Revert "code/environments/production/modules: Add ca_extend module instead."

This reverts commit eff99e3e61f4e216b055a805002f5ece8567a915.

10 files changed, 0 insertions, 190 deletions

diff --git a/code/environments/production/modules/ca_extend/tasks/check_agent_expiry.json b/code/environments/production/modules/ca_extend/tasks/check_agent_expiry.json
deleted file mode 100644
index a3792cd..0000000
--- a/code/environments/production/modules/ca_extend/tasks/check_agent_expiry.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-  "description": "Check the expiration date of all agent certificates",
-  "parameters": {
-    "date": {
-      "description": "YYYY-MM-DD date to test whether the certificates will expire by. Defaults to three months from today",
-      "type": "Optional[String[1]]"
-    }
-  },
-
-  "implementations": [
-    {"name": "check_agent_expiry.sh", "requirements": ["shell"], "files": ["ca_extend/files/common.sh"], "input_method": "environment"}
-  ]
-}
diff --git a/code/environments/production/modules/ca_extend/tasks/check_agent_expiry.sh b/code/environments/production/modules/ca_extend/tasks/check_agent_expiry.sh
deleted file mode 100644
index 780f4a6..0000000
--- a/code/environments/production/modules/ca_extend/tasks/check_agent_expiry.sh
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/bash
-
-declare PT__installdir
-# shellcheck disable=SC1090
-source "$PT__installdir/ca_extend/files/common.sh"
-PUPPET_BIN='/opt/puppetlabs/puppet/bin'
-
-valid=()
-expired=()
-
-to_date="${date:-+3 months}"
-to_date="$(date --date="$to_date" +"%s")" || fail "Error calculating date"
-
-# It's possible that we are not on a Puppet AIO system. If we cannot find a
-# openssl binary in the AIO directory, we accept one in $PATH
-if [ "$(command -v "${PUPPET_BIN}/openssl")" ]; then
-  openssl="${PUPPET_BIN}/openssl"
-else
-  openssl="$(command -v openssl)"
-fi
-
-shopt -s nullglob
-
-for f in "$($PUPPET_BIN/puppet config print signeddir)"/*; do
-  # The -checkend command in openssl takes a number of seconds as an argument
-  # However, on older versions we may overflow a 32 bit integer if we use that
-  # So, we'll use bash arithmetic and `date` to do the comparison
-  expiry_date="$(${openssl} x509 -enddate -noout -in "${f}")"
-  expiry_date="${expiry_date#*=}"
-  expiry_seconds="$(date --date="$expiry_date" +"%s")" || fail "Error calculating expiry date from enddate"
-
-  if (( to_date >= expiry_seconds )); then
-    expired+=("\"$f\"")
-  else
-    valid+=("\"$f\"")
-  fi
-done
-
-# This is ugly, we as of now we don't include jq binaries in Bolt
-# As long as there aren't weird characters in certnames it should be ok
-(IFS=,; printf '{"valid": [%s], "expiring": [%s]}' "${valid[*]}" "${expired[*]}")
diff --git a/code/environments/production/modules/ca_extend/tasks/check_ca_expiry.json b/code/environments/production/modules/ca_extend/tasks/check_ca_expiry.json
deleted file mode 100644
index 6eaee1c..0000000
--- a/code/environments/production/modules/ca_extend/tasks/check_ca_expiry.json
+++ /dev/null
@@ -1,17 +0,0 @@
-{
-  "description": "Check the expiration date of a CA certificate",
-  "parameters": {
-    "cert": {
-      "description": "Location of the CA certificate to check. Defaults to Puppet's default location",
-      "type": "Optional[String[1]]"
-    },
-    "date": {
-      "description": "YYYY-MM-DD date to test whether the certificate will expire by. Defaults to three months from today",
