Remove insecure pe_installer_source parameter

bastelfreak · bastelfreak · commit 5b3fe632ec28 · 2024-11-01T17:09:38.000+01:00
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -2015,7 +2015,6 @@ The following parameters are available in the `peadm::install` plan:
 * [`compiler_pool_address`](#-peadm--install--compiler_pool_address)
 * [`internal_compiler_a_pool_address`](#-peadm--install--internal_compiler_a_pool_address)
 * [`internal_compiler_b_pool_address`](#-peadm--install--internal_compiler_b_pool_address)
-* [`pe_installer_source`](#-peadm--install--pe_installer_source)
 * [`ldap_config`](#-peadm--install--ldap_config)
 * [`final_agent_state`](#-peadm--install--final_agent_state)
 * [`stagingdir`](#-peadm--install--stagingdir)
@@ -2071,17 +2070,6 @@ architectures.
 
 Default value: `undef`
 
-##### <a name="-peadm--install--pe_installer_source"></a>`pe_installer_source`
-
-Data type: `Optional[Stdlib::HTTPSUrl]`
-
-The URL to download the Puppet Enterprise installer media from. If not
-specified, PEAdm will attempt to download PE installation media from its
-standard public source. When specified, PEAdm will download directly from the
-URL given.
-
-Default value: `undef`
-
 ##### <a name="-peadm--install--ldap_config"></a>`ldap_config`
 
 Data type: `Optional[Peadm::Ldap_config]`
@@ -2496,7 +2484,6 @@ The following parameters are available in the `peadm::upgrade` plan:
 * [`compiler_pool_address`](#-peadm--upgrade--compiler_pool_address)
 * [`internal_compiler_a_pool_address`](#-peadm--upgrade--internal_compiler_a_pool_address)
 * [`internal_compiler_b_pool_address`](#-peadm--upgrade--internal_compiler_b_pool_address)
-* [`pe_installer_source`](#-peadm--upgrade--pe_installer_source)
 * [`final_agent_state`](#-peadm--upgrade--final_agent_state)
 * [`r10k_known_hosts`](#-peadm--upgrade--r10k_known_hosts)
 * [`stagingdir`](#-peadm--upgrade--stagingdir)
@@ -2541,17 +2528,6 @@ architectures.
 
 Default value: `undef`
 
-##### <a name="-peadm--upgrade--pe_installer_source"></a>`pe_installer_source`
-
-Data type: `Optional[Stdlib::HTTPSUrl]`
-
-The URL to download the Puppet Enterprise installer media from. If not
-specified, PEAdm will attempt to download PE installation media from its
-standard public source. When specified, PEAdm will download directly from the
-URL given.
-
-Default value: `undef`
-
 ##### <a name="-peadm--upgrade--final_agent_state"></a>`final_agent_state`
 
 Data type: `Enum['running', 'stopped']`
diff --git a/plans/install.pp b/plans/install.pp
@@ -11,11 +11,6 @@
 #   A load balancer address directing traffic to any of the "B" pool
 #   compilers. This is used for DR configuration in large and extra large
 #   architectures.
-# @param pe_installer_source
-#   The URL to download the Puppet Enterprise installer media from. If not
-#   specified, PEAdm will attempt to download PE installation media from its
-#   standard public source. When specified, PEAdm will download directly from the
-#   URL given.
 # @param ldap_config
 #   If specified, configures PE RBAC DS with the supplied configuration hash.
 #   The parameter should be set to a valid set of connection settings as
@@ -47,7 +42,6 @@
   # Common Configuration
   String                            $console_password,
   Peadm::Pe_version                 $version                          = '2021.7.9',
-  Optional[Stdlib::HTTPSUrl]        $pe_installer_source              = undef,
   Optional[Array[String]]           $dns_alt_names                    = undef,
   Optional[String]                  $compiler_pool_address            = undef,
   Optional[String]                  $internal_compiler_a_pool_address = undef,
@@ -94,7 +88,6 @@
 
