From 3f2643a8d0aff5b6f2a196e270e115be4a778c55 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Thu, 12 Sep 2024 21:10:41 +0200 Subject: [PATCH] Drop unused privkey, pubkey and key_bundle types & providers --- lib/puppet/provider/katello_ssl_tool.rb | 60 ---------------- .../provider/key_bundle/katello_ssl_tool.rb | 39 ----------- .../provider/privkey/katello_ssl_tool.rb | 37 ---------- .../provider/pubkey/katello_ssl_tool.rb | 20 ------ lib/puppet/type/key_bundle.rb | 14 ---- lib/puppet/type/privkey.rb | 10 --- lib/puppet/type/pubkey.rb | 10 --- lib/puppet_x/certs/common.rb | 68 ------------------- spec/types/key_bundle_spec.rb | 26 ------- spec/types/privkey_spec.rb | 26 ------- spec/types/pubkey_spec.rb | 26 ------- 11 files changed, 336 deletions(-) delete mode 100644 lib/puppet/provider/key_bundle/katello_ssl_tool.rb delete mode 100644 lib/puppet/provider/privkey/katello_ssl_tool.rb delete mode 100644 lib/puppet/provider/pubkey/katello_ssl_tool.rb delete mode 100644 lib/puppet/type/key_bundle.rb delete mode 100644 lib/puppet/type/privkey.rb delete mode 100644 lib/puppet/type/pubkey.rb delete mode 100644 spec/types/key_bundle_spec.rb delete mode 100644 spec/types/privkey_spec.rb delete mode 100644 spec/types/pubkey_spec.rb diff --git a/lib/puppet/provider/katello_ssl_tool.rb b/lib/puppet/provider/katello_ssl_tool.rb index 7dfd1ca7..0d5054e3 100644 --- a/lib/puppet/provider/katello_ssl_tool.rb +++ b/lib/puppet/provider/katello_ssl_tool.rb @@ -86,64 +86,4 @@ def ca_details end end end - - class CertFile < Puppet::Provider - - initvars - - commands :openssl => 'openssl' - - def exists? - return false unless File.exist?(resource[:path]) - return false unless File.exist?(source_path) - expected_content_processed == current_content - end - - def create - File.open(resource[:path], "w", mode) { |f| f << expected_content_processed } - end - - def destroy - FileUtils.rm_f(resource[:path]) - end - - protected - - def expected_content_processed - content = expected_content - if resource[:force_rsa] - content.gsub!(/(BEGIN|END) (PRIVATE KEY)/, '\1 RSA \2') - end - content - end - - def expected_content - File.read(source_path) - end - - def current_content - File.read(resource[:path]) - end - - # what path to copy from - def source_path - raise NotImplementedError - end - - def mode - 0644 - end - - def cert_details - return @cert_details if defined? @cert_details - if cert_resource = resource.catalog.resource(@resource[:key_pair].to_s) - name = cert_resource.to_hash[:name] - @cert_details = details(name) - else - raise 'Cert or Ca was not specified' - end - end - - end - end diff --git a/lib/puppet/provider/key_bundle/katello_ssl_tool.rb b/lib/puppet/provider/key_bundle/katello_ssl_tool.rb deleted file mode 100644 index 61838731..00000000 --- a/lib/puppet/provider/key_bundle/katello_ssl_tool.rb +++ /dev/null @@ -1,39 +0,0 @@ -require File.expand_path('../../katello_ssl_tool', __FILE__) - -Puppet::Type.type(:key_bundle).provide(:katello_ssl_tool, :parent => Puppet::Provider::KatelloSslTool::CertFile) do - - def exists? - return false unless File.exist?(resource[:path]) - return false unless File.exist?(privkey_source_path) - return false unless File.exist?(pubkey_source_path) - expected_content_processed == current_content - end - - protected - - def expected_content - [privkey, pubkey].join("\n") - end - - def pubkey - if resource[:strip] - # strips the textual info from the certificate file - openssl('x509', '-in', pubkey_source_path) - else - File.read(pubkey_source_path) - end - end - - def privkey - File.read(privkey_source_path) - end - - def privkey_source_path - resource[:privkey] || cert_details[:privkey] - end - - def pubkey_source_path - resource[:pubkey] || cert_details[:pubkey] - end - -end diff --git a/lib/puppet/provider/privkey/katello_ssl_tool.rb