < 0 {
"-scrape_uri '${scrape_uri}'"
} else {
"--scrape_uri '${scrape_uri}'"
}

$options = [
$_scrape_uri,
$extra_options,
$_web_config,
].filter |$x| { !$x.empty }.join(' ')

prometheus::daemon { $service_name:
install_method => $install_method,
version => $version,
41 changes: 35 additions & 6 deletions manifests/blackbox_exporter.pp
Original file line number Diff line number Diff line change
@@ -63,6 +63,10 @@
# Optional proxy server, with port number if needed. ie: https://example.com:8080
# @param proxy_type
# Optional proxy server type (none|http|https|ftp)
# @param web_config_file
# Path of file where the web-config will be saved to
# @param web_config_content
# Unless empty the content of the web-config yaml which will handed over as option to the exporter
# @example Example for configuring named blackbox modules via hiera
# prometheus::blackbox_exporter::modules:
# simple_ssl:
@@ -108,21 +112,46 @@
Optional[Hash] $scrape_job_labels = undef,
Optional[String[1]] $proxy_server = undef,
Optional[Enum['none', 'http', 'https', 'ftp']] $proxy_type = undef,
Stdlib::Absolutepath $web_config_file = '/etc/blackbox_exporter_web-config.yml',
Prometheus::Web_config $web_config_content = {},
) inherits prometheus {
# Prometheus added a 'v' on the release name at 0.1.0 of blackbox
if versioncmp ($version, '0.1.0') >= 0 {
$release = "v${version}"
}
else {
$release = $version
$release = if versioncmp ($version, '0.1.0') >= 0 {
"v${version}"
} else {
$version
}
$real_download_url = pick($download_url,"${download_url_base}/download/${release}/${package_name}-${version}.${os}-${arch}.${download_extension}")
$notify_service = $restart_on_change ? {
true => Service[$service_name],
default => undef,
}

$options = "--config.file=${config_file} ${extra_options}"
$_web_config_ensure = $web_config_content.empty ? {
true => absent,
default => file,
}

file { $web_config_file:
ensure => $_web_config_ensure,
owner => $user,
group => $group,
mode => '0640',
content => $web_config_content.stdlib::to_yaml,
notify => $notify_service,
}

$_web_config = if $web_config_content.empty {
''
} else {
"--web.config.file=${$web_config_file}"
}

$options = [
"--config.file=${config_file}",
$extra_options,
$_web_config,
].filter |$x| { !$x.empty }.join(' ')

file { $config_file:
ensure => file,
45 changes: 44 additions & 1 deletion manifests/elasticsearch_exporter.pp
Original file line number Diff line number Diff line change
@@ -29,6 +29,16 @@
# Should puppet manage the service? (default true)
# @param manage_user
# Whether to create user or rely on external code for that
# @param export_scrape_job
# Whether to export a scrape job for this service
# @param scrape_host
# Hostname or IP address to scrape
# @param scrape_port
# Host port to scrape
# @param scrape_job_name
# Name of the scrape job to export, if export_scrape_job is true
# @param scrape_job_labels
# Labels to add to the scrape job, if export_scrape_job is true
# @param os
# Operating system (linux is the only one supported)
# @param package_ensure
@@ -43,6 +53,8 @@
# Whether to enable the service from puppet (default true)
# @param service_ensure
# State ensured for the service (default 'running')
# @param service_name
# Name of the node exporter service
# @param user
# User which runs the service
# @param version
@@ -55,6 +67,10 @@
# Optional proxy server, with port number if needed. ie: https://example.com:8080
# @param proxy_type
# Optional proxy server type (none|http|https|ftp)
# @param web_config_file
# Path of file where the web-config will be saved to
# @param web_config_content
# Unless empty the content of the web-config yaml which will handed over as option to the exporter
class prometheus::elasticsearch_exporter (
String[1] $cnf_uri,
String[1] $cnf_timeout,
@@ -89,6 +105,8 @@
Optional[Hash] $scrape_job_labels = undef,
Optional[String[1]] $proxy_server = undef,
Optional[Enum['none', 'http', 'https', 'ftp']] $proxy_type = undef,
Stdlib::Absolutepath $web_config_file = '/etc/elasticsearch_exporter_web-config.yml',
Prometheus::Web_config $web_config_content = {},
) inherits prometheus {
#Please provide the download_url for versions < 0.9.0
$real_download_url = pick($download_url,"${download_url_base}/download/v${version}/${package_name}-${version}.${os}-${arch}.${download_extension}")
@@ -103,7 +121,32 @@
false => '-',
}

