From 07b2a3afd996fa367e2e1b3692b5b8eea3273af2 Mon Sep 17 00:00:00 2001
From: Jeff McCune <jeff@puppetlabs.com>
Date: Mon, 10 Oct 2011 11:51:14 -0700
Subject: (#10007) Revert "Merge pull request #13 from
 kbarber/issue/master/8925-user_ssl_certs"

This reverts commit 14852e0259e1e43371dbcb2675e00c6d6e614f05, reversing
changes made to a95dccd464b55945feb8bcf7483f777c25164115.

This is to fix the broken build (failing tests) as per #8925 and #10007
---
 lib/puppet/parser/functions/get_certificate.rb | 89 --------------------------
 lib/puppet/parser/functions/get_pubkey.rb      | 25 --------
 2 files changed, 114 deletions(-)
 delete mode 100644 lib/puppet/parser/functions/get_certificate.rb
 delete mode 100644 lib/puppet/parser/functions/get_pubkey.rb

(limited to 'lib/puppet/parser/functions')

diff --git a/lib/puppet/parser/functions/get_certificate.rb b/lib/puppet/parser/functions/get_certificate.rb
deleted file mode 100644
index 66baba6..0000000
--- a/lib/puppet/parser/functions/get_certificate.rb
+++ /dev/null
@@ -1,89 +0,0 @@
-module Puppet::Parser::Functions
-  newfunction(:get_certificate, :type => :rvalue, :doc => <<-EOS
-Returns the public certificate of the given CN from the local or remote Puppet
-CA.
-
-Usage is:
-
-    get_certificate($cn, $options)
-
-The first argument $cn is a valid CN for the certificate you wish to
-return. A CN is usually the hostname of a machine in Puppet. You can view all available
-certificates using the facility:
-
-    puppet cert --list --all
-
-On the main CA or puppetmaster.
-
-The second argument $options allows the user to define a hash of options to
-pass to the function.
-
-The options and descriptions are:
-
-* *conn_timeout*: Adjust timeout for remote CA connectivity (in seconds). Default is 7.
-  EOS
-  ) do |arguments|
-
-    # Make sure we have enough arguments
-    if not (1..2).include?(arguments.size) then
-      raise(Puppet::ParseError, "get_certificate(): Wrong number of arguments " +
-        "given (#{arguments.size} for 1 or 2)")
-    end
-
-    # Obtain arguments and set defaults
-    cn = arguments[0]
-    options = arguments[1] ||= {}
-    options[:conn_timeout] = 7 if !options.has_key?(:conn_timeout)
-
-    # Validation of arguments
-    if not (cn.is_a?(String) and cn.match(/^[a-zA-Z0-9@_\-\.]+$/)) then
-      raise(Puppet::ParseError, 'get_certificate(): CN name must be a valid string. Hashes and Arrays are not valid')
-    end
-    if not (1..600).include?(options[:conn_timeout]) then
-      raise(Puppet::ParseError, "get_certificate(): The option 'conn_timeout' must be an integer between 1 and 600")
-    end
-  
-    # Get and return certificate using file or rest
-    if Puppet[:ca] == true then
-      # Get the certificate locally if we are acting as a CA
-      # TODO: wrap: puppet certificate --render-as s --ca-location remote find ken@bob.sh
-      ssl_cert_path = Puppet[:signeddir] + "/" + cn + ".pem"
-      if FileTest.exists?(ssl_cert_path) then
-        cert = File.open(ssl_cert_path,"r")
-        return cert.read
-      end
-    else
-      # Obtain the certificate from the CA if its remote
-      # TODO: wrap: puppet certificate --render-as s --ca-location local find ken@bob.sh
-      require 'net/http'
-      require 'net/https'
-
-      http = Net::HTTP.new(Puppet[:ca_server], Puppet[:ca_port])
-      http.use_ssl = true
-      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-
-      begin
-        res = timeout(options[:conn_timeout]) do
-          http.start {|h|
-            h.get("/production/certificate/#{cn}", { "Accept" => "s" })
-          }
-        end
-      rescue Timeout::Error
-        raise(Puppet::Error, "Transaction timed out when connecting to #{Puppet[:ca_server]}:#{Puppet[:ca_port]}. Check your CA is running and that your ca_server and ca_port settings are correct on the machine this function ran on.")
-      rescue Errno::ECONNREFUSED
-        raise(Puppet::Error, "Connection refused when connecting to #{Puppet[:ca_server]}:#{Puppet[:ca_port]}. Check your CA is running and that your ca_server and ca_port settings are correct on the machine this function ran on.")
-      end
-
-      case res.code
-      when "200"
-        return res.body if res.body
-      when "404"
-        return :undef
-      else 
-        raise(Puppet::Error, "Error with REST call: #{res.code}")
-      end
-    end
-
-    :undef
-  end
-end
diff --git a/lib/puppet/parser/functions/get_pubkey.rb b/lib/puppet/parser/functions/get_pubkey.rb
deleted file mode 100644
index 744b9df..0000000
--- a/lib/puppet/parser/functions/get_pubkey.rb
+++ /dev/null
@@ -1,25 +0,0 @@
-module Puppet::Parser::Functions
-  newfunction(:get_pubkey, :type => :rvalue, :doc => <<-EOS
-Gets a public key given a CN. This function accepts all the same
-parameters as get_certificate(), but instead returns the public
-key portion of the certificate.
-
-See get_certificate() for a more complete list of options available.
-EOS
-  ) do |arguments|
-
-    # Wrap the get_certificate method
-    method = Puppet::Parser::Functions.function(:get_certificate)
-    cert_text = send(method, arguments)
-
-    require 'openssl'
-    
-    if cert_text == :undef then
-      return :undef
-    else
-      cert = OpenSSL::X509::Certificate.new(cert_text)
-      pubkey = cert.public_key
-      return pubkey.to_s
-    end
-  end
-end
-- 
cgit v1.2.3