b/lib/puppet/provider/privkey/katello_ssl_tool.rb deleted file mode 100644 index cc8c4b05..00000000 --- a/lib/puppet/provider/privkey/katello_ssl_tool.rb +++ /dev/null @@ -1,37 +0,0 @@ -require File.expand_path('../../katello_ssl_tool', __FILE__) - -Puppet::Type.type(:privkey).provide(:katello_ssl_tool, :parent => Puppet::Provider::KatelloSslTool::CertFile) do - - protected - - def expected_content - if resource[:unprotect] - tmp_file = "#{source_path}.tmp" - begin - openssl('rsa', - '-in', source_path, - '-out', tmp_file, - '-passin', "file:#{resource[:password_file]}") - File.read(tmp_file) - ensure - FileUtils.rm_f(tmp_file) - end - else - super - end - end - - def source_path - key_pair = resource.catalog.resource(@resource[:key_pair].to_s) - if key_pair.type.to_s == 'cert' - cert_details[:privkey] - elsif key_pair.type.to_s == 'ca' - Puppet::Type::Ca::ProviderKatello_ssl_tool.privkey(key_pair.to_hash[:name]) - end - end - - def mode - 0400 - end - -end diff --git a/lib/puppet/provider/pubkey/katello_ssl_tool.rb b/lib/puppet/provider/pubkey/katello_ssl_tool.rb deleted file mode 100644 index 6b820a0e..00000000 --- a/lib/puppet/provider/pubkey/katello_ssl_tool.rb +++ /dev/null @@ -1,20 +0,0 @@ -require File.expand_path('../../katello_ssl_tool', __FILE__) - -Puppet::Type.type(:pubkey).provide(:katello_ssl_tool, :parent => Puppet::Provider::KatelloSslTool::CertFile) do - - protected - - def expected_content - if resource[:strip] - # strips the textual info from the certificate file - openssl('x509', '-in', source_path) - else - File.read(source_path) - end - end - - def source_path - cert_details[:pubkey] - end - -end diff --git a/lib/puppet/type/key_bundle.rb b/lib/puppet/type/key_bundle.rb deleted file mode 100644 index 097b7d6e..00000000 --- a/lib/puppet/type/key_bundle.rb +++ /dev/null @@ -1,14 +0,0 @@ -require_relative '../../puppet_x/certs/common' - -Puppet::Type.newtype(:key_bundle) do - desc 'Stores the public and private key in one file file on a location' - - instance_eval(&PuppetX::Certs::Common::FILE_COMMON_PARAMS) - - newparam(:pubkey) - - newparam(:privkey) - - # Whether to strip the certificate information from the pubkey - newparam(:strip) -end diff --git a/lib/puppet/type/privkey.rb b/lib/puppet/type/privkey.rb deleted file mode 100644 index 7ef9fa4d..00000000 --- a/lib/puppet/type/privkey.rb +++ /dev/null @@ -1,10 +0,0 @@ -require_relative '../../puppet_x/certs/common' - -Puppet::Type.newtype(:privkey) do - desc 'Stores the private key file in a location' - - instance_eval(&PuppetX::Certs::Common::FILE_COMMON_PARAMS) - - # to make the key unprotected by the passphrase - newparam(:unprotect) -end diff --git a/lib/puppet/type/pubkey.rb b/lib/puppet/type/pubkey.rb deleted file mode 100644 index 3285aa60..00000000 --- a/lib/puppet/type/pubkey.rb +++ /dev/null @@ -1,10 +0,0 @@ -require_relative '../../puppet_x/certs/common' - -Puppet::Type.newtype(:pubkey) do - desc 'Stores the public key file in a location' - - instance_eval(&PuppetX::Certs::Common::FILE_COMMON_PARAMS) - - # will generate a key with the certificate information stripped - newparam(:strip) -end diff --git a/lib/puppet_x/certs/common.rb b/lib/puppet_x/certs/common.rb index 10f508f4..60c390d8 100644 --- a/lib/puppet_x/certs/common.rb +++ b/lib/puppet_x/certs/common.rb @@ -67,74 +67,6 @@ module Common [self[:password_file]].compact end end - - FILE_COMMON_PARAMS = Proc.new do - ensurable - - newparam(:path, :namevar => true) do - isrequired - end - - newparam(:password_file) - - # ensure RSA string is present in -----(BEGIN/END) (RSA )?PRIVATE KEY----- - newparam(:force_rsa) - - # make ensure present default - define_method(:managed?) { true } - - newparam(:key_pair) do - isrequired - - validate do |value| - param_resource = resource.catalog.resource(value.to_s) - - if param_resource - param_resource_type = if param_resource.is_a?