code/environments/production/modules: Drop certregen module again.

12 files changed, 0 insertions, 564 deletions

diff --git a/code/environments/production/modules/certregen/spec/acceptance/ca_spec.rb b/code/environments/production/modules/certregen/spec/acceptance/ca_spec.rb
deleted file mode 100644
index c9df863..0000000
--- a/code/environments/production/modules/certregen/spec/acceptance/ca_spec.rb
+++ /dev/null
@@ -1,60 +0,0 @@
-require 'spec_helper_acceptance'
-
-describe "puppet certregen ca" do
-  if hosts_with_role(hosts, 'master').length>0 then
-    context 'regen ca on master' do
-
-      context 'C99811 - without --ca_serial' do
-        it 'should provide ca serial id via stderr' do
-          on(master, puppet("certregen ca"), :acceptable_exit_codes => 1) do |result|
-            expect(result.stderr).to match(/rerun this command with --ca_serial ([0-9a-fA-F]+)/)
-          end
-        end
-      end
-
-      context "C99815 - 'puppet certregen ca --ca_serial'" do
-        before(:all) do
-          serial = get_ca_serial_id_on(master)
-          today = get_time_on(master)
-          @future = today + 5*YEAR
-          @regen_result = on(master, "puppet certregen ca --ca_serial #{serial}")
-        end
-        it 'should output the updated CA expiration date' do
-          expect(@regen_result.stdout).to match( /CA expiration is now #{@future.utc.strftime('%Y-%m-%d')}/ )
-        end
-        it 'should update CA cert enddate' do
-          enddate = get_ca_enddate_time_on(master)
-          expect(enddate - @future).to be < 10.0
-        end
-      end
-
-      context 'C99816 - invalid ca_serial id' do
-        it 'should yield an error' do
-          on(master, puppet("certregen ca --ca_serial FD"), :acceptable_exit_codes => 1) do |result|
-            expect(result.stderr).to match(/The serial number of the current CA certificate .* does not match the serial number given on the command line \(FD\)/)
-            expect(result.stderr).to match(/rerun this command with --ca_serial ([0-9a-fA-F]+)/)
-          end
-        end
-      end
-
-      context "C99817 - 'puppet certregen ca --ca_serial --ca_ttl 1d'" do
-        before(:all) do
-          today = get_time_on(master)
-          @tomorrow = today + 1*DAY
-
-          serial = get_ca_serial_id_on(master)
-          @regen_result = on(master, "puppet certregen ca --ca_serial #{serial} --ca_ttl 1d")
-        end
-
-        it 'should output the updated CA expiration date' do
-          expect(@regen_result.stdout).to match( /CA expiration is now #{@tomorrow.utc.strftime('%Y-%m-%d')}/ )
-        end
-        it 'should update CA cert enddate' do
-          enddate = get_ca_enddate_time_on(master)
-          expect(enddate - @tomorrow).to be < 10.0
-        end
-      end
-
-    end
-  end
-end
diff --git a/code/environments/production/modules/certregen/spec/acceptance/healthcheck_spec.rb b/code/environments/production/modules/certregen/spec/acceptance/healthcheck_spec.rb
deleted file mode 100644
index 387810d..0000000
--- a/code/environments/production/modules/certregen/spec/acceptance/healthcheck_spec.rb
+++ /dev/null
@@ -1,135 +0,0 @@
-require 'spec_helper_acceptance'
-require 'yaml'
-require 'json'
-
-describe "puppet certregen healthcheck" do
-  if hosts_with_role(hosts, 'master').length>0 then
-
-    context 'C99803 - cert with more than 10 percent of life' do
-      before(:all) do
-        serial = get_ca_serial_id_on(master)
-        on(master, "puppet certregen ca --ca_serial #{serial}")
-      end
-      it 'should not produce a health warning' do
-        on(master, "puppet certregen healthcheck") do |result|
-          expect(result.stderr).to be_empty
-          expect(result.stdout).to match(/No certificates are approaching expiration/)
