Provide upgrade utility

Provide a utility plan to re-issue certificates on systems that were
deployed using peadm 0.5.x, using the new OIDs in use in peadm 1.x.

Author: reidmv

plans/misc/update_trusted_facts.pp

@@ -0,0 +1,41 @@
+plan peadm::misc::upgrade_trusted_facts (
+  TargetSpec              $targets,
+  Peadm::SingleTargetSpec $master_host,
+  Boolean                 $autosign = false,
+) {
+
+  # Convert input into array of Targets
+  $all_targets   = peadm::get_targets($targets)
+  $master_target = peadm::get_targets($master_host, 1)
+
+  $certdata = run_task('peadm::trusted_facts', $all_targets).reduce({}) |$memo,$result| {
+    $memo + { $result.target => $result.value }
+  }
+
+  $pserver = '/opt/puppetlabs/bin/puppetserver'
+  $puppet  = '/opt/puppetlabs/bin/puppet'
+
+  $upgrade_results = $all_targets.map |$target| {
+    $new_trusted = $certdata[$target]['extensions'] + {
+      peadm::oid('peadm_role') => $certdata[$target]['extensions']['pp_application'],
+      peadm::oid('peadm_availability_group') => $certdata[$target]['extensions']['pp_cluster'],
+    }
+
+    run_plan('peadm::util::insert_csr_extensions', $target,
+      extensions => $new_trusted,
+    )
+
+    run_command("${pserver} ca clean ${certdata[$target]['certname']}", $master_target)
+    run_command("${puppet} ssl clean --target ${certdata[$target]['certname']}", $target)
+    run_command("${puppet} ssl submit_request --certname ${certdata[$target]['certname']}", $target)
+
+    ctrl::sleep(2) # some lag sometimes before the cert is available to sign
+
+    if !$autosign {
+      run_command("${pserver} ca sign --certname ${certdata[$target]['certname']}", $master_target)
+    }
+
+    run_command("${puppet} ssl download_cert --certname ${certdata[$target]['certname']}", $target)
+  }
+
+}

tasks/trusted_facts.rb

@@ -27,6 +27,9 @@
   end
 end
 
-result = { 'extensions' => extensions }
+result = {
+  'certname'   => certname,
+  'extensions' => extensions,
+}
 
 puts result.to_json