Drop deployment ability of providers and RPM support

Author: ehelms

lib/puppet/provider/ca/katello_ssl_tool.rb

@@ -6,55 +6,19 @@
   protected
 
   def generate!
-    if existing_pubkey
-      FileUtils.mkdir_p(build_path)
-      FileUtils.cp(existing_pubkey, build_path(File.basename(pubkey)))
-      katello_ssl_tool('--gen-ca',
-                       '--dir', resource[:build_dir],
-                       '--ca-cert-dir', target_path('certs'),
-                       '--ca-cert', File.basename(pubkey),
-                       '--ca-cert-rpm', rpmfile_base_name,
-                       '--rpm-only')
-    else
-      katello_ssl_tool('--gen-ca',
-                       '--dir', resource[:build_dir],
-                       '-p', "file:#{resource[:password_file]}",
-                       '--force',
-                       '--ca-cert-dir', target_path('certs'),
-                       '--set-common-name', resource[:common_name],
-                       '--ca-cert', File.basename(pubkey),
-                       '--ca-key', File.basename(privkey),
-                       '--ca-cert-rpm', rpmfile_base_name,
-                       *common_args)
+    katello_ssl_tool(
+      '--gen-ca',
+      '--dir', resource[:build_dir],
+      '--password', "file:#{resource[:password_file]}",
+      '--force',
+      '--ca-cert-dir', resource[:build_dir],
+      '--set-common-name', resource[:common_name],
+      '--ca-cert', File.basename(pubkey),
+      '--ca-key', File.basename(privkey),
+      '--no-rpm',
+      *common_args
+    )
 
-    end
     super
   end
-
-  def existing_pubkey
-    if resource[:ca]
-      ca_details[:pubkey]
-    elsif resource[:custom_pubkey]
-      resource[:custom_pubkey]
-    end
-  end
-
-  def deploy!
-    if File.exist?(rpmfile)
-      # the rpm is available locally on the file system
-      rpm('-Uvh', '--force', rpmfile)
-    else
-      # we search the rpm in yum repo
-      yum("install", "-y", rpmfile_base_name)
-    end
-  end
-
-  def files_to_deploy
-    [pubkey]
-  end
-
-  def self.privkey(name)
-    build_path("#{name}.key")
-  end
-
 end

lib/puppet/provider/cert/katello_ssl_tool.rb

@@ -10,27 +10,15 @@ def generate!
               '--server-cert', File.basename(pubkey),
               '--server-cert-req', File.basename(req_file),
               '--server-key', File.basename(privkey),
-              '--server-rpm', rpmfile_base_name ]
+              '--no-rpm' ]
 
-    if resource[:custom_pubkey]
-      FileUtils.mkdir_p(build_path)
-      FileUtils.cp(resource[:custom_pubkey], build_path(File.basename(pubkey)))
-      FileUtils.cp(resource[:custom_privkey], build_path(File.basename(privkey)))
-      if resource[:custom_req]
-        FileUtils.cp(resource[:custom_req], build_path(File.basename(req_file)))
-      else
-        File.open(build_path(File.basename(req_file)), 'w') { |f| f.write('') }
-      end
-      args << '--rpm-only'
-    else
-      resource[:common_name] ||= resource[:hostname]
-      args.concat(['-p', "file:#{resource[:password_file]}",
-                   '--set-hostname', resource[:hostname],
-                   '--set-common-name', resource[:common_name],
-                   '--ca-cert', ca_details[:pubkey],
-                   '--ca-key', ca_details[:privkey]])
-      args.concat(common_args)
-    end
+    resource[:common_name] ||= resource[:hostname]
+    args.concat(['--password', "file:#{resource[:password_file]}",
+                 '--set-hostname', resource[:hostname],
+                 '--set-common-name', resource[:common_name],
+                 '--ca-cert', ca_details[:pubkey],
+                 '--ca-key', ca_details[:privkey]])
+    args.concat(common_args)
 
     if resource[:cname]
       if resource[:cname].is_a?(String)
@@ -47,10 +35,6 @@ def generate!
   protected
 
   def req_file
-    "#{self.pubkey}.req"
-  end
-
-  def build_path(file_name = '')
-    self.class.build_path(File.join(resource[:hostname], file_name))
+    "#{pubkey}.req"
   end
 end