-        end
-      end
-    end
-
-    context 'C99804 - cert with less than 10 percent of life' do
-      before(:all) do
-        serial = get_ca_serial_id_on(master)
-        # patch puppet to defeat copywrite date check when generating historical CA
-        patch_puppet_date_check_on(master)
-        @today = get_time_on(master)
-        # set back the clock in order to create a CA that will be approaching its EOL
-        past = @today - (5*YEAR - 20*DAY)
-        on(master, "date #{past.strftime('%m%d%H%M%Y')}")
-        # create old CA
-        on(master, "puppet certregen ca --ca_serial #{serial}")
-        # update to current time
-        on(master, "date #{@today.strftime('%m%d%H%M%Y')}")
-        # revert patch to defeat copywrite date check
-        patch_puppet_date_check_on(master, 'reverse')
-      end
-
-      it 'system should have current date' do
-        today = get_time_on(master)
-        expect(today.utc.strftime('%Y-%m-%d')).to eq @today.utc.strftime('%Y-%m-%d')
-      end
-
-      it 'should warn about pending expiration' do
-        enddate = get_ca_enddate_time_on(master)
-        on(master, "puppet certregen healthcheck") do |result|
-          expect(result.stdout).to match(/Status:\s+expiring/)
-          expect(result.stdout).to match(/Expiration date:\s+#{enddate.utc.strftime('%Y-%m-%d')}/)
-        end
-      end
-
-    end
-
-    context 'C99805 - expired cert' do
-      before(:all) do
-        serial = get_ca_serial_id_on(master)
-        on(master, "puppet certregen ca --ca_serial #{serial} --ca_ttl 1s")
-        sleep 2
-      end
-      it 'should produce a health warning' do
-        on(master, "puppet certregen healthcheck") do |result|
-          expect(result.stdout.gsub("\n", " ")).to match(/ca.*Status: expired/)
-        end
-      end
-    end
-
-    context '--all flag' do
-
-      context 'C99806 --all' do
-        before(:all) do
-          on(master, puppet("cert list --all")) do |result|
-            @certs = result.stdout.scan(/\) ([A-F0-9:]+) /)
-          end
-          @result = on(master, "puppet certregen healthcheck --all")
-        end
-        it 'should contain expiration data for ca cert' do
-          expect(@result.stdout).to match(/"ca".*\n\s*Status:\s*[Ee]xpir/)
-        end
-        it 'should contain expiration data for all node certs' do
-          @certs.each do |cert|
-            expect(@result.stdout).to include cert[0]
-          end
-        end
-      end
-
-      context '--render-as flag' do
-
-        context 'C99808 - --render-as yaml' do
-          before(:all) do
-            on(master, puppet("cert list --all")) do |result|
-              @certs = result.stdout.scan(/\) ([A-F0-9:]+) /)
-            end
-            @result = on(master, "puppet certregen healthcheck --all --render-as yaml")
-            @yaml = YAML.load(@result.stdout)
-          end
-          it 'should return valid yaml' do
-            expect(YAML.parse(@result.stdout)).to be_instance_of(Psych::Nodes::Document)
-          end
-          it 'should contain expiration data for ca cert' do
-            ca = @yaml.find { |record| record[:name] == 'ca' }
-            expect(ca).not_to be nil
-            expect(ca[:expiry][:status]).to eq(:expired)
-          end
-          it 'should contain expiration data for all node certs' do
-            @certs.each do |cert|
-              expect(@yaml.find { |record| record[:digest] =~ /#{cert[0]}/ }).not_to be nil
-            end
-          end
-        end
-
-        context 'C99809 - --render-as json prints valid json containing expiration data' do
-          before(:all) do
-            on(master, puppet("cert list --all")) do |result|
-              @certs = result.stdout.scan(/\) ([A-F0-9:]+) /)
-            end
