Merge pull request #751 from Icinga/enhancement/use-datatype-secret

Add use of datatype Icinga::Secret from module icinga
voxpupuli · Dec 22, 2023 · 1327bd9 · 1327bd9
2 parents 188384b + f8a2495
commit 1327bd9
Show file tree

Hide file tree

Showing 15 changed files with 172 additions and 168 deletions.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -429,7 +429,7 @@ Default value: `'icinga2'`
 
 ##### <a name="-icinga2--feature--api--ssl_key"></a>`ssl_key`
 
-Data type: `Optional[Stdlib::Base64]`
+Data type: `Optional[Icinga::Secret]`
 
 The private key in a base64 encoded string to store in cert directory. This parameter
 requires pki to be set to 'none'.
@@ -438,7 +438,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--api--ssl_cert"></a>`ssl_cert`
 
-Data type: `Optional[Stdlib::Base64]`
+Data type: `Optional[String]`
 
 The certificate in a base64 encoded string to store in cert directory This parameter
  requires pki to be set to 'none'.
@@ -447,7 +447,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--api--ssl_cacert"></a>`ssl_cacert`
 
-Data type: `Optional[Stdlib::Base64]`
+Data type: `Optional[String]`
 
 The CA root certificate in a base64 encoded string to store in cert directory. This parameter
 requires pki to be set to 'none'.
@@ -496,7 +496,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--api--ca_port"></a>`ca_port`
 
-Data type: `Stdlib::Port::Unprivileged`
+Data type: `Stdlib::Port`
 
 Port of the 'ca_host'.
 
@@ -514,7 +514,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--api--ticket_salt"></a>`ticket_salt`
 
-Data type: `Variant[String, Sensitive[String]]`
+Data type: `Icinga::Secret`
 
 Salt to use for ticket generation. The salt is stored to api.conf if none or ca is chosen for pki.
 Defaults to constant TicketSalt. Keep in mind this parameter is parsed so please use only alpha numric
@@ -524,7 +524,7 @@ Default value: `'TicketSalt'`
 
 ##### <a name="-icinga2--feature--api--ticket_id"></a>`ticket_id`
 
-Data type: `Optional[Variant[String, Sensitive[String]]]`
+Data type: `Optional[Icinga::Secret]`
 
 If a ticket_id is given it will be used instead of generating an ticket_id.
 The ticket_id will be used only when requesting a certificate from the ca_host
@@ -590,7 +590,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--api--bind_port"></a>`bind_port`
 
-Data type: `Optional[Stdlib::Port::Unprivileged]`
+Data type: `Optional[Stdlib::Port]`
 
 The port the api listener will be bound to.
 
@@ -800,7 +800,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--elasticsearch--port"></a>`port`
 
-Data type: `Optional[Stdlib::Port::Unprivileged]`
+Data type: `Optional[Stdlib::Port]`
 
 Elasticsearch HTTP port.
 
@@ -824,7 +824,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--elasticsearch--password"></a>`password`
 
-Data type: `Optional[Variant[String, Sensitive[String]]]`
+Data type: `Optional[Icinga::Secret]`
 
 Elasticsearch user password. The password parameter isn't parsed anymore.
 
@@ -872,7 +872,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--elasticsearch--ssl_key"></a>`ssl_key`
 
-Data type: `Optional[Variant[String, Sensitive[String]]]`
+Data type: `Optional[Icinga::Secret]`
 
 The client private key in PEM format. Only valid if ssl is enabled.
 
@@ -967,7 +967,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--gelf--port"></a>`port`
 
-Data type: `Optional[Stdlib::Port::Unprivileged]`
+Data type: `Optional[Stdlib::Port]`
 
 GELF receiver port.
 
@@ -1015,7 +1015,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--gelf--ssl_key"></a>`ssl_key`
 
-Data type: `Optional[Variant[String, Sensitive[String]]]`
+Data type: `Optional[Icinga::Secret]`
 
 The client private key in PEM format. Only valid if ssl is enabled.
 