$options = "${flag_prefix}es.uri=${cnf_uri} ${flag_prefix}es.timeout=${cnf_timeout} ${extra_options}"
$_web_config_ensure = $web_config_content.empty ? {
true => absent,
default => file,
}

file { $web_config_file:
ensure => $_web_config_ensure,
owner => $user,
group => $group,
mode => '0640',
content => $web_config_content.stdlib::to_yaml,
notify => $notify_service,
}

$_web_config = if $web_config_content.empty {
''
} else {
"${flag_prefix}web.config.file=${$web_config_file}"
}

$options = [
"${flag_prefix}es.uri=${cnf_uri}",
"${flag_prefix}es.timeout=${cnf_timeout}",
$extra_options,
$_web_config,
].filter |$x| { !$x.empty }.join(' ')

prometheus::daemon { 'elasticsearch_exporter':
install_method => $install_method,
32 changes: 31 additions & 1 deletion manifests/haproxy_exporter.pp
Original file line number Diff line number Diff line change
@@ -51,6 +51,10 @@
# Optional proxy server, with port number if needed. ie: https://example.com:8080
# @param proxy_type
# Optional proxy server type (none|http|https|ftp)
# @param web_config_file
# Path of file where the web-config will be saved to
# @param web_config_content
# Unless empty the content of the web-config yaml which will handed over as option to the exporter
class prometheus::haproxy_exporter (
Variant[Stdlib::HTTPUrl, Pattern[/unix:(?:\/.+)+/]] $cnf_scrape_uri,
String $download_extension,
@@ -83,14 +87,40 @@
Optional[Hash] $scrape_job_labels = undef,
Optional[String[1]] $proxy_server = undef,
Optional[Enum['none', 'http', 'https', 'ftp']] $proxy_type = undef,
Stdlib::Absolutepath $web_config_file = '/etc/haproxy_exporter_web-config.yml',
Prometheus::Web_config $web_config_content = {},
) inherits prometheus {
$real_download_url = pick($download_url,"${download_url_base}/download/v${version}/${package_name}-${version}.${os}-${arch}.${download_extension}")
$notify_service = $restart_on_change ? {
true => Service[$service_name],
default => undef,
}

$options = "--haproxy.scrape-uri=\"${cnf_scrape_uri}\" ${extra_options}"
$_web_config_ensure = $web_config_content.empty ? {
true => absent,
default => file,
}

file { $web_config_file:
ensure => $_web_config_ensure,
owner => $user,
group => $group,
mode => '0640',
content => $web_config_content.stdlib::to_yaml,
notify => $notify_service,
}

$_web_config = if $web_config_content.empty {
''
} else {
"--web.config.file=${$web_config_file}"
}

$options = [
"--haproxy.scrape-uri=\"${cnf_scrape_uri}\"",
$extra_options,
$_web_config,
].filter |$x| { !$x.empty }.join(' ')

prometheus::daemon { $service_name:
install_method => $install_method,
38 changes: 35 additions & 3 deletions manifests/mysqld_exporter.pp
Original file line number Diff line number Diff line change
@@ -64,6 +64,10 @@
# Optional proxy server, with port number if needed. ie: https://example.com:8080
# @param proxy_type
# Optional proxy server type (none|http|https|ftp)
# @param web_config_file
# Path of file where the web-config will be saved to
# @param web_config_content
# Unless empty the content of the web-config yaml which will handed over as option to the exporter
class prometheus::mysqld_exporter (
String $download_extension,
Prometheus::Uri $download_url_base,
@@ -102,6 +106,8 @@
Optional[Hash] $scrape_job_labels = undef,
Optional[String[1]] $proxy_server = undef,
Optional[Enum['none', 'http', 'https', 'ftp']] $proxy_type = undef,
Stdlib::Absolutepath $web_config_file = '/etc/mysqld_exporter_web-config.yml',
Prometheus::Web_config $web_config_content = {},
) inherits prometheus {
#Please provide the download_url for versions < 0.9.0
$real_download_url = pick($download_url,"${download_url_base}/download/v${version}/${package_name}-${version}.${os}-${arch}.${download_extension}")
@@ -130,11 +136,37 @@
notify => $notify_service,
}

if versioncmp($version, '0.11.0') < 0 {
$options = "-config.my-cnf=${cnf_config_path} ${extra_options}"
$_web_config_ensure = $web_config_content.empty ? {
true => absent,
default => file,
}

file { $web_config_file:
ensure => $_web_config_ensure,
owner => $user,
group => $group,
mode => '0640',
content => $web_config_content.stdlib::to_yaml,
notify => $notify_service,
}