-            @json = JSON.parse(on(master, "puppet certregen healthcheck --all --render-as json").stdout)
-          end
-          it 'should return valid json' do
-            expect(@json).not_to be nil
-          end
-          it 'should contain expiration data for ca cert' do
-            ca = @json.find { |record| record['name'] == 'ca' }
-            expect(ca).not_to be nil
-          end
-          it 'should contain expiration data for all node certs' do
-            @certs.each do |cert|
-              expect(@json.find { |record| record['digest'] =~ /#{cert[0]}/ }).not_to be nil
-            end
-          end
-        end
-
-      end
-    end
-
-  end
-end
diff --git a/code/environments/production/modules/certregen/spec/acceptance/help_spec.rb b/code/environments/production/modules/certregen/spec/acceptance/help_spec.rb
deleted file mode 100644
index 7d1e83d..0000000
--- a/code/environments/production/modules/certregen/spec/acceptance/help_spec.rb
+++ /dev/null
@@ -1,39 +0,0 @@
-require 'spec_helper_acceptance'
-
-describe "pupper help certregen" do
-  # NOTE: MODULES-4733 certregen is not currently compatible with ruby < 1.9
-  ruby_ver = 0
-  on(default, 'ruby --version') do |result|
-    m = /\d+\.\d+\.\d+/.match(result.stdout)
-    ruby_ver = m[0] if m
-  end
-  unless version_is_less(ruby_ver, '1.9') then
-    describe "C98923 - Verify that 'puppet certregen --help' prints help text" do
-      # NOTE: `--help` only works on puppet version 4+
-      if version_is_less( '3.9.9', on(default, puppet('--version')).stdout)
-        describe command("puppet certregen --help") do
-          its(:stdout) { should match( /.*USAGE: puppet certregen <action>.*/ ) }
-          its(:stdout) { should match( /.*See 'puppet man certregen' or 'man puppet-certregen' for full help.*/ ) }
-        end
-      end
-    end
-    describe "C99812 - Verify that 'puppet help certregen' prints help text" do
-        describe command("puppet help certregen") do
-          its(:stdout) { should match( /.*USAGE: puppet certregen <action>.*/ ) }
-          its(:stdout) { should match( /.*See 'puppet man certregen' or 'man puppet-certregen' for full help.*/ ) }
-        end
-    end
-    describe "C99813 - Verify that 'puppet help certregen healthcheck' prints help text for healthcheck subcommand" do
-        describe command("puppet help certregen healthcheck") do
-          its(:stdout) { should match( /.*USAGE: puppet certregen healthcheck .*/ ) }
-          its(:stdout) { should match( /.*See 'puppet man certregen' or 'man puppet-certregen' for full help.*/ ) }
-        end
-    end
-    describe "C99814 - Verify that 'puppet help certregen ca' prints help text for ca subcommand" do
-        describe command("puppet help certregen ca") do
-          its(:stdout) { should match( /.*USAGE: puppet certregen ca .*/ ) }
-          its(:stdout) { should match( /.*See 'puppet man certregen' or 'man puppet-certregen' for full help.*/ ) }
-        end
-    end
-  end
-end
diff --git a/code/environments/production/modules/certregen/spec/acceptance/helpers.rb b/code/environments/production/modules/certregen/spec/acceptance/helpers.rb
deleted file mode 100644
index dba7d81..0000000
--- a/code/environments/production/modules/certregen/spec/acceptance/helpers.rb
+++ /dev/null
@@ -1,83 +0,0 @@
-require 'openssl'
-
-# Time constants in seconds
-HOUR =  60 * 60
-DAY  =  24 * HOUR
-YEAR = 365 * DAY
-
-# Retrieve CA Certificate from the given host
-#
-# @param  [Host]           host   single Beaker::Host
-#
-# @return [OpenSSL::X509::Certificate]  Certificate object
-def get_ca_cert_on(host)
-  if host[:roles].include? 'master' then
-    dir = on(host, puppet('config', 'print', 'cadir')).stdout.chomp
-    ca_path = "#{dir}/ca_crt.pem"