@@ -1109,7 +1109,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--graphite--port"></a>`port`
 
-Data type: `Optional[Stdlib::Port::Unprivileged]`
+Data type: `Optional[Stdlib::Port]`
 
 Graphite Carbon port.
 
@@ -1201,7 +1201,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--icingadb--port"></a>`port`
 
-Data type: `Optional[Stdlib::Port::Unprivileged]`
+Data type: `Optional[Stdlib::Port]`
 
 IcingaDB Redis port.
 
@@ -1225,15 +1225,15 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--icingadb--password"></a>`password`
 
-Data type: `Optional[Variant[String, Sensitive[String]]]`
+Data type: `Optional[Icinga::Secret]`
 
 IcingaDB Redis password. The password parameter isn't parsed anymore.
 
 Default value: `undef`
 
 ##### <a name="-icinga2--feature--icingadb--env_id"></a>`env_id`
 
-Data type: `Optional[Variant[String, Sensitive[String]]]`
+Data type: `Optional[Icinga::Secret]`
 
 The ID is used in all Icinga DB components to separate data from multiple
 different environments and is written to the file `/var/lib/icinga2/icingadb.env`
@@ -1284,7 +1284,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--icingadb--tls_key"></a>`tls_key`
 
-Data type: `Optional[Variant[String, Sensitive[String]]]`
+Data type: `Optional[Icinga::Secret]`
 
 The private key in a PEM formated string to store spicified in tls_key_file.
 Only valid if tls is enabled.
@@ -1415,7 +1415,7 @@ Default value: `'localhost'`
 
 ##### <a name="-icinga2--feature--idomysql--port"></a>`port`
 
-Data type: `Optional[Stdlib::Port::Unprivileged]`
+Data type: `Optional[Stdlib::Port]`
 
 MySQL database port.
 
@@ -1439,10 +1439,12 @@ Default value: `'icinga'`
 
 ##### <a name="-icinga2--feature--idomysql--password"></a>`password`
 
-Data type: `Variant[String, Sensitive[String]]`
+Data type: `Optional[Icinga::Secret]`
 
 MySQL database user's password. The password parameter isn't parsed anymore.
 
+Default value: `undef`
+
 ##### <a name="-icinga2--feature--idomysql--database"></a>`database`
 
 Data type: `String`
@@ -1485,7 +1487,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--idomysql--ssl_key"></a>`ssl_key`
 
-Data type: `Optional[Variant[String, Sensitive[String]]]`
+Data type: `Optional[Icinga::Secret]`
 
 The client private key in PEM Format. Only valid if ssl is enabled.
 
@@ -1659,7 +1661,7 @@ Default value: `'localhost'`
 
 ##### <a name="-icinga2--feature--idopgsql--port"></a>`port`
 
-Data type: `Optional[Stdlib::Port::Unprivileged]`
+Data type: `Optional[Stdlib::Port]`
 
 PostgreSQL database port.
 
@@ -1675,10 +1677,12 @@ Default value: `'icinga'`
 
 ##### <a name="-icinga2--feature--idopgsql--password"></a>`password`
 
-Data type: `Variant[String, Sensitive[String]]`
+Data type: `Optional[Icinga::Secret]`
 
 PostgreSQL database user's password. The password parameter isn't parsed anymore.
 
+Default value: `undef`
+
 ##### <a name="-icinga2--feature--idopgsql--database"></a>`database`
 
 Data type: `String`
@@ -1726,7 +1730,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--idopgsql--ssl_key"></a>`ssl_key`
 
-Data type: `Optional[Variant[String, Sensitive[String]]]`
+Data type: `Optional[Icinga::Secret]`
 
 The client private key in PEM format. Only valid if ssl_mode is set unequal to `disabled`.
 