$_web_config = if $web_config_content.empty {
''
} else {
"--web.config.file=${$web_config_file}"
}
$_config_myconf = if versioncmp($version, '0.11.0') < 0 {
"-config.my-cnf=${cnf_config_path}"
} else {
$options = "--config.my-cnf=${cnf_config_path} ${extra_options}"
"--config.my-cnf=${cnf_config_path}"
}

$options = [
$_config_myconf,
$extra_options,
$_web_config,
].filter |$x| { !$x.empty }.join(' ')

prometheus::daemon { 'mysqld_exporter':
install_method => $install_method,
version => $version,
97 changes: 22 additions & 75 deletions manifests/node_exporter.pp
Original file line number Diff line number Diff line change
@@ -62,6 +62,10 @@
# Optional proxy server, with port number if needed. ie: https://example.com:8080
# @param proxy_type
# Optional proxy server type (none|http|https|ftp)
# @param web_config_file
# Path of file where the web-config will be saved to
# @param web_config_content
# Unless empty the content of the web-config yaml which will handed over as option to the exporter
class prometheus::node_exporter (
String $download_extension,
Prometheus::Uri $download_url_base,
@@ -99,27 +103,8 @@
Stdlib::Absolutepath $env_file_path = $prometheus::env_file_path,
Optional[String[1]] $proxy_server = undef,
Optional[Enum['none', 'http', 'https', 'ftp']] $proxy_type = undef,

### TLS
Boolean $use_tls_server_config = false,
Optional[Stdlib::Absolutepath] $tls_cert_file = undef,
Optional[Stdlib::Absolutepath] $tls_key_file = undef,
Optional[Stdlib::Absolutepath] $tls_client_ca_file = undef,
String[1] $tls_client_auth_type = 'RequireAndVerifyClientCert',
Stdlib::Absolutepath $web_config_file = '/etc/node_exporter_web-config.yml',
String[1] $tls_min_version = 'TLS12',
String[1] $tls_max_version = 'TLS13',
Optional[Array[String[1]]] $tls_cipher_suites = undef,
Optional[Array[String[1]]] $tls_curve_preferences = undef,
Boolean $tls_prefer_server_cipher_suites = true,

### HTTP/2
Boolean $use_http_server_config = false,
Boolean $http2 = true,
Optional[Hash] $http2_headers = undef,

### Basic Auth
Optional[Hash] $basic_auth_users = undef,
Stdlib::Absolutepath $web_config_file = '/etc/node_exporter_web-config.yml',
Prometheus::Web_config $web_config_content = {},
) inherits prometheus {
# Prometheus added a 'v' on the realease name at 0.13.0
if versioncmp ($version, '0.13.0') >= 0 {
@@ -147,74 +132,36 @@
"--no-collector.${collector}"
}

if $use_tls_server_config {
# if tls is enabled, these values have to be set and cannot be undef anymore
$valid_tls_cert_file = assert_type(Stdlib::Absolutepath, $tls_cert_file)
$valid_tls_key_file = assert_type(Stdlib::Absolutepath, $tls_key_file)

$tls_server_config = {
tls_server_config => {
cert_file => $valid_tls_cert_file,
key_file => $valid_tls_key_file,
client_ca_file => $tls_client_ca_file,
client_auth_type => $tls_client_auth_type,
min_version => $tls_min_version,
max_version => $tls_max_version,
cipher_suites => $tls_cipher_suites,
prefer_server_cipher_suites => $tls_prefer_server_cipher_suites,
curve_preferences => $tls_curve_preferences,
},
}
} else {
$tls_server_config = {}
$_web_config_ensure = $web_config_content.empty ? {
true => absent,
default => file,
}

if $use_http_server_config {
$http_server_config = {
http_server_config => {
http2 => $http2,
headers => $http2_headers,
},
}
} else {
$http_server_config = {}
file { $web_config_file:
ensure => $_web_config_ensure,
owner => $user,
group => $group,
mode => '0640',
content => $web_config_content.stdlib::to_yaml,
notify => $notify_service,
}

if $basic_auth_users =~ Undef {
$basic_auth_config = {}
$_web_config = if $web_config_content.empty {
''
} else {
$basic_auth_config = {
basic_auth_users => $basic_auth_users,
}
}