-  else
-    dir = on(host, puppet('config', 'print', 'certdir')).stdout.chomp
-    ca_path = "#{dir}/ca.pem"
-  end
-  on(host, "cat #{ca_path}") do |result|
-    cert = OpenSSL::X509::Certificate.new(result.stdout)
-    return cert
-  end
-end
-
-# Execute `date` command on host with optional arguments
-# and get back a Ruby Time object
-#
-# @param [Host]            host   single Beaker::Host to run the command on
-# @param [Array<String>]   args   Array of arguments to be appended to the
-#                                 `date` command
-# @return [Time]    Ruby Time object
-def get_time_on(host, args = [])
-  arg_string = args.join(' ')
-  date = on(host, "date #{arg_string}").stdout.chomp
-  return Time.parse(date)
-end
-
-# Retrieve the CA enddate on a given host as a Ruby time object
-#
-# @param [Host]            host   single Beaker::Host to get CA enddate from
-#
-# @return [Time]    Ruby Time object, or nil if error
-def get_ca_enddate_time_on(host)
-  cert = get_ca_cert_on(host)
-  return cert.not_after if cert
-  return nil
-end
-
-# Retrieve the current ca_serial value for `puppet certgen ca` on a given host
-#
-# @param [Host]            host   single Beaker::Host to get ca_serial from
-#
-# @return [String]    ca_serial in hexadecimal, or nil if error
-def get_ca_serial_id_on(host)
-  cert = get_ca_cert_on(host)
-  return cert.serial.to_s(16) if cert
-  return nil
-end
-
-# Patch puppet to get around the date check validation.
-#
-# This method is used to patch puppet in order to prevent it from failing to
-# create a CA if the system clock is turned back in time by years. The same
-# method is used to reverse the patch with the `reverse` parameter.
-#
-# @param [Host]            host     single Beaker::Host to run the command on
-# @param [String]          reverse  causes the patch to be reversed
-def patch_puppet_date_check_on(host, reverse=nil)
-  reverse = '--reverse' if reverse
-  apply_manifest_on(host, 'package { "patch": ensure => present}')
-  interface_documentation_file = "/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/interface/documentation.rb"
-  patch =<<EOF
-305c305
-<           raise ArgumentError, "copyright with a year \#{fault} is very strange; did you accidentally add or subtract two years?"
----
->           #raise ArgumentError, "copyright with a year \#{fault} is very strange; did you accidentally add or subtract two years?"
-EOF
-  patch_file        = host.tmpfile('iface_doc_patch')
-  create_remote_file(host, patch_file, patch)
-  on(host, "patch #{reverse} #{interface_documentation_file} < #{patch_file}", :acceptable_exit_codes => [0,1])
-end
diff --git a/code/environments/production/modules/certregen/spec/acceptance/nodesets/centos-7-x64.yml b/code/environments/production/modules/certregen/spec/acceptance/nodesets/centos-7-x64.yml
deleted file mode 100644
index 5eebdef..0000000
--- a/code/environments/production/modules/certregen/spec/acceptance/nodesets/centos-7-x64.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-HOSTS:
-  centos-7-x64:
-    roles:
-      - agent
-      - default
-    platform: el-7-x86_64
-    hypervisor: vagrant
-    box: puppetlabs/centos-7.2-64-nocm
-CONFIG:
-  type: foss
diff --git a/code/environments/production/modules/certregen/spec/acceptance/nodesets/debian-8-x64.yml b/code/environments/production/modules/certregen/spec/acceptance/nodesets/debian-8-x64.yml
deleted file mode 100644
index fef6e63..0000000
--- a/code/environments/production/modules/certregen/spec/acceptance/nodesets/debian-8-x64.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-HOSTS:
-  debian-8-x64:
-    roles:
-      - agent
-      - default
-    platform: debian-8-amd64
-    hypervisor: vagrant
-    box: puppetlabs/debian-8.2-64-nocm
-CONFIG:
-  type: foss
