Provider cleanup

REFERENCE.md

@@ -865,12 +865,6 @@ The following parameters are available in the `mongodb::server` class:
 * [`config_content`](#-mongodb--server--config_content)
 * [`config_template`](#-mongodb--server--config_template)
 * [`config_data`](#-mongodb--server--config_data)
-* [`ssl`](#-mongodb--server--ssl)
-* [`ssl_key`](#-mongodb--server--ssl_key)
-* [`ssl_ca`](#-mongodb--server--ssl_ca)
-* [`ssl_weak_cert`](#-mongodb--server--ssl_weak_cert)
-* [`ssl_invalid_hostnames`](#-mongodb--server--ssl_invalid_hostnames)
-* [`ssl_mode`](#-mongodb--server--ssl_mode)
 * [`tls`](#-mongodb--server--tls)
 * [`tls_key`](#-mongodb--server--tls_key)
 * [`tls_ca`](#-mongodb--server--tls_ca)
@@ -1445,56 +1439,6 @@ A hash to allow for additional configuration options to be set in user-provided
 
 Default value: `undef`
 
-##### <a name="-mongodb--server--ssl"></a>`ssl`
-
-Data type: `Optional[Boolean]`
-
-Use SSL validation.
-Important: You need to have ssl_key set as well, and the file needs to pre-exist on node. If you wish to
-use certificate validation, ssl_ca must also be set.
-
-Default value: `undef`
-
-##### <a name="-mongodb--server--ssl_key"></a>`ssl_key`
-
-Data type: `Optional[Stdlib::Absolutepath]`
-
-Defines the path of the file that contains the TLS/SSL certificate and key.
-
-Default value: `undef`
-
-##### <a name="-mongodb--server--ssl_ca"></a>`ssl_ca`
-
-Data type: `Optional[Stdlib::Absolutepath]`
-
-Defines the path of the file that contains the certificate chain for verifying client certificates.
-
-Default value: `undef`
-
-##### <a name="-mongodb--server--ssl_weak_cert"></a>`ssl_weak_cert`
-
-Data type: `Boolean`
-
-Set to true to disable mandatory SSL client authentication.
-
-Default value: `false`
-
-##### <a name="-mongodb--server--ssl_invalid_hostnames"></a>`ssl_invalid_hostnames`
-
-Data type: `Boolean`
-
-Set to true to disable fqdn SSL cert check.
-
-Default value: `false`
-
-##### <a name="-mongodb--server--ssl_mode"></a>`ssl_mode`
-
-Data type: `Enum['requireSSL', 'preferSSL', 'allowSSL']`
-
-Ssl authorization mode.
-
-Default value: `'requireSSL'`
-
 ##### <a name="-mongodb--server--tls"></a>`tls`
 
 Data type: `Boolean`

lib/facter/is_master.rb

@@ -11,13 +11,6 @@ def get_options_from_hash_config(config)
   result = []
 
   result << "--port #{config['net.port']}" unless config['net.port'].nil?
-  # use --ssl and --host if:
-  # - sslMode is "requireSSL"
-  # - Parameter --sslPEMKeyFile is set
-  # - Parameter --sslCAFile is set
-  result << "--ssl --host #{Facter.value(:fqdn)}" if config['net.ssl.mode'] == 'requireSSL' || !config['net.ssl.PEMKeyFile'].nil? || !config['net.ssl.CAFile'].nil?
-  result << "--sslPEMKeyFile #{config['net.ssl.PEMKeyFile']}" unless config['net.ssl.PEMKeyFile'].nil?
-  result << "--sslCAFile #{config['net.ssl.CAFile']}" unless config['net.ssl.CAFile'].nil?
   # use --tls and --host if:
   # - tlsMode is "requireTLS"
   # - Parameter --tlsCertificateKeyFile is set

lib/puppet/provider/mongodb.rb

@@ -26,19 +26,15 @@ def self.mongod_conf_file
   def self.mongo_conf
     config = YAML.load_file(mongod_conf_file) || {}
     {
-      'bindip' => config['net.bindIp'],
-      'port' => config['net.port'],
-      'ipv6' => config['net.ipv6'],
-      'sslallowInvalidHostnames' => config['net.ssl.allowInvalidHostnames'],
-      'ssl' => config['net.ssl.mode'],
-      'sslcert' => config['net.ssl.PEMKeyFile'],
-      'sslca' => config['net.ssl.CAFile'],
-      'tlsallowInvalidHostnames' => config['net.tls.allowInvalidHostnames'],
-      'tls' => config['net.tls.mode'],
-      'tlscert' => config['net.tls.certificateKeyFile'],
-      'tlsca' => config['net.tls.CAFile'],
-      'auth' => config['security.authorization'],
-      'clusterRole' => config['sharding.clusterRole'],
+      'bindip' => config['net.bindIp'] || config.fetch('net', {}).fetch('bindIp', nil),
+      'port' => config['net.port'] || config.fetch('net', {}).fetch('port', nil),
+      'ipv6' => config['net.ipv6'] || config.fetch('net', {}).fetch('ipv6', nil),
+      'tlsallowInvalidHostnames' => config['net.tls.allowInvalidHostnames'] || config.fetch('net', {}).fetch('tls', {}).fetch('allowInvalidHostnames', nil),
+      'tls' => config['net.tls.mode'] || config.fetch('net', {}).fetch('tls', {}).fetch('mode', nil),
+      'tlscert' => config['net.tls.certificateKeyFile'] || config.fetch('net', {}).fetch('tls', {}).fetch('certificateKeyFile', nil),
+      'tlsca' => config['net.tls.CAFile'] || config.fetch('net', {}).fetch('tls', {}).fetch('CAFile', nil),
+      'auth' => config['security.authorization'] || config.fetch('security', {}).fetch('authorization', nil),
+      'clusterRole' => config['sharding.clusterRole'] || config.fetch('sharding', {}).fetch('clusterRole', nil),
     }
   end
 
@@ -47,23 +43,12 @@ def self.ipv6_is_enabled(config = nil)
     config['ipv6']
   end
 
-  def self.ssl_is_enabled(config = nil)
-    config ||= mongo_conf
-    ssl_mode = config.fetch('ssl')
-    !ssl_mode.nil? && ssl_mode != 'disabled'
-  end
-
   def self.tls_is_enabled(config = nil)
     config ||= mongo_conf
     tls_mode = config.fetch('tls')
     !tls_mode.nil? && tls_mode != 'disabled'
   end
 
-  def self.ssl_invalid_hostnames(config = nil)
-    config ||= mongo_conf
-    config['sslallowInvalidHostnames']
-  end
-
   def self.tls_invalid_hostnames(config = nil)
     config ||= mongo_conf
     config['tlsallowInvalidHostnames']
@@ -77,16 +62,6 @@ def self.mongosh_cmd(db, host, cmd)
     args = [db, '--quiet', '--host', host]
     args.push('--ipv6') if ipv6_is_enabled(config)
 
-    if ssl_is_enabled(config)
-      args.push('--ssl')
-      args += ['--sslPEMKeyFile', config['sslcert']]
-
-      ssl_ca = config['sslca']
-      args += ['--sslCAFile', ssl_ca] unless ssl_ca.nil?
-
-      args.push('--sslAllowInvalidHostnames') if ssl_invalid_hostnames(config)
-    end
-
     if tls_is_enabled(config)
       args.push('--tls')
       args += ['--tlsCertificateKeyFile', config['tlscert']]