$web_config_content = $tls_server_config + $http_server_config + $basic_auth_config

if empty($web_config_content) {
file { $web_config_file:
ensure => absent,
}

$web_config = ''
} else {
file { $web_config_file:
ensure => file,
content => $web_config_content.stdlib::to_yaml,
}

if versioncmp($version, '1.5.0') >= 0 {
$web_config = "--web.config.file=${$web_config_file}"
"--web.config.file=${$web_config_file}"
} else {
$web_config = "--web.config=${$web_config_file}"
"--web.config=${$web_config_file}"
}
}

$options = [
$extra_options,
$cmd_collectors_enable.join(' '),
$cmd_collectors_disable.join(' '),
$web_config,
].join(' ')
$_web_config,
].filter |$x| { !$x.empty }.join(' ')

prometheus::daemon { $service_name:
install_method => $install_method,
33 changes: 32 additions & 1 deletion manifests/postgres_exporter.pp
Original file line number Diff line number Diff line change
@@ -59,6 +59,10 @@
# Optional proxy server, with port number if needed. ie: https://example.com:8080
# @param proxy_type
# Optional proxy server type (none|http|https|ftp)
# @param web_config_file
# Path of file where the web-config will be saved to
# @param web_config_content
# Unless empty the content of the web-config yaml which will handed over as option to the exporter
class prometheus::postgres_exporter (
String $download_extension = 'tar.gz',
Prometheus::Uri $download_url_base = 'https://github.com/prometheus-community/postgres_exporter/releases',
@@ -95,6 +99,8 @@
Optional[Hash] $scrape_job_labels = undef,
Optional[String[1]] $proxy_server = undef,
Optional[Enum['none', 'http', 'https', 'ftp']] $proxy_type = undef,
Stdlib::Absolutepath $web_config_file = '/etc/postgres_exporter_web-config.yml',
Prometheus::Web_config $web_config_content = {},
) inherits prometheus {
$release = "v${version}"

@@ -109,6 +115,31 @@
default => undef,
}

$_web_config_ensure = $web_config_content.empty ? {
true => absent,
default => file,
}

file { $web_config_file:
ensure => $_web_config_ensure,
owner => $user,
group => $group,
mode => '0640',
content => $web_config_content.stdlib::to_yaml,
notify => $notify_service,
}

$_web_config = if $web_config_content.empty {
''
} else {
"--web.config.file=${$web_config_file}"
}

$_options = [
$options,
$_web_config,
].filter |$x| { !$x.empty }.join(' ')

case $postgres_auth_method {
'env': {
$env_vars = {
@@ -183,7 +214,7 @@
group => $group,
manage_group => $manage_group,
purge => $purge_config_dir,
options => $options,
options => $_options,
init_style => $init_style,
service_ensure => $service_ensure,
service_enable => $service_enable,
59 changes: 58 additions & 1 deletion spec/classes/apache_exporter_spec.rb
Original file line number Diff line number Diff line change
@@ -47,7 +47,7 @@
it { is_expected.to contain_class('prometheus') }
it { is_expected.to contain_group('apache-exporter') }
it { is_expected.to contain_user('apache-exporter') }
it { is_expected.to contain_prometheus__daemon('apache_exporter').with('options' => "-scrape_uri 'http://localhost/server-status/?auto' ") }
it { is_expected.to contain_prometheus__daemon('apache_exporter').with('options' => "-scrape_uri 'http://localhost/server-status/?auto'") }
it { is_expected.to contain_service('apache_exporter') }
end

@@ -102,6 +102,63 @@
it { is_expected.to contain_prometheus__daemon('apache_exporter').with('options' => "--scrape_uri 'http://127.0.0.1/server-status/?auto' --test") }
end
end

context 'with tls set in web-config.yml version low than 1.0.0' do
let(:params) do
{
version: '0.0.9',
web_config_content: {
tls_server_config: {
cert_file: '/etc/apache_exporter/foo.cert',
key_file: '/etc/apache_exporter/foo.key'
}
}
}
end

it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_file('/etc/apache_exporter_web-config.yml').with(ensure: 'file') }

it { is_expected.to contain_prometheus__daemon('apache_exporter').with(options: "-scrape_uri 'http://localhost/server-status/?auto' --web.config=/etc/apache_exporter_web-config.yml") }
end

context 'with tls set in web-config.yml version equal to 1.0.0' do
let(:params) do
{
version: '1.0.0',
web_config_content: {
tls_server_config: {
cert_file: '/etc/apache_exporter/foo.cert',
key_file: '/etc/apache_exporter/foo.key'
}
}
}
end

it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_file('/etc/apache_exporter_web-config.yml').with(ensure: 'file') }

