Skip to content

Commit

Permalink
Drop deployment ability of providers and RPM support
Browse files Browse the repository at this point in the history
  • Loading branch information
ehelms committed Jan 23, 2024
1 parent a4e526c commit 8d7e10c
Show file tree
Hide file tree
Showing 14 changed files with 29 additions and 145 deletions.
29 changes: 2 additions & 27 deletions lib/puppet/provider/ca/katello_ssl_tool.rb
Original file line number Diff line number Diff line change
Expand Up @@ -9,22 +9,16 @@ def generate!
if existing_pubkey
FileUtils.mkdir_p(build_path)
FileUtils.cp(existing_pubkey, build_path(File.basename(pubkey)))
katello_ssl_tool('--gen-ca',
'--dir', resource[:build_dir],
'--ca-cert-dir', target_path('certs'),
'--ca-cert', File.basename(pubkey),
'--ca-cert-rpm', rpmfile_base_name,
'--rpm-only')
else
katello_ssl_tool('--gen-ca',
'--dir', resource[:build_dir],
'-p', "file:#{resource[:password_file]}",
'--force',
'--ca-cert-dir', target_path('certs'),
'--ca-cert-dir', resource[:build_dir],
'--set-common-name', resource[:common_name],
'--ca-cert', File.basename(pubkey),
'--ca-key', File.basename(privkey),
'--ca-cert-rpm', rpmfile_base_name,
'--no-rpm',
*common_args)

end
Expand All @@ -38,23 +32,4 @@ def existing_pubkey
resource[:custom_pubkey]
end
end

def deploy!
if File.exist?(rpmfile)
# the rpm is available locally on the file system
rpm('-Uvh', '--force', rpmfile)
else
# we search the rpm in yum repo
yum("install", "-y", rpmfile_base_name)
end
end

def files_to_deploy
[pubkey]
end

def self.privkey(name)
build_path("#{name}.key")
end

end
5 changes: 2 additions & 3 deletions lib/puppet/provider/cert/katello_ssl_tool.rb
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ def generate!
'--server-cert', File.basename(pubkey),
'--server-cert-req', File.basename(req_file),
'--server-key', File.basename(privkey),
'--server-rpm', rpmfile_base_name ]
'--no-rpm' ]

if resource[:custom_pubkey]
FileUtils.mkdir_p(build_path)
Expand All @@ -21,7 +21,6 @@ def generate!
else
File.open(build_path(File.basename(req_file)), 'w') { |f| f.write('') }
end
args << '--rpm-only'
else
resource[:common_name] ||= resource[:hostname]
args.concat(['-p', "file:#{resource[:password_file]}",
Expand All @@ -47,7 +46,7 @@ def generate!
protected

def req_file
"#{self.pubkey}.req"
"#{pubkey}.req"
end

def build_path(file_name = '')
Expand Down
122 changes: 23 additions & 99 deletions lib/puppet/provider/katello_ssl_tool.rb
Original file line number Diff line number Diff line change
Expand Up @@ -5,43 +5,25 @@ class Cert < Puppet::Provider

initvars

commands :rpm => 'rpm'
commands :yum => 'yum'
commands :katello_ssl_tool_command => 'katello-ssl-tool'

def exists?
! generate? && ! deploy?
!generate?
end

def create
generate! if generate?
deploy! if deploy?
end

def destroy
files_to_deploy.each do |file|
FileUtils.rm_f(file)
end

output = execute([:rpm, '-q', rpmfile_base_name], failonfail: false)
if output.exitstatus == 0
rpm('-e', rpmfile_base_name)
end
end

def self.details(cert_name)
details = { :pubkey => pubkey(cert_name),
:privkey => privkey(cert_name) }

return details
end

def self.pubkey(name)
target_path("certs/#{name}.crt")
end

def self.privkey(name)
target_path("private/#{name}.key")
def details(cert_name)
return {
:pubkey => pubkey(cert_name),
:privkey => privkey(cert_name)
}
end

protected
Expand All @@ -59,49 +41,12 @@ def generate!
def generate?
return false unless resource[:generate]
return true if resource[:regenerate]
return true if File.exist?(update_file)
return files_to_generate.any? { |file| ! File.exist?(file) }
end

def files_to_generate
[rpmfile]
end

def deploy?
return false unless resource[:deploy]
return true if resource[:regenerate]
return true if files_to_deploy.any? { |file| ! File.exist?(file) }
return true if needs_deploy?
end

def files_to_deploy
[pubkey, privkey]
end

def deploy!
if File.exist?(rpmfile)
if(system("rpm -q #{rpmfile_base_name} &>/dev/null"))
rpm('-e', rpmfile_base_name)
end
rpm('-Uvh', '--force', rpmfile)
else
# we search the rpm in yum repo
yum("install", "-y", rpmfile_base_name)
end
end