@@ -1900,7 +1904,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--influxdb--password"></a>`password`
 
-Data type: `Optional[Variant[String, Sensitive[String]]]`
+Data type: `Optional[Icinga::Secret]`
 
 InfluxDB user password. The password parameter isn't parsed anymore.
 
@@ -1956,7 +1960,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--influxdb--ssl_key"></a>`ssl_key`
 
-Data type: `Optional[Variant[String, Sensitive[String]]]`
+Data type: `Optional[Icinga::Secret]`
 
 The client private key in PEM format. Only valid if ssl is enabled.
 
@@ -2133,7 +2137,7 @@ InfluxDB bucket name.
 
 ##### <a name="-icinga2--feature--influxdb2--auth_token"></a>`auth_token`
 
-Data type: `Variant[String, Sensitive[String]]`
+Data type: `Icinga::Secret`
 
 InfluxDB authentication token.
 
@@ -2179,7 +2183,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--influxdb2--ssl_key"></a>`ssl_key`
 
-Data type: `Optional[Variant[String, Sensitive[String]]]`
+Data type: `Optional[Icinga::Secret]`
 
 The client private key in PEM format. Only valid if ssl is enabled.
 
@@ -2314,7 +2318,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--livestatus--bind_port"></a>`bind_port`
 
-Data type: `Optional[Stdlib::Port::Unprivileged]`
+Data type: `Optional[Stdlib::Port]`
 
 Port to listen for connections. Only valid when socket_type is 'tcp'.
 
@@ -2430,7 +2434,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--feature--opentsdb--port"></a>`port`
 
-Data type: `Optional[Stdlib::Port::Unprivileged]`
+Data type: `Optional[Stdlib::Port]`
 
 OpenTSDB port.
 
@@ -2687,7 +2691,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--pki--ca--ca_key"></a>`ca_key`
 
-Data type: `Optional[String]`
+Data type: `Optional[Icinga::Secret]`
 
 Content of the CA key. If this is unset, a key will be generated with the Icinga 2 CLI.
 
@@ -2878,7 +2882,7 @@ Default value: `$title`
 
 ##### <a name="-icinga2--object--apiuser--password"></a>`password`
 
-Data type: `Optional[Variant[String, Sensitive[String]]]`
+Data type: `Optional[Icinga::Secret]`
 
 Password string. The password parameter isn't parsed anymore.
 
@@ -3343,7 +3347,7 @@ Default value: `undef`
 
 ##### <a name="-icinga2--object--endpoint--port"></a>`port`
 
-Data type: `Optional[Stdlib::Port::Unprivileged]`
+Data type: `Optional[Stdlib::Port]`
 
 The service name/port of the remote Icinga 2 instance.
 

diff --git a/manifests/feature/api.pp b/manifests/feature/api.pp
@@ -157,20 +157,20 @@
   Optional[Boolean]                                        $accept_commands                  = undef,
   Optional[Integer[0]]                                     $max_anonymous_clients            = undef,
   Optional[Stdlib::Host]                                   $ca_host                          = undef,
-  Stdlib::Port::Unprivileged                               $ca_port                          = 5665,
-  Variant[String, Sensitive[String]]                       $ticket_salt                      = 'TicketSalt',
-  Optional[Variant[String, Sensitive[String]]]             $ticket_id                        = undef,
+  Stdlib::Port                                             $ca_port                          = 5665,
+  Icinga::Secret                                           $ticket_salt                      = 'TicketSalt',
+  Optional[Icinga::Secret]                                 $ticket_id                        = undef,
   Hash[String, Hash]                                       $endpoints                        = { 'NodeName' => {} },
   Hash[String, Hash]                                       $zones                            = { 'ZoneName' => { endpoints => ['NodeName'] } },
-  Optional[Stdlib::Base64]                                 $ssl_key                          = undef,
-  Optional[Stdlib::Base64]                                 $ssl_cert                         = undef,
-  Optional[Stdlib::Base64]                                 $ssl_cacert                       = undef,
+  Optional[Icinga::Secret]                                 $ssl_key                          = undef,
+  Optional[String]                                         $ssl_cert                         = undef,
+  Optional[String]                                         $ssl_cacert                       = undef,
   Optional[Enum['TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3']] $ssl_protocolmin                  = undef,
   Optional[Icinga2::Interval]                              $ssl_handshake_timeout            = undef,
   Optional[Icinga2::Interval]                              $connect_timeout                  = undef,
   Optional[String]                                         $ssl_cipher_list                  = undef,
   Optional[Stdlib::Host]                                   $bind_host                        = undef,
-  Optional[Stdlib::Port::Unprivileged]                     $bind_port                        = undef,
+  Optional[Stdlib::Port]                                   $bind_port                        = undef,
   Optional[Array[Enum['GET', 'POST', 'PUT', 'DELETE']]]    $access_control_allow_methods     = undef,
   Optional[Array[String]]                                  $access_control_allow_origin      = undef,
   Optional[Boolean]                                        $access_control_allow_credentials = undef,