it { is_expected.to contain_prometheus__daemon('apache_exporter').with(options: "--scrape_uri 'http://localhost/server-status/?auto' --web.config.file=/etc/apache_exporter_web-config.yml") }
end

context 'with tls set in web-config.yml version higher than 1.0.0' do
let(:params) do
{
version: '1.0.1',
web_config_content: {
tls_server_config: {
cert_file: '/etc/apache_exporter/foo.cert',
key_file: '/etc/apache_exporter/foo.key'
}
}
}
end

it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_file('/etc/apache_exporter_web-config.yml').with(ensure: 'file') }

it { is_expected.to contain_prometheus__daemon('apache_exporter').with(options: "--scrape_uri 'http://localhost/server-status/?auto' --web.config.file=/etc/apache_exporter_web-config.yml") }
end
end
end
end
17 changes: 17 additions & 0 deletions spec/classes/blackbox_exporter_spec.rb
Original file line number Diff line number Diff line change
@@ -41,6 +41,23 @@
verify_contents(catalogue, '/etc/blackbox-exporter.yaml', ['---', 'modules:', ' http_2xx:', ' prober: http'])
}
end

context 'with tls set in web-config.yml' do
let(:params) do
{
web_config_content: {
tls_server_config: {
cert_file: '/etc/blackbox_exporter/foo.cert',
key_file: '/etc/blackbox_exporter/foo.key'
}
}
}
end

it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_file('/etc/blackbox_exporter_web-config.yml').with(ensure: 'file') }
it { is_expected.to contain_prometheus__daemon('blackbox_exporter').with(options: '--config.file=/etc/blackbox-exporter.yaml --web.config.file=/etc/blackbox_exporter_web-config.yml') }
end
end
end
end
17 changes: 17 additions & 0 deletions spec/classes/elasticsearch_exporter_spec.rb
Original file line number Diff line number Diff line change
@@ -27,6 +27,23 @@
describe 'install correct binary' do
it { is_expected.to contain_file('/usr/local/bin/elasticsearch_exporter').with('target' => '/opt/elasticsearch_exporter-1.0.0.linux-amd64/elasticsearch_exporter') }
end

context 'with tls set in web-config.yml' do
let(:params) do
super().merge(
web_config_content: {
tls_server_config: {
cert_file: '/etc/elasticsearch_exporter/foo.cert',
key_file: '/etc/elasticsearch_exporter/foo.key'
}
}
)
end

it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_file('/etc/elasticsearch_exporter_web-config.yml').with(ensure: 'file') }
it { is_expected.to contain_prometheus__daemon('elasticsearch_exporter').with(options: '--es.uri=http://localhost:9200 --es.timeout=5s --web.config.file=/etc/elasticsearch_exporter_web-config.yml') }
end
end
end
end
17 changes: 17 additions & 0 deletions spec/classes/haproxy_exporter_spec.rb
Original file line number Diff line number Diff line change
@@ -63,6 +63,23 @@
it { is_expected.to raise_error(Puppet::Error) }
end
end

context 'with tls set in web-config.yml' do
let(:params) do
{
web_config_content: {
tls_server_config: {
cert_file: '/etc/haproxy_exporter/foo.cert',
key_file: '/etc/haproxy_exporter/foo.key'
}
}
}
end

it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_file('/etc/haproxy_exporter_web-config.yml').with(ensure: 'file') }
it { is_expected.to contain_prometheus__daemon('haproxy_exporter').with(options: '--haproxy.scrape-uri="http://localhost:1234/haproxy?stats;csv" --web.config.file=/etc/haproxy_exporter_web-config.yml') }
end
end
end
end
22 changes: 20 additions & 2 deletions spec/classes/mysqld_exporter_spec.rb
Original file line number Diff line number Diff line change
@@ -11,7 +11,7 @@

context 'default' do
describe 'options is correct' do
it { is_expected.to contain_prometheus__daemon('mysqld_exporter').with('options' => '--config.my-cnf=/etc/.my.cnf ') }
it { is_expected.to contain_prometheus__daemon('mysqld_exporter').with('options' => '--config.my-cnf=/etc/.my.cnf') }
end
end

@@ -23,7 +23,7 @@
end

describe 'options is correct' do
it { is_expected.to contain_prometheus__daemon('mysqld_exporter').with('options' => '-config.my-cnf=/etc/.my.cnf ') }
it { is_expected.to contain_prometheus__daemon('mysqld_exporter').with('options' => '-config.my-cnf=/etc/.my.cnf') }
end
end