     # Common Configuration
     version                        => $version,
-    pe_installer_source            => $pe_installer_source,
     console_password               => $console_password,
     dns_alt_names                  => $dns_alt_names,
     pe_conf_data                   => $pe_conf_data,
diff --git a/plans/subplans/install.pp b/plans/subplans/install.pp
@@ -28,12 +28,6 @@
 #   Config data to plane into pe.conf when generated on all hosts, this can be
 #   used for tuning data etc.
 #
-# @param pe_installer_source
-#   The URL to download the Puppet Enterprise installer media from. If not
-#   specified, PEAdm will attempt to download PE installation media from its
-#   standard public source. When specified, PEAdm will download directly from the
-#   URL given.
-#
 plan peadm::subplans::install (
   # Standard
   Peadm::SingleTargetSpec           $primary_host,
@@ -50,7 +44,6 @@
   # Common Configuration
   String               $console_password,
   Peadm::Pe_version    $version,
-  Optional[Stdlib::HTTPSUrl] $pe_installer_source = undef,
   Array[String]        $dns_alt_names       = [],
   Hash                 $pe_conf_data        = {},
 
@@ -237,13 +230,8 @@
     )
   }
 
-  if $pe_installer_source {
-    $pe_tarball_name = $pe_installer_source.split('/')[-1]
-    $pe_tarball_source = $pe_installer_source
-  } else {
-    $pe_tarball_name   = "puppet-enterprise-${version}-${platform}.tar.gz"
-    $pe_tarball_source = "https://s3.amazonaws.com/pe-builds/released/${version}/${pe_tarball_name}"
-  }
+  $pe_tarball_name   = "puppet-enterprise-${version}-${platform}.tar.gz"
+  $pe_tarball_source = "https://s3.amazonaws.com/pe-builds/released/${version}/${pe_tarball_name}"
 
   $upload_tarball_path = "${uploaddir}/${pe_tarball_name}"
 
diff --git a/plans/upgrade.pp b/plans/upgrade.pp
@@ -11,11 +11,6 @@
 #   A load balancer address directing traffic to any of the "B" pool
 #   compilers. This is used for DR configuration in large and extra large
 #   architectures.
-# @param pe_installer_source
-#   The URL to download the Puppet Enterprise installer media from. If not
-#   specified, PEAdm will attempt to download PE installation media from its
-#   standard public source. When specified, PEAdm will download directly from the
-#   URL given.
 # @param final_agent_state
 #   Configures the state the puppet agent should be in on infrastructure nodes
 #   after PE is upgraded successfully.
@@ -46,7 +41,6 @@
 
   # Common Configuration
   Optional[Peadm::Pe_version]  $version                          = undef,
-  Optional[Stdlib::HTTPSUrl]   $pe_installer_source              = undef,
   Optional[String]             $compiler_pool_address            = undef,
   Optional[String]             $internal_compiler_a_pool_address = undef,
   Optional[String]             $internal_compiler_b_pool_address = undef,
@@ -119,15 +113,9 @@
 
   $platform = run_task('peadm::precheck', $primary_target).first['platform']
 
-  if $pe_installer_source {
-    $pe_tarball_name   = $pe_installer_source.split('/')[-1]
-    $pe_tarball_source = $pe_installer_source
-    $_version          = $pe_tarball_name.split('-')[2]
-  } else {
-    $_version          = $version
-    $pe_tarball_name   = "puppet-enterprise-${_version}-${platform}.tar.gz"
-    $pe_tarball_source = "https://s3.amazonaws.com/pe-builds/released/${_version}/${pe_tarball_name}"
-  }
+  $_version          = $version
+  $pe_tarball_name   = "puppet-enterprise-${_version}-${platform}.tar.gz"
+  $pe_tarball_source = "https://s3.amazonaws.com/pe-builds/released/${_version}/${pe_tarball_name}"
 
   $upload_tarball_path = "${uploaddir}/${pe_tarball_name}"
 
