Merge pull request #477 from Mayflower/master

handle mysql compiled without ssl

Author: igalic

manifests/params.pp

@@ -212,6 +212,7 @@
       'ssl-ca'                => $mysql::params::ssl_ca,
       'ssl-cert'              => $mysql::params::ssl_cert,
       'ssl-key'               => $mysql::params::ssl_key,
+      'ssl-disable'           => false,
       'thread_cache_size'     => '8',
       'thread_stack'          => '256K',
       'tmpdir'                => $mysql::params::tmpdir,

manifests/server/config.pp

@@ -27,4 +27,10 @@
       mode    => '0644',
     }
   }
+
+  if $options['mysqld']['ssl-disable'] {
+    notify {'ssl-disable':
+      message =>'Disabling SSL is evil! You should never ever do this except if you are forced to use a mysql version compiled without SSL support'
+    }
+  }
 }

spec/classes/mysql_server_spec.rb

@@ -56,6 +56,15 @@
     it { should contain_class('mysql::server::account_security') }
   end
 
+  describe 'possibility of disabling ssl completely' do
+    let(:params) {
+      { :override_options => { 'mysqld' => { 'ssl' => true, 'ssl-disable' => true } }}
+    }
+    it do
+      should contain_file('/etc/my.cnf').without_content(/^\s*ssl\s*(?:$|= true)/m)
+    end
+  end
+
   context 'mysql::server::install' do
     let(:params) {{ :package_ensure => 'present', :name => 'mysql-server' }}
     it do

templates/my.cnf.erb

@@ -2,7 +2,9 @@
 <%   if v.is_a?(Hash) -%>
 [<%=   k %>]
 <%     v.sort.map do |ki, vi| -%>
-<%       if vi == true or v == '' -%>
+<%       if ki =~ /^ssl/ and v['ssl-disable'] == true -%>
+<%         next %>
+<%       elsif vi == true or v == '' -%>
 <%=        ki %>
 <%       elsif vi.is_a?(Array) -%>
 <%         vi.each do |vii| -%>