From 188856880dc0b99469ab1f5c0c9d3f37c3846e95 Mon Sep 17 00:00:00 2001
From: Christian Merker <c.merker@dotsource.de>
Date: Mon, 3 Apr 2023 12:46:46 +0200
Subject: [PATCH 1/2] issue #604 : compatibility for ssl connections to the
 database

e.g. azure database for mysql
---
 manifests/mysqld_exporter.pp | 12 ++++++++++++
 templates/my.cnf.epp         | 11 +++++++++++
 2 files changed, 23 insertions(+)

diff --git a/manifests/mysqld_exporter.pp b/manifests/mysqld_exporter.pp
index 7d216c92d..f5ccc72a8 100644
--- a/manifests/mysqld_exporter.pp
+++ b/manifests/mysqld_exporter.pp
@@ -12,6 +12,12 @@
 #  The socket which the mysql host is running. If defined, host and port are not used.
 # @param cnf_user
 #  The mysql user to use when connecting.
+# @param cnf_ssl_ca
+#  The path name of the Certificate Authority (CA) certificate file in PEM format. The file may contain a list of trusted SSL Certificate Authorities.
+# @param cnf_ssl_cert
+#  The path name of the client SSL public key certificate file in PEM format.
+# @param cnf_ssl_key
+#  The path name of the client SSL private key file in PEM format.
 # @param arch
 #  Architecture (amd64 or i386)
 # @param bin_dir
@@ -80,6 +86,9 @@
   String[1] $cnf_user                                        = login,
   Variant[Sensitive[String],String] $cnf_password            = 'password',
   Optional[Stdlib::Absolutepath] $cnf_socket                 = undef,
+  Optional[Stdlib::Absolutepath] $cnf_ssl_ca                 = undef,
+  Optional[Stdlib::Absolutepath] $cnf_ssl_cert               = undef,
+  Optional[Stdlib::Absolutepath] $cnf_ssl_key                = undef,
   Boolean $purge_config_dir                                  = true,
   Boolean $restart_on_change                                 = true,
   Boolean $service_enable                                    = true,
@@ -124,6 +133,9 @@
           'cnf_port'     => $cnf_port,
           'cnf_host'     => $cnf_host,
           'cnf_socket'   => $cnf_socket,
+          'cnf_ssl_ca'   => $cnf_ssl_ca,
+          'cnf_ssl_cert' => $cnf_ssl_cert,
+          'cnf_ssl_key'  => $cnf_ssl_key,
         },
       )
     ),
diff --git a/templates/my.cnf.epp b/templates/my.cnf.epp
index bdc4dc0a0..4e0a8ce2c 100644
--- a/templates/my.cnf.epp
+++ b/templates/my.cnf.epp
@@ -4,6 +4,9 @@
   Stdlib::Port $cnf_port,
   Stdlib::Host $cnf_host,
   Optional[Stdlib::Absolutepath] $cnf_socket = undef,
+  Optional[Stdlib::Absolutepath] $cnf_ssl_ca = undef,
+  Optional[Stdlib::Absolutepath] $cnf_ssl_cert = undef,
+  Optional[Stdlib::Absolutepath] $cnf_ssl_key = undef,
 | -%>
 # THIS FILE IS MANAGED BY PUPPET
 [client]
@@ -21,3 +24,11 @@ socket = <%= $cnf_socket %>
 host = <%= $cnf_host %>
 port = <%= $cnf_port %>
 <% } -%>
+<% if $cnf_ssl_ca { -%>
+ssl-ca = <%= $cnf_ssl_ca %>
+<% } -%>
+<%# client ssl cert and key, only used if both provided %>
+<% if $cnf_ssl_cert and $cnf_ssl_key { -%>
+ssl-cert = <%= $cnf_ssl_cert %>
+ssl-key = <%= $cnf_ssl_key %>
+<% } -%>

From 8ec9664843f8f360f39cfc9ecf193c050171e7a9 Mon Sep 17 00:00:00 2001
From: moon-hawk <c.merker@dotsource.de>
Date: Mon, 3 Apr 2023 15:50:52 +0200
Subject: [PATCH 2/2] issue #604 : updated references with puppet strings

---
 REFERENCE.md | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/REFERENCE.md b/REFERENCE.md
index 3247a9d0a..3df25762c 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -6441,6 +6441,9 @@ The following parameters are available in the `prometheus::mysqld_exporter` clas
 * [`cnf_port`](#-prometheus--mysqld_exporter--cnf_port)
 * [`cnf_socket`](#-prometheus--mysqld_exporter--cnf_socket)
 * [`cnf_user`](#-prometheus--mysqld_exporter--cnf_user)
+* [`cnf_ssl_ca`](#-prometheus--mysqld_exporter--cnf_ssl_ca)
+* [`cnf_ssl_cert`](#-prometheus--mysqld_exporter--cnf_ssl_cert)
+* [`cnf_ssl_key`](#-prometheus--mysqld_exporter--cnf_ssl_key)
 * [`arch`](#-prometheus--mysqld_exporter--arch)
 * [`bin_dir`](#-prometheus--mysqld_exporter--bin_dir)
 * [`config_mode`](#-prometheus--mysqld_exporter--config_mode)
@@ -6521,6 +6524,30 @@ The mysql user to use when connecting.
 
 Default value: `login`
 
+##### <a name="-prometheus--mysqld_exporter--cnf_ssl_ca"></a>`cnf_ssl_ca`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+The path name of the Certificate Authority (CA) certificate file in PEM format. The file may contain a list of trusted SSL Certificate Authorities.
+
+Default value: `undef`
+
+##### <a name="-prometheus--mysqld_exporter--cnf_ssl_cert"></a>`cnf_ssl_cert`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+The path name of the client SSL public key certificate file in PEM format.
+
+Default value: `undef`
+
+##### <a name="-prometheus--mysqld_exporter--cnf_ssl_key"></a>`cnf_ssl_key`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+The path name of the client SSL private key file in PEM format.
+
+Default value: `undef`
+
 ##### <a name="-prometheus--mysqld_exporter--arch"></a>`arch`
 
 Data type: `String[1]`