diff --git a/code/environments/production/modules/certregen/spec/acceptance/nodesets/default.yml b/code/environments/production/modules/certregen/spec/acceptance/nodesets/default.yml
deleted file mode 100644
index dba339c..0000000
--- a/code/environments/production/modules/certregen/spec/acceptance/nodesets/default.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-HOSTS:
-  ubuntu-1404-x64:
-    roles:
-      - agent
-      - default
-    platform: ubuntu-14.04-amd64
-    hypervisor: vagrant
-    box: puppetlabs/ubuntu-14.04-64-nocm
-CONFIG:
-  type: foss
diff --git a/code/environments/production/modules/certregen/spec/acceptance/nodesets/docker/centos-7.yml b/code/environments/production/modules/certregen/spec/acceptance/nodesets/docker/centos-7.yml
deleted file mode 100644
index a3333aa..0000000
--- a/code/environments/production/modules/certregen/spec/acceptance/nodesets/docker/centos-7.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-HOSTS:
-  centos-7-x64:
-    platform: el-7-x86_64
-    hypervisor: docker
-    image: centos:7
-    docker_preserve_image: true
-    docker_cmd: '["/usr/sbin/init"]'
-    # install various tools required to get the image up to usable levels
-    docker_image_commands:
-      - 'yum install -y crontabs tar wget openssl sysvinit-tools iproute which initscripts'
-CONFIG:
-  trace_limit: 200
diff --git a/code/environments/production/modules/certregen/spec/acceptance/nodesets/docker/debian-8.yml b/code/environments/production/modules/certregen/spec/acceptance/nodesets/docker/debian-8.yml
deleted file mode 100644
index df5c319..0000000
--- a/code/environments/production/modules/certregen/spec/acceptance/nodesets/docker/debian-8.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-HOSTS:
-  debian-8-x64:
-    platform: debian-8-amd64
-    hypervisor: docker
-    image: debian:8
-    docker_preserve_image: true
-    docker_cmd: '["/sbin/init"]'
-    docker_image_commands:
-      - 'apt-get update && apt-get install -y net-tools wget locales strace lsof && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen'
-CONFIG:
-  trace_limit: 200
diff --git a/code/environments/production/modules/certregen/spec/acceptance/nodesets/docker/ubuntu-14.04.yml b/code/environments/production/modules/certregen/spec/acceptance/nodesets/docker/ubuntu-14.04.yml
deleted file mode 100644
index b1efa58..0000000
--- a/code/environments/production/modules/certregen/spec/acceptance/nodesets/docker/ubuntu-14.04.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-HOSTS:
-  ubuntu-1404-x64:
-    platform: ubuntu-14.04-amd64
-    hypervisor: docker
-    image: ubuntu:14.04
-    docker_preserve_image: true
-    docker_cmd: '["/sbin/init"]'
-    docker_image_commands:
-      # ensure that upstart is booting correctly in the container
-      - 'rm /usr/sbin/policy-rc.d && rm /sbin/initctl && dpkg-divert --rename --remove /sbin/initctl && apt-get update && apt-get install -y net-tools wget && locale-gen en_US.UTF-8'
-CONFIG:
-  trace_limit: 200
diff --git a/code/environments/production/modules/certregen/spec/acceptance/workflow_regen_after_expire_spec.rb b/code/environments/production/modules/certregen/spec/acceptance/workflow_regen_after_expire_spec.rb
deleted file mode 100644
index 3ae0a9e..0000000
--- a/code/environments/production/modules/certregen/spec/acceptance/workflow_regen_after_expire_spec.rb
+++ /dev/null
@@ -1,105 +0,0 @@
-require 'spec_helper_acceptance'
-require 'json'
-
-# https://forge.puppet.com/puppetlabs/certregen#revive-a-ca-thats-already-expired
-describe "C99821 - workflow - regen CA after it expires" do
-  if find_install_type == 'pe' then
-    # This workflow only works with a master to manage the CA
-    # This workflow only works with a puppetdb instance to query hostnames from