-      "type": "Optional[String[1]]"
-    }
-  },
-
-  "implementations": [
-    {"name": "check_ca_expiry.sh", "requirements": ["shell"], "files": ["ca_extend/files/common.sh"], "input_method": "environment"}
-  ]
-}
diff --git a/code/environments/production/modules/ca_extend/tasks/check_ca_expiry.sh b/code/environments/production/modules/ca_extend/tasks/check_ca_expiry.sh
deleted file mode 100644
index 5df1aa0..0000000
--- a/code/environments/production/modules/ca_extend/tasks/check_ca_expiry.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/bash
-
-declare PT__installdir
-# shellcheck disable=SC1090
-source "$PT__installdir/ca_extend/files/common.sh"
-PUPPET_BIN='/opt/puppetlabs/puppet/bin'
-
-cert="${cert:-/etc/puppetlabs/puppet/ssl/certs/ca.pem}"
-[[ -e $cert ]] || fail "cert $cert not found"
-
-to_date="${date:-+3 months}"
-to_date="$(date --date="$to_date" +"%s")" || fail "Error calculating date"
-
-# Sanity check that we're dealing with a valid cert
-"${PUPPET_BIN}/openssl" x509 -in "$cert" >/dev/null || fail "Error checking $cert"
-
-# The -checkend command in openssl takes a number of seconds as an argument
-# However, on older versions we may overflow a 32 bit integer if we use that
-# So, we'll use bash arithmetic and `date` to do the comparison
-expiry_date="$("${PUPPET_BIN}/openssl" x509 -enddate -noout -in "$cert")"
-expiry_date="${expiry_date#*=}"
-expiry_seconds="$(date --date="$expiry_date" +"%s")" || fail "Error calculating expiry date from enddate"
-
-if (( to_date >= expiry_seconds )); then
-  success "{ \"status\": \"will expire\", \"expiry date\": \"$expiry_date\" }"
-else
-  success "{ \"status\": \"valid\", \"expiry date\": \"$expiry_date\" }"
-fi
diff --git a/code/environments/production/modules/ca_extend/tasks/check_primary_cert.json b/code/environments/production/modules/ca_extend/tasks/check_primary_cert.json
deleted file mode 100644
index 3167d9a..0000000
--- a/code/environments/production/modules/ca_extend/tasks/check_primary_cert.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
-  "description": "Check the expiration date of the primary server cert",
-  "parameters": {},
-
-  "implementations": [
-    {"name": "check_primary_cert.sh", "requirements": ["shell"], "files": ["ca_extend/files/common.sh"], "input_method": "environment"}
-  ]
-}
diff --git a/code/environments/production/modules/ca_extend/tasks/check_primary_cert.sh b/code/environments/production/modules/ca_extend/tasks/check_primary_cert.sh
deleted file mode 100644
index 9a5f74e..0000000
--- a/code/environments/production/modules/ca_extend/tasks/check_primary_cert.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-
-declare PT__installdir
-# shellcheck disable=SC1090
-source "$PT__installdir/ca_extend/files/common.sh"
-PUPPET_BIN='/opt/puppetlabs/puppet/bin'
-
-hostcert="$($PUPPET_BIN/puppet config print hostcert)"
-[[ -e $hostcert ]] || fail "ERROR: primary server cert not found.  pass regen_primary_cert=true to the plan to regenerate it if needed."
-
-expiry_date="$($PUPPET_BIN/openssl x509 -enddate -noout -in "$hostcert")"
-expiry_date="${expiry_date#*=}"
-expiry_seconds="$(date --date="$expiry_date" +"%s")" || fail "Error calculating expiry date from enddate"
-
-if (( $(date +"%s") >= expiry_seconds )); then
-  fail "ERROR: the primary server certificate has expired.  Please pass regen_primary_cert=true to the plan to regenerate it."
