(PUP-3063) remove certificate expiration warnings

This commit deletes the 'certificate_expiration_warning' setting and the 'near_expiration?' method which used this setting.
ScottGarman · Oct 27, 2014 · 7da942f · 7da942f
1 parent ea98df7
commit 7da942f
Show file tree

Hide file tree

Showing 4 changed files with 0 additions and 40 deletions.
diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb
@@ -770,12 +770,6 @@ def self.default_diffargs
           Certificate Revocation List (CRL)
           to all clients.  If enabled, CA chaining will almost definitely not work.",
     },
-    :certificate_expire_warning => {
-      :default  => "60d",
-      :type     => :duration,
-      :desc     => "The window of time leading up to a certificate's expiration that a notification
-        will be logged. This applies to CA, master, and agent certificates. #{AS_DURATION}"
-    },
     :digest_algorithm => {
         :default  => 'md5',
         :type     => :enum,

diff --git a/lib/puppet/ssl/certificate.rb b/lib/puppet/ssl/certificate.rb
@@ -32,13 +32,6 @@ def expiration
     content.not_after
   end
 
-  def near_expiration?(interval = nil)
-    return false unless expiration
-    interval ||= Puppet[:certificate_expire_warning]
-    # Certificate expiration timestamps are always in UTC
-    expiration < Time.now.utc + interval
-  end
-
   # This name is what gets extracted from the subject before being passed
   # to the constructor, so it's not downcased
   def unmunged_name

diff --git a/man/man5/puppet.conf.5 b/man/man5/puppet.conf.5
@@ -306,9 +306,6 @@ For your own certificate request you can set \fBdns_alt_names\fR in the configur
 .P
 Alternately you can use the \fB\-\-dns_alt_names\fR command line option to set the labels added while generating your own CSR\.
 .
-.SS "certificate_expire_warning"
-The window of time leading up to a certificate\'s expiration that a notification will be logged\. This applies to CA, master, and agent certificates\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
-.
 .IP "\(bu" 4
 \fIDefault\fR: 60d
 .

diff --git a/spec/unit/ssl/certificate_spec.rb b/spec/unit/ssl/certificate_spec.rb
@@ -166,28 +166,4 @@ def build_cert(opts)
       @certificate.to_text.should == "certificatetext"
     end
   end
-
-  describe "when checking if the certificate's expiration is approaching" do
-    before do
-      @days = 24*60*60
-      @certificate = @class.new("myname")
-      @certificate.stubs(:expiration).returns(Time.now.utc() + 30*@days)
-    end
-
-    it "should be true if the expiration is within the given interval from now" do
-      @certificate.near_expiration?(31*@days).should be_true
-    end
-
-    it "should be false if there is no expiration" do
-      @certificate.stubs(:expiration).returns(nil)
-      @certificate.near_expiration?.should be_false
-    end
-
-    it "should default to using the `certificate_expire_warning` setting as the interval" do
-      Puppet[:certificate_expire_warning] = 31*@days
-      @certificate.near_expiration?.should be_true
-      Puppet[:certificate_expire_warning] = 29*@days
-      @certificate.near_expiration?.should be_false
-    end
-  end
 end