def needs_deploy?
if File.exist?(rpmfile)
# the installed version doesn't match the rpmfile
!system("rpm --verify -p #{rpmfile} &>/dev/null")
else
`yum check-update #{rpmfile_base_name} &>/dev/null`
$?.exitstatus == 100
end
return true if File.exists?(update_file)
return true unless (File.exist?(pubkey) && File.exist?(privkey))
end

def version_from_name(rpmname)
rpmname.scan(/\d+/).map(&:to_i)
def update_file
build_path("#{resource[:name]}.update")
end

def common_args
Expand All @@ -114,41 +59,20 @@ def common_args
'--cert-expiration', resource[:expiration]]
end

def rpmfile
path = self.build_path("#{rpmfile_base_name}")
path = path + "-[0-9].*" + "noarch.rpm"

rpmfile = Dir[path].max_by do |file|
version_from_name(file)
def pubkey(cert_name = resource[:name])
if resource.to_hash.key?(:hostname)
"#{resource[:build_dir]}/#{resource[:hostname]}/#{cert_name}.crt"
else
"#{resource[:build_dir]}/#{cert_name}.crt"
end

rpmfile ||= self.build_path("#{rpmfile_base_name}.noarch.rpm")
return rpmfile
end

# file that indicates that a new version of the rpm should be updated
def update_file
self.build_path("#{rpmfile_base_name}.update")
end

def rpmfile_base_name
resource[:name]
end

def pubkey
self.class.pubkey(resource[:name])
end

def privkey
self.class.privkey(resource[:name])
end

def target_path(file_name = '')
self.class.target_path(file_name)
end

def self.target_path(file_name = '')
File.join("/etc/pki/katello-certs-tools", file_name)
def privkey(key_name = resource[:name])
if resource.to_hash.key?(:hostname)
"#{resource[:build_dir]}/#{resource[:hostname]}/#{key_name}.key"
else
"#{resource[:build_dir]}/#{key_name}.key"
end
end

def build_path(file_name = '')
Expand All @@ -163,7 +87,7 @@ def ca_details
return @ca_details if defined? @ca_details
if ca_resource = resource.catalog.resource(@resource[:ca].to_s)
name = ca_resource.to_hash[:name]
@ca_details = Puppet::Provider::KatelloSslTool::Cert.details(name)
@ca_details = details(name)
else
raise 'Wanted to generate cert without ca specified'
end
Expand Down Expand Up @@ -221,7 +145,7 @@ def cert_details
return @cert_details if defined? @cert_details
if cert_resource = resource.catalog.resource(@resource[:key_pair].to_s)
name = cert_resource.to_hash[:name]
@cert_details = Puppet::Provider::KatelloSslTool::Cert.details(name)
@cert_details = details(name)
else
raise 'Cert or Ca was not specified'
end
Expand Down
2 changes: 0 additions & 2 deletions lib/puppet_x/certs/common.rb
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,6 @@ module Common

newparam(:regenerate)

newparam(:deploy)

newparam(:password_file)

newparam(:build_dir) do
Expand Down
1 change: 0 additions & 1 deletion manifests/apache.pp
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,6 @@
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
} ->
Expand Down
4 changes: 1 addition & 3 deletions manifests/ca.pp
Original file line number Diff line number Diff line change
Expand Up @@ -45,16 +45,14 @@
org_unit => $org_unit,
expiration => $ca_expiration,
generate => $generate,
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
}
$default_ca = Ca[$default_ca_name]

if $certs::server_ca_cert {
file { $server_ca_path:
ensure => file,
source => "${certs::server_ca_cert}",
source => $certs::server_ca_cert,
owner => 'root',
group => 'root',
mode => '0644',
Expand Down
2 changes: 0 additions & 2 deletions manifests/candlepin.pp
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
}
Expand All @@ -62,7 +61,6 @@
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
}
Expand Down
1 change: 0 additions & 1 deletion manifests/foreman.pp
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
}
Expand Down
2 changes: 0 additions & 2 deletions manifests/foreman_proxy.pp
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,6 @@
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
} ->
Expand All @@ -95,7 +94,6 @@
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
}
Expand Down
2 changes: 1 addition & 1 deletion manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -123,5 +123,5 @@
Class['certs::config'] ->
Class['certs::ca']

$default_ca = $certs::ca::default_ca
$default_ca = Ca[$default_ca_name]
}
1 change: 0 additions & 1 deletion manifests/puppet.pp
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
}
Expand Down
1 change: 0 additions & 1 deletion manifests/qpid.pp
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
}
Expand Down
1 change: 0 additions & 1 deletion manifests/qpid_router/client.pp
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
deploy => false,
purpose => 'client',
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
Expand Down
1 change: 0 additions & 1 deletion manifests/qpid_router/server.pp
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
deploy => false,
purpose => 'server',
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
Expand Down

0 comments on commit 8d7e10c

Please sign in to comment.