-    context 'create CA to be expired and update agents' do
-      before(:all) do
-        ttl = 60
-        serial = get_ca_serial_id_on(master)
-        on(master, puppet("certregen ca --ca_serial #{serial} --ca_ttl #{ttl}s"))
-        start = Time.now
-        agents.each do |agent|
-          on(agent, puppet('agent -t'), :acceptable_exit_codes => [0,2])
-        end
-        finish = Time.now
-        elapsed_time = (finish - start).to_i
-        sleep (ttl - elapsed_time) if elapsed_time < ttl
-        sleep 1
-      end
-
-      it 'should warn that ca is expired' do
-        on(master, puppet("certregen healthcheck")) do |result|
-          expect(result.stdout).to match(/Status:\s+expired/)
-        end
-      end
-
-      context 'regenerate CA' do
-        before(:all) do
-          serial = get_ca_serial_id_on(master)
-          on(master, puppet("certregen ca --ca_serial #{serial}"))
-        end
-
-        it 'should update CA cert enddate' do
-          enddate = get_ca_enddate_time_on(master)
-          future = get_time_on(master, ['-d', "'5 years'"])
-          expect(future - enddate).to be <= (48*HOUR)
-        end
-
-        context 'automatically distribute new ca to linux hosts' do
-          before(:all) do
-            # distribute ssh key for root to agents
-            on(master, "ssh-keygen -t rsa -f $HOME/.ssh/id_rsa -P ''")
-            on(master, "cat $HOME/.ssh/id_rsa.pub") do |result|
-              key_array = result.stdout.split(' ')
-              fail_test('could not get ssh key from master') unless key_array.size > 1
-              @public_key = key_array[1]
-            end
-            agents.each do |agent|
-              unless agent['platform'] =~ /windows/
-                args = ['ensure=present',
-                        "user='root'",
-                        "type='rsa'",
-                        "key='#{@public_key}'",
-                       ]
-                on(agent, puppet_resource('ssh_authorized_key', master.hostname, args))
-                on(master, "ssh -o StrictHostKeyChecking=no #{agent.hostname} ls")
-              end
-            end
-            on(master, "/opt/puppetlabs/puppet/bin/gem install chloride")
-            result = on(master, puppet("certregen redistribute"))
-            @report = JSON.parse(result.stdout)
-          end
-
-          after(:all) do
-            on(master, "rm -f $HOME/.ssh/id_rsa $HOME/.ssh/id_rsa.pub", :acceptable_exit_codes => [0,1])
-            agents.each do |agent|
-              on(agent, puppet_resource('ssh_authorized_key', master.hostname, ['ensure=absent', "user='root'"]), :acceptable_exit_codes => [0,1])
-            end
-          end
-
-          it 'should emit a report in valid json' do
-            expect(@report).not_to be nil
-          end
-          it 'should emit a report with a succeeded key' do
-            expect(@report['succeeded']).not_to be nil
-          end
-          it 'should emit a report with a failed key' do
-            expect(@report['failed']).not_to be nil
-          end
-          it 'should report success on all linux agents' do
-            agents.each do |agent|
-              if agent['platform'] =~ /debian|ubuntu|cumulus|huaweios|el-|centos|fedora|redhat|oracle|scientific|eos|archlinux|sles/
-                expect(@report['succeeded']).to include agent.hostname
-              end
-            end
-          end
-          it 'should update CA cert on all linux agents' do
-            master_enddate = get_ca_enddate_time_on(master)
-            agents.each do |agent|
-              if agent['platform'] =~ /debian|ubuntu|cumulus|huaweios|el-|centos|fedora|redhat|oracle|scientific|eos|archlinux|sles/
-                on(agent, puppet('agent -t'), :acceptable_exit_codes => [0,2])