@@ -39,6 +39,24 @@
expect(content).to include('secret')
end
end

context 'with tls set in web-config.yml' do
let(:params) do
{
web_config_content: {
tls_server_config: {
cert_file: '/etc/mysqld_exporter/foo.cert',
key_file: '/etc/mysqld_exporter/foo.key'
}
}
}
end

it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_file('/etc/mysqld_exporter_web-config.yml').with(ensure: 'file') }

it { is_expected.to contain_prometheus__daemon('mysqld_exporter').with(options: '--config.my-cnf=/etc/.my.cnf --web.config.file=/etc/mysqld_exporter_web-config.yml') }
end
end
end
end
53 changes: 31 additions & 22 deletions spec/classes/node_exporter_spec.rb
Original file line number Diff line number Diff line change
@@ -21,14 +21,14 @@
it { is_expected.to contain_package('prometheus-node-exporter') }
it { is_expected.not_to contain_systemd__unit_file('node_exporter.service') }
it { is_expected.to contain_service('prometheus-node-exporter') }
it { is_expected.to contain_prometheus__daemon('prometheus-node-exporter').with(options: ' ') }
it { is_expected.to contain_prometheus__daemon('prometheus-node-exporter').with(options: '') }
else
it { is_expected.to contain_user('node-exporter') }
it { is_expected.to contain_group('node-exporter') }
it { is_expected.to contain_file('/opt/node_exporter-1.0.1.linux-amd64/node_exporter') }
it { is_expected.to contain_file('/usr/local/bin/node_exporter') }
it { is_expected.to contain_service('node_exporter') }
it { is_expected.to contain_prometheus__daemon('node_exporter').with(options: ' ') }
it { is_expected.to contain_prometheus__daemon('node_exporter').with(options: '') }
it { is_expected.to contain_systemd__unit_file('node_exporter.service') }
end
# rubocop:disable RSpec/RepeatedExample
@@ -58,7 +58,7 @@

it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_archive('/tmp/node_exporter-1.0.1.tar.gz') }
it { is_expected.to contain_prometheus__daemon('node_exporter').with(options: ' --collector.foo --collector.bar --no-collector.baz --no-collector.qux ') }
it { is_expected.to contain_prometheus__daemon('node_exporter').with(options: '--collector.foo --collector.bar --no-collector.baz --no-collector.qux') }

if facts[:os]['name'] == 'Archlinux'
it { is_expected.to contain_file('/usr/bin/node_exporter') }
@@ -81,7 +81,7 @@
end

it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_prometheus__daemon('node_exporter').with(options: '--path.procfs /host/proc --path.sysfs /host/sys --collector.foo --collector.bar --no-collector.baz --no-collector.qux ') }
it { is_expected.to contain_prometheus__daemon('node_exporter').with(options: '--path.procfs /host/proc --path.sysfs /host/sys --collector.foo --collector.bar --no-collector.baz --no-collector.qux') }
end

context 'with version specified' do
@@ -122,69 +122,78 @@
it { is_expected.to contain_file('/etc/node_exporter_web-config.yml').with(ensure: 'absent') }

if facts[:os]['name'] == 'Archlinux'
it { is_expected.to contain_prometheus__daemon('prometheus-node-exporter').with(options: ' ') }
it { is_expected.to contain_prometheus__daemon('prometheus-node-exporter').with(options: '') }
else
it { is_expected.to contain_prometheus__daemon('node_exporter').with(options: ' ') }
it { is_expected.to contain_prometheus__daemon('node_exporter').with(options: '') }
end
end

context 'with tls set in web-config.yml version lower than 1.5.0' do
let(:params) do
{
version: '1.4.0',
use_tls_server_config: true,
tls_cert_file: '/etc/node_exporter/foo.cert',
tls_key_file: '/etc/node_exporter/foo.key'
web_config_content: {
tls_server_config: {
cert_file: '/etc/node_exporter/foo.cert',
key_file: '/etc/node_exporter/foo.key'
}
}
}
end

it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_file('/etc/node_exporter_web-config.yml').with(ensure: 'file') }

if facts[:os]['name'] == 'Archlinux'
it { is_expected.to contain_prometheus__daemon('prometheus-node-exporter').with(options: ' --web.config=/etc/node_exporter_web-config.yml') }
it { is_expected.to contain_prometheus__daemon('prometheus-node-exporter').with(options: '--web.config=/etc/node_exporter_web-config.yml') }
else
it { is_expected.to contain_prometheus__daemon('node_exporter').with(options: ' --web.config=/etc/node_exporter_web-config.yml') }
it { is_expected.to contain_prometheus__daemon('node_exporter').with(options: '--web.config=/etc/node_exporter_web-config.yml') }
end
end