diff --git a/manifests/feature/elasticsearch.pp b/manifests/feature/elasticsearch.pp
@@ -62,24 +62,24 @@
 #   Enable the high availability functionality. Only valid in a cluster setup.
 #
 class icinga2::feature::elasticsearch (
-  Enum['absent', 'present']                     $ensure               = present,
-  Optional[Stdlib::Host]                        $host                 = undef,
-  Optional[Stdlib::Port::Unprivileged]          $port                 = undef,
-  Optional[String]                              $index                = undef,
-  Optional[String]                              $username             = undef,
-  Optional[Variant[String, Sensitive[String]]]  $password             = undef,
-  Optional[Boolean]                             $enable_ssl           = undef,
-  Optional[Boolean]                             $ssl_noverify         = undef,
-  Optional[Stdlib::Absolutepath]                $ssl_key_path         = undef,
-  Optional[Stdlib::Absolutepath]                $ssl_cert_path        = undef,
-  Optional[Stdlib::Absolutepath]                $ssl_cacert_path      = undef,
-  Optional[Variant[String, Sensitive[String]]]  $ssl_key              = undef,
-  Optional[String]                              $ssl_cert             = undef,
-  Optional[String]                              $ssl_cacert           = undef,
-  Optional[Boolean]                             $enable_send_perfdata = undef,
-  Optional[Icinga2::Interval]                   $flush_interval       = undef,
-  Optional[Integer]                             $flush_threshold      = undef,
-  Optional[Boolean]                             $enable_ha            = undef,
+  Enum['absent', 'present']      $ensure               = present,
+  Optional[Stdlib::Host]         $host                 = undef,
+  Optional[Stdlib::Port]         $port                 = undef,
+  Optional[String]               $index                = undef,
+  Optional[String]               $username             = undef,
+  Optional[Icinga::Secret]       $password             = undef,
+  Optional[Boolean]              $enable_ssl           = undef,
+  Optional[Boolean]              $ssl_noverify         = undef,
+  Optional[Stdlib::Absolutepath] $ssl_key_path         = undef,
+  Optional[Stdlib::Absolutepath] $ssl_cert_path        = undef,
+  Optional[Stdlib::Absolutepath] $ssl_cacert_path      = undef,
+  Optional[Icinga::Secret]       $ssl_key              = undef,
+  Optional[String]               $ssl_cert             = undef,
+  Optional[String]               $ssl_cacert           = undef,
+  Optional[Boolean]              $enable_send_perfdata = undef,
+  Optional[Icinga2::Interval]    $flush_interval       = undef,
+  Optional[Integer]              $flush_threshold      = undef,
+  Optional[Boolean]              $enable_ha            = undef,
 ) {
   if ! defined(Class['icinga2']) {
     fail('You must include the icinga2 base class before using any icinga2 feature class!')