(Puppet::Resource) - param_resource.resource_type - else - param_resource.to_resource.resource_type - end - - unless ['Puppet::Type::Ca', 'Puppet::Type::Cert'].include?(param_resource_type.to_s) - raise ArgumentError, "Expected Ca or Cert resource, got #{param_resource_type} #{param_resource.inspect}" - end - end - end - end - - define_method(:autorequire_cert) do |type| - if @parameters.has_key?(:key_pair) - key_pair = catalog.resource(@parameters[:key_pair].value.to_s) - key_pair.to_hash[:name] if key_pair && key_pair.type == type - end - end - - autorequire(:cert) do - autorequire_cert('Cert') - end - - autorequire(:ca) do - autorequire_cert('Ca') - end - - # Autorequire the nearest ancestor directory found in the catalog. - # Copied from Puppet's lib/puppet/type/file.rb - autorequire(:file) do - req = [] - req << self[:password_file] if self[:password_file] - path = Pathname.new(self[:path]) - if !path.root? - # Start at our parent, to avoid autorequiring ourself - parents = path.parent.enum_for(:ascend) - found = parents.find { |p| catalog.resource(:file, p.to_s) } - if found - req << found.to_s - end - end - req - end - end end end end diff --git a/spec/types/key_bundle_spec.rb b/spec/types/key_bundle_spec.rb deleted file mode 100644 index 63a5094a..00000000 --- a/spec/types/key_bundle_spec.rb +++ /dev/null @@ -1,26 +0,0 @@ -require 'spec_helper' - -describe 'key_bundle' do - let(:title) { 'test-bundle' } - - it { is_expected.to be_valid_type.with_provider(:katello_ssl_tool) } - - describe 'autorequiring' do - before :each do - @catalog = Puppet::Resource::Catalog.new - end - - it "should autorequire files" do - @parent = Puppet::Type.type(:file).new(name: '/etc/pki/katello/bundles') - @catalog.add_resource @parent - - @resource = Puppet::Type.type(:key_bundle).new(name: title, path: '/etc/pki/katello/bundles/test-bundle.pem') - @catalog.add_resource @resource - - req = @resource.autorequire - expect(req.size).to eq(1) - expect(req[0].target).to eq(@resource) - expect(req[0].source).to eq(@parent) - end - end -end diff --git a/spec/types/privkey_spec.rb b/spec/types/privkey_spec.rb deleted file mode 100644 index 2d97d2b3..00000000 --- a/spec/types/privkey_spec.rb +++ /dev/null @@ -1,26 +0,0 @@ -require 'spec_helper' - -describe 'privkey' do - let(:title) { 'test-key' } - - it { is_expected.to be_valid_type.with_provider(:katello_ssl_tool) } - - describe 'autorequiring' do - before :each do - @catalog = Puppet::Resource::Catalog.new - end - - it "should autorequire files" do - @parent = Puppet::Type.type(:file).new(name: '/etc/pki/katello/private') - @catalog.add_resource @parent - - @resource = Puppet::Type.type(:privkey).new(name: title, path: '/etc/pki/katello/private/key.pem') - @catalog.add_resource @resource - - req = @resource.autorequire - expect(req.size).to eq(1) - expect(req[0].target).to eq(@resource) - expect(req[0].source).to eq(@parent) - end - end -end diff --git a/spec/types/pubkey_spec.rb b/spec/types/pubkey_spec.rb deleted file mode 100644 index 780b8d0f..00000000 --- a/spec/types/pubkey_spec.rb +++ /dev/null @@ -1,26 +0,0 @@ -require 'spec_helper' - -describe 'pubkey' do - let(:title) { 'test-pubkey' } - - it { is_expected.to be_valid_type.with_provider(:katello_ssl_tool) } - - describe 'autorequiring' do - before :each do - @catalog = Puppet::Resource::Catalog.new - end - - it "should autorequire files" do - @parent = Puppet::Type.type(:file).new(name: '/etc/pki/katello/private') - @catalog.add_resource @parent - - @resource = Puppet::Type.type(:pubkey).new(name: title, path: '/etc/pki/katello/private/key.pem') - @catalog.add_resource @resource - - req = @resource.autorequire - expect(req.size).to eq(1) - expect(req[0].target).to eq(@resource) - expect(req[0].source).to eq(@parent) - end - end -end