context 'with tls set in web-config.yml version equal to 1.5.0' do
let(:params) do
{
version: '1.5.0',
use_tls_server_config: true,
tls_cert_file: '/etc/node_exporter/foo.cert',
tls_key_file: '/etc/node_exporter/foo.key'
web_config_content: {
tls_server_config: {
cert_file: '/etc/node_exporter/foo.cert',
key_file: '/etc/node_exporter/foo.key'
}
}
}
end

it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_file('/etc/node_exporter_web-config.yml').with(ensure: 'file') }

if facts[:os]['name'] == 'Archlinux'
it { is_expected.to contain_prometheus__daemon('prometheus-node-exporter').with(options: ' --web.config.file=/etc/node_exporter_web-config.yml') }
it { is_expected.to contain_prometheus__daemon('prometheus-node-exporter').with(options: '--web.config.file=/etc/node_exporter_web-config.yml') }
else
it { is_expected.to contain_prometheus__daemon('node_exporter').with(options: ' --web.config.file=/etc/node_exporter_web-config.yml') }
it { is_expected.to contain_prometheus__daemon('node_exporter').with(options: '--web.config.file=/etc/node_exporter_web-config.yml') }
end
end

context 'with tls set in web-config.yml version higher to 1.5.0' do
context 'with tls set in web-config.yml version higher than 1.5.0' do
let(:params) do
{
version: '1.5.1',
use_tls_server_config: true,
tls_cert_file: '/etc/node_exporter/foo.cert',
tls_key_file: '/etc/node_exporter/foo.key'
web_config_content: {
tls_server_config: {
cert_file: '/etc/node_exporter/foo.cert',
key_file: '/etc/node_exporter/foo.key'
}
}
}
end

it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_file('/etc/node_exporter_web-config.yml').with(ensure: 'file') }

if facts[:os]['name'] == 'Archlinux'
it { is_expected.to contain_prometheus__daemon('prometheus-node-exporter').with(options: ' --web.config.file=/etc/node_exporter_web-config.yml') }
it { is_expected.to contain_prometheus__daemon('prometheus-node-exporter').with(options: '--web.config.file=/etc/node_exporter_web-config.yml') }
else
it { is_expected.to contain_prometheus__daemon('node_exporter').with(options: ' --web.config.file=/etc/node_exporter_web-config.yml') }
it { is_expected.to contain_prometheus__daemon('node_exporter').with(options: '--web.config.file=/etc/node_exporter_web-config.yml') }
end
end
end
17 changes: 17 additions & 0 deletions spec/classes/postgres_exporter_spec.rb
Original file line number Diff line number Diff line change
@@ -30,6 +30,23 @@
it { is_expected.to contain_group('postgres-exporter') }
it { is_expected.to contain_service('postgres_exporter') }
end

context 'with tls set in web-config.yml' do
let(:params) do
super().merge(
web_config_content: {
tls_server_config: {
cert_file: '/etc/postgres_exporter/foo.cert',
key_file: '/etc/postgres_exporter/foo.key'
}
}
)
end

it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_file('/etc/postgres_exporter_web-config.yml').with(ensure: 'file') }
it { is_expected.to contain_prometheus__daemon('postgres_exporter').with(options: '--web.config.file=/etc/postgres_exporter_web-config.yml') }
end
end
end
end
26 changes: 26 additions & 0 deletions spec/type_aliases/web_config/http_server_config_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# frozen_string_literal: true

require 'spec_helper'

describe 'Prometheus::Web_config::Http_server_config' do
describe 'accepts minimal usage' do
it { is_expected.to allow_value({}) }
end

describe 'accepts all paramters' do
it {
is_expected.to allow_value(
{
'http2' => true,
'headers' => {
'Content-Security-Policy' => 'default-src \'self\'',
'X-Frame-Options' => 'SAMEORIGIN',
'X-Content-Type-Options' => 'nosniff',
'X-XSS-Protection' => '1; mode=block',
'Strict-Transport-Security' => 'max-age=31536000; includeSubDomains',
}
}
)
}
end
end
43 changes: 43 additions & 0 deletions spec/type_aliases/web_config/tls_server_config_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
# frozen_string_literal: true

require 'spec_helper'

describe 'Prometheus::Web_config::Tls_server_config' do
describe 'accepts minimal usage' do
it {
is_expected.to allow_value(
{
'cert_file' => '/etc/pki/tls/certs/example.com.pem',
'key_file' => '/etc/pki/tls/private/example.com.pem',
}
)
}
end