-                enddate = get_ca_enddate_time_on(agent)
-                expect(enddate).to eq master_enddate
-              end
-            end
-          end
-        end
-
-      end
-    end
-  end
-end
diff --git a/code/environments/production/modules/certregen/spec/acceptance/workflow_regen_before_expire_spec.rb b/code/environments/production/modules/certregen/spec/acceptance/workflow_regen_before_expire_spec.rb
deleted file mode 100644
index bad7a84..0000000
--- a/code/environments/production/modules/certregen/spec/acceptance/workflow_regen_before_expire_spec.rb
+++ /dev/null
@@ -1,77 +0,0 @@
-require 'spec_helper_acceptance'
-
-# https://forge.puppet.com/puppetlabs/certregen#refresh-a-ca-thats-expiring-soon
-describe "C99818 - workflow - regen CA before it expires" do
-  if hosts_with_role(hosts, 'master').length>0 then
-    # This workflow only works with a master to manage the CA
-    context 'setting CA to expire soon' do
-      before(:all) do
-        serial = get_ca_serial_id_on(master)
-
-        # patch puppet to defeat copywrite date check when generating historical CA
-        patch_puppet_date_check_on(master)
-
-        # determine current time on master
-        @today = get_time_on(master)
-
-        # set back the clock in order to create a CA that will be approaching its EOL
-        past = @today - (5*YEAR - 20*DAY)
-        on(master, "date #{past.strftime('%m%d%H%M%Y')}")
-        # create old CA
-        on(master, puppet(" certregen ca --ca_serial #{serial}"))
-        # update to current time
-        on(master, "date #{@today.strftime('%m%d%H%M%Y')}")
-      end
-
-      it 'should have current date' do
-        today = get_time_on(master)
-        expect(today.utc.strftime('%Y-%m-%d')).to eq @today.utc.strftime('%Y-%m-%d')
-      end
-
-      it 'should warn about pending expiration' do
-        enddate = get_ca_enddate_time_on(master)
-        on(master, puppet("certregen healthcheck")) do |result|
-          expect(result.stdout).to match(/Status:\s+expiring/)
-          expect(result.stdout).to match(/Expiration date:\s+#{enddate.utc.strftime('%Y-%m-%d')}/)
-        end
-      end
-
-      context 'restoring previously patched puppet' do
-        before(:all) do
-          # revert patch to defeat copywrite date check
-          patch_puppet_date_check_on(master, 'reverse')
-        end
-
-        context 'regenerating CA prior to expiration' do
-          before(:all) do
-            serial = get_ca_serial_id_on(master)
-            on(master, puppet("certregen ca --ca_serial #{serial}"))
-          end
-          # validate time stamp
-          it 'should update CA cert enddate' do
-            enddate = get_ca_enddate_time_on(master)
-            future = get_time_on(master, ['-d', "'5 years'"])
-            expect(future - enddate).to be <= (48*HOUR)
-          end
-
-          context 'distribute new ca to linux hosts that have been classified with `certregen::client`' do
-            before(:all) do
-              create_remote_file(master, '/etc/puppetlabs/code/environments/production/manifests/ca.pp', 'include certregen::client')
-              on(master, 'chmod 755 /etc/puppetlabs/code/environments/production/manifests/ca.pp')
-              on(master, puppet('agent -t'), :acceptable_exit_codes => [0,2])
-            end
-            it 'should update CA cert on all linux agents' do
-              master_enddate = get_ca_enddate_time_on(master)
-              agents.each do |agent|
-                on(agent, puppet('agent -t'), :acceptable_exit_codes => [0,2])
-                enddate = get_ca_enddate_time_on(agent)
-                expect(enddate).to eq master_enddate
-              end
-            end
-          end
-
-        end
-      end
-    end
-  end
-end