lib/puppet/provider/katello_ssl_tool.rb

@@ -5,43 +5,24 @@ class Cert < Puppet::Provider
 
     initvars
 
-    commands :rpm => 'rpm'
-    commands :yum => 'yum'
     commands :katello_ssl_tool_command => 'katello-ssl-tool'
 
     def exists?
-      ! generate? && ! deploy?
+      !generate?
     end
 
     def create
       generate! if generate?
-      deploy!   if deploy?
     end
 
     def destroy
-      files_to_deploy.each do |file|
-        FileUtils.rm_f(file)
-      end
-
-      output = execute([:rpm, '-q', rpmfile_base_name], failonfail: false)
-      if output.exitstatus == 0
-        rpm('-e', rpmfile_base_name)
-      end
-    end
-
-    def self.details(cert_name)
-      details = { :pubkey  => pubkey(cert_name),
-                  :privkey   => privkey(cert_name) }
-
-      return details
     end
 
-    def self.pubkey(name)
-      target_path("certs/#{name}.crt")
-    end
-
-    def self.privkey(name)
-      target_path("private/#{name}.key")
+    def details(cert_name)
+      return {
+        :pubkey  => pubkey(cert_name),
+        :privkey => privkey(cert_name)
+      }
     end
 
     protected
@@ -59,49 +40,12 @@ def generate!
     def generate?
       return false unless resource[:generate]
       return true if resource[:regenerate]
-      return true if File.exist?(update_file)
-      return files_to_generate.any? { |file| ! File.exist?(file) }
+      return true if File.exists?(update_file)
+      return true unless (File.exist?(pubkey) && File.exist?(privkey))
     end
 
-    def files_to_generate
-      [rpmfile]
-    end
-
-    def deploy?
-      return false unless resource[:deploy]
-      return true if resource[:regenerate]
-      return true if files_to_deploy.any? { |file| ! File.exist?(file) }
-      return true if needs_deploy?
-    end
-
-    def files_to_deploy
-      [pubkey, privkey]
-    end
-
-    def deploy!
-      if File.exist?(rpmfile)
-        if(system("rpm -q #{rpmfile_base_name} &>/dev/null"))
-          rpm('-e', rpmfile_base_name)
-        end
-        rpm('-Uvh', '--force', rpmfile)
-      else
-        # we search the rpm in yum repo
-        yum("install", "-y", rpmfile_base_name)
-      end
-    end
-
-    def needs_deploy?
-      if File.exist?(rpmfile)
-        # the installed version doesn't match the rpmfile
-        !system("rpm --verify -p #{rpmfile} &>/dev/null")
-      else
-        `yum check-update #{rpmfile_base_name} &>/dev/null`
-        $?.exitstatus == 100
-      end
-    end
-
-    def version_from_name(rpmname)
-      rpmname.scan(/\d+/).map(&:to_i)
+    def update_file
+      build_path("#{resource[:name]}.update")
     end
 
     def common_args
@@ -114,56 +58,29 @@ def common_args
        '--cert-expiration', resource[:expiration]]
     end
 
-    def rpmfile
-      path = self.build_path("#{rpmfile_base_name}")
-      path = path + "-[0-9].*" + "noarch.rpm"
-
-      rpmfile = Dir[path].max_by do |file|
-        version_from_name(file)
-      end
-
-      rpmfile ||= self.build_path("#{rpmfile_base_name}.noarch.rpm")
-      return rpmfile
-    end
-
-    # file that indicates that a new version of the rpm should be updated
-    def update_file
-      self.build_path("#{rpmfile_base_name}.update")
-    end
-
-    def rpmfile_base_name
-      resource[:name]
-    end
-
-    def pubkey
-      self.class.pubkey(resource[:name])
-    end
-
-    def privkey
-      self.class.privkey(resource[:name])
+    def pubkey(cert_name = resource[:name])
+      build_path("#{cert_name}.crt")
     end
 