-elif (( $(date --date="+3 months" +"%s") >= expiry_seconds )); then
-  success '{ "status": "warn", "message": "WARN: Primary cert expiring within 3 months. Either regenerate manually or pass regen_primary_cert=true to the plan to regenerate it." }'
-else
-  success '{ "status": "success", "message": "Primary cert ok" }'
-fi
diff --git a/code/environments/production/modules/ca_extend/tasks/configure_primary.json b/code/environments/production/modules/ca_extend/tasks/configure_primary.json
deleted file mode 100644
index 0520327..0000000
--- a/code/environments/production/modules/ca_extend/tasks/configure_primary.json
+++ /dev/null
@@ -1,17 +0,0 @@
-{
-  "description": "Backup ssldir and copy newly generated CA certificate",
-  "parameters": {
-    "new_cert": {
-      "description": "Location of the newly generated CA certificate",
-      "type": "String"
-    },
-    "regen_primary_cert": {
-      "description": "Flag to regerate the primary server's certificate.  Set to true to perform the regeneration",
-      "type": "Boolean"
-    }
-  },
-
-  "implementations": [
-    {"name": "configure_primary.sh", "requirements": ["shell"], "files": ["ca_extend/files/common.sh", "ca_extend/files/extend.sh"], "input_method": "environment"}
-  ]
-}
diff --git a/code/environments/production/modules/ca_extend/tasks/configure_primary.sh b/code/environments/production/modules/ca_extend/tasks/configure_primary.sh
deleted file mode 100644
index dd47f54..0000000
--- a/code/environments/production/modules/ca_extend/tasks/configure_primary.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/bash
-
-declare PT__installdir
-# shellcheck disable=SC1090
-source "$PT__installdir/ca_extend/files/common.sh"
-
-PUPPET_BIN='/opt/puppetlabs/puppet/bin'
-ssldir="$($PUPPET_BIN/puppet config print ssldir)"
-cadir="$($PUPPET_BIN/puppet config print cadir)"
-ca_dirs=("$ssldir" "$cadir")
-
-mkdir -p /var/puppetlabs/backups/
-cp -aR "$ssldir" /var/puppetlabs/backups || fail "Error backing up '/etc/puppetlabs/puppet/ssl'"
-
-# shellcheck disable=SC2154
-[[ $regen_primary_cert == "true" ]] && {
-  # add the command substitutions to get ssldir and cadir to an array
-  find "${ca_dirs[@]}" -name "$($PUPPET_BIN/puppet config print certname).pem" -delete
-}
-
-# shellcheck disable=SC2154
-cp "$new_cert" "${cadir}/ca_crt.pem" || fail "Error copying 'ca_crt.pem'"
-cp "$new_cert" "${ssldir}/certs/ca.pem" || fail "Error copying 'ca.pem'"
-
-PATH="${PATH}:/opt/puppetlabs/bin" puppet infrastructure configure --no-recover || fail "Error running 'puppet infrastructure configure'"
-
-success '{ "status": "success" }'
diff --git a/code/environments/production/modules/ca_extend/tasks/extend_ca_cert.json b/code/environments/production/modules/ca_extend/tasks/extend_ca_cert.json
deleted file mode 100644
index 825f323..0000000
--- a/code/environments/production/modules/ca_extend/tasks/extend_ca_cert.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  "description": "Extend CA certificate expiry date",
-  "implementations": [
-    {"name": "extend_ca_cert.sh", "requirements": ["shell"], "files": ["ca_extend/files/common.sh", "ca_extend/files/extend.sh"], "input_method": "environment"}
-  ]
-}
diff --git a/code/environments/production/modules/ca_extend/tasks/extend_ca_cert.sh b/code/environments/production/modules/ca_extend/tasks/extend_ca_cert.sh
deleted file mode 100755
index b5e1b16..0000000
--- a/code/environments/production/modules/ca_extend/tasks/extend_ca_cert.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
-declare PT__installdir
-# shellcheck disable=SC1090
-source "$PT__installdir/ca_extend/files/common.sh"
-
-echo "test" | base64 -w 0 - &>/dev/null || fail "This script requires a version of base64 with the -w flag"
-
-new_cert="$(bash "$PT__installdir/ca_extend/files/extend.sh")" || fail "Error extending CA certificate expiry date"
-contents="$(base64 -w 0 "$new_cert")" || fail "Error encoding CA certificate"
-
-success "{ \"status\": \"success\", \"new_cert\": \"$new_cert\", \"contents\": \"$contents\" }"