describe 'accepts all paramters' do
it {
is_expected.to allow_value(
{
'cert_file' => '/etc/pki/tls/certs/example.com.pem',
'key_file' => '/etc/pki/tls/private/example.com.pem',
'client_ca_file' => '/etc/pki/tls/cert.pem',
'client_auth_type' => 'NoClientCert',
'client_allowed_sans' => [
'client.example.com'
],
'min_version' => 'TLS12',
'max_version' => 'TLS13',
'cipher_suites' => %w[
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_256_GCM_SHA384
TLS_AES_128_GCM_SHA256
],
'prefer_server_cipher_suites' => true,
'curve_preferences' => [
'X25519'
]
}
)
}
end
end
60 changes: 60 additions & 0 deletions spec/type_aliases/web_config_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
# frozen_string_literal: true

require 'spec_helper'

describe 'Prometheus::Web_config' do
describe 'accepts minimal tls usage' do
it {
is_expected.to allow_value(
{
'tls_server_config' => {
'cert_file' => '/etc/pki/tls/certs/example.com.pem',
'key_file' => '/etc/pki/tls/private/example.com.pem',
}
}
)
}
end

describe 'accepts all paramters' do
it {
is_expected.to allow_value(
{
'http_server_config' => {
'http2' => true,
'headers' => {
'Content-Security-Policy' => 'default-src \'self\'',
'X-Frame-Options' => 'SAMEORIGIN',
'X-Content-Type-Options' => 'nosniff',
'X-XSS-Protection' => '1; mode=block',
'Strict-Transport-Security' => 'max-age=31536000; includeSubDomains',
}
},
'tls_server_config' => {
'cert_file' => '/etc/pki/tls/certs/example.com.pem',
'key_file' => '/etc/pki/tls/private/example.com.pem',
'client_ca_file' => '/etc/pki/tls/cert.pem',
'client_auth_type' => 'NoClientCert',
'client_allowed_sans' => [
'client.example.com'
],
'min_version' => 'TLS12',
'max_version' => 'TLS13',
'cipher_suites' => %w[
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_256_GCM_SHA384
TLS_AES_128_GCM_SHA256
],
'prefer_server_cipher_suites' => true,
'curve_preferences' => [
'X25519'
]
},
'basic_auth_users' => {
'john.doe' => '$2b$05$XC0SLeu3npPRPgbPMBhjCu/2GZRfcIfjGtW5yLeDTLUO0.zAfdkjm'
}
}
)
}
end
end
7 changes: 7 additions & 0 deletions types/web_config.pp
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# @summary webconfig for the exporter
# @see https://github.com/prometheus/exporter-toolkit/blob/v0.10.0/docs/web-configuration.md
type Prometheus::Web_config = Struct[{
Optional[tls_server_config] => Prometheus::Web_config::Tls_server_config,
Optional[http_server_config] => Prometheus::Web_config::Http_server_config,
Optional[basic_auth_users] => Hash[String[1],String[1],1],
}]
12 changes: 12 additions & 0 deletions types/web_config/http_server_config.pp
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# @summary http_server_config of a exporter webconfig
# @see https://github.com/prometheus/exporter-toolkit/blob/v0.10.0/docs/web-configuration.md
type Prometheus::Web_config::Http_server_config = Struct[{
Optional[http2] => Boolean,
Optional[headers] => Struct[{
Optional['Content-Security-Policy'] => String[1],
Optional['X-Frame-Options'] => String[1],
Optional['X-Content-Type-Options'] => String[1],
Optional['X-XSS-Protection'] => String[1],
Optional['Strict-Transport-Security'] => String[1],
}]
}]
14 changes: 14 additions & 0 deletions types/web_config/tls_server_config.pp
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# @summary tls_server_config of a exporter webconfig
# @see https://github.com/prometheus/exporter-toolkit/blob/v0.10.0/docs/web-configuration.md
type Prometheus::Web_config::Tls_server_config = Struct[{
cert_file => Stdlib::Absolutepath,
key_file => Stdlib::Absolutepath,
Optional[client_ca_file] => Stdlib::Absolutepath,
Optional[client_auth_type] => String[1],
Optional[client_allowed_sans] => Array[String[1],1],
Optional[min_version] => String[1],
Optional[max_version] => String[1],
Optional[cipher_suites] => Array[String[1],1],
Optional[prefer_server_cipher_suites] => Boolean,
Optional[curve_preferences] => Array[String[1],1],
}]

0 comments on commit eb76304

Please sign in to comment.