-    def target_path(file_name = '')
-      self.class.target_path(file_name)
-    end
-
-    def self.target_path(file_name = '')
-      File.join("/etc/pki/katello-certs-tools", file_name)
+    def privkey(key_name = resource[:name])
+      build_path("#{key_name}.key")
     end
 
     def build_path(file_name = '')
-      self.class.build_path(file_name)
-    end
+      path = resource[:build_dir]
+
+      if resource.to_hash.key?(:hostname)
+        path = "#{path}/#{resource[:hostname]}"
+      end
 
-    def self.build_path(file_name = '')
-      File.join("/root/ssl-build", file_name)
+      File.join(path, file_name)
     end
 
     def ca_details
       return @ca_details if defined? @ca_details
       if ca_resource = resource.catalog.resource(@resource[:ca].to_s)
         name = ca_resource.to_hash[:name]
-        @ca_details = Puppet::Provider::KatelloSslTool::Cert.details(name)
+        @ca_details = details(name)
       else
         raise 'Wanted to generate cert without ca specified'
       end
@@ -221,7 +138,7 @@ def cert_details
       return @cert_details if defined? @cert_details
       if cert_resource = resource.catalog.resource(@resource[:key_pair].to_s)
         name = cert_resource.to_hash[:name]
-        @cert_details = Puppet::Provider::KatelloSslTool::Cert.details(name)
+        @cert_details = details(name)
       else
         raise 'Cert or Ca was not specified'
       end

lib/puppet_x/certs/common.rb

@@ -10,12 +10,6 @@ module Common
 
         newparam(:name, :namevar => true)
 
-        newparam(:custom_pubkey)
-
-        newparam(:custom_privkey)
-
-        newparam(:custom_req)
-
         newparam(:common_name)
 
         newparam(:cname)
@@ -38,8 +32,6 @@ module Common
 
         newparam(:regenerate)
 
-        newparam(:deploy)
-
         newparam(:password_file)
 
         newparam(:build_dir) do

manifests/apache.pp

@@ -102,7 +102,6 @@
       ca            => $certs::default_ca,
       generate      => $generate,
       regenerate    => $regenerate,
-      deploy        => false,
       password_file => $ca_key_password_file,
       build_dir     => $certs::ssl_build_dir,
     }

manifests/ca.pp

@@ -45,11 +45,9 @@
     org_unit      => $org_unit,
     expiration    => $ca_expiration,
     generate      => $generate,
-    deploy        => false,
     password_file => $ca_key_password_file,
     build_dir     => $certs::ssl_build_dir,
   }
-  $default_ca = Ca[$default_ca_name]
 
   if $certs::server_ca_cert {
     file { $server_ca_path:

manifests/candlepin.pp

@@ -42,7 +42,6 @@
     ca            => $certs::default_ca,
     generate      => $generate,
     regenerate    => $regenerate,
-    deploy        => false,
     password_file => $ca_key_password_file,
     build_dir     => $certs::ssl_build_dir,
   }
@@ -62,7 +61,6 @@
     ca            => $certs::default_ca,
     generate      => $generate,
     regenerate    => $regenerate,
-    deploy        => false,
     password_file => $ca_key_password_file,
     build_dir     => $certs::ssl_build_dir,
   }

manifests/foreman.pp

@@ -36,7 +36,6 @@
     ca            => $certs::default_ca,
     generate      => $generate,
     regenerate    => $regenerate,
-    deploy        => false,
     password_file => $ca_key_password_file,
     build_dir     => $certs::ssl_build_dir,
   }

manifests/foreman_proxy.pp

@@ -71,7 +71,6 @@
       ca            => $certs::default_ca,
       generate      => $generate,
       regenerate    => $regenerate,
-      deploy        => false,
       password_file => $ca_key_password_file,
       build_dir     => $certs::ssl_build_dir,
     }
@@ -93,7 +92,6 @@
     ca            => $certs::default_ca,
     generate      => $generate,
     regenerate    => $regenerate,
-    deploy        => false,
     password_file => $ca_key_password_file,
     build_dir     => $certs::ssl_build_dir,
   }

manifests/init.pp

@@ -123,5 +123,5 @@
   Class['certs::config'] ->
   Class['certs::ca']
 
-  $default_ca = $certs::ca::default_ca
+  $default_ca = Ca[$default_ca_name]
 }