Remove the Ruby < 2.5 logic from the FIPS plugins

So much to delete here.

Signed-off-by: Tim Smith <tsmith@chef.io>

3 files changed, 20 insertions, 130 deletions

diff --git a/lib/ohai/plugins/windows/fips.rb b/lib/ohai/plugins/windows/fips.rb
index 56e5cdc7..085c7f2c 100644
--- a/lib/ohai/plugins/windows/fips.rb
+++ b/lib/ohai/plugins/windows/fips.rb
@@ -1,6 +1,6 @@
 #
 # Author:: Matt Wrock (<matt@mattwrock.com>)
-# Copyright:: Copyright (c) 2016 Chef Software, Inc.
+# Copyright:: Copyright (c) 2016-2018 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -28,30 +28,11 @@ Ohai.plugin(:Fips) do
   collect_data(:windows) do
     fips Mash.new
 
-    # Check for new fips_mode method added in Ruby 2.5. After we drop support
-    # for Ruby 2.4, clean up everything after this and collapse the FIPS plugins.
     require "openssl"
     if defined?(OpenSSL.fips_mode) && OpenSSL.fips_mode && !$FIPS_TEST_MODE
       fips["kernel"] = { "enabled" => true }
     else
-      require "win32/registry"
-      # from http://msdn.microsoft.com/en-us/library/windows/desktop/aa384129(v=vs.85).aspx
-      if ::RbConfig::CONFIG["target_cpu"] == "i386"
-        reg_type = Win32::Registry::KEY_READ | 0x100
-      elsif ::RbConfig::CONFIG["target_cpu"] == "x86_64"
-        reg_type = Win32::Registry::KEY_READ | 0x200
-      else
-        reg_type = Win32::Registry::KEY_READ
-      end
-
-      begin
-        Win32::Registry::HKEY_LOCAL_MACHINE.open('System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy', reg_type) do |policy|
-          enabled = policy["Enabled"]
-          fips["kernel"] = { "enabled" => enabled == 0 ? false : true }
-        end
-      rescue Win32::Registry::Error
-        fips["kernel"] = { "enabled" => false }
-      end
+      fips["kernel"] = { "enabled" => false }
     end
   end
 end
diff --git a/spec/unit/plugins/linux/fips_spec.rb b/spec/unit/plugins/linux/fips_spec.rb
index 570a5e04..a403b02d 100644
--- a/spec/unit/plugins/linux/fips_spec.rb
+++ b/spec/unit/plugins/linux/fips_spec.rb
@@ -1,6 +1,6 @@
 #
 # Author:: Matt Wrock (<matt@mattwrock.com>)
-# Copyright:: Copyright (c) 2016 Chef Software, Inc.
+# Copyright:: Copyright (c) 2016-2018 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -22,8 +22,7 @@ require "openssl"
 describe Ohai::System, "plugin fips" do
   let(:enabled) { "0" }
   let(:plugin) { get_plugin("linux/fips") }
-  let(:fips_path) { "/proc/sys/crypto/fips_enabled" }
-  let(:openssl_test_mode) { true }
+  let(:openssl_test_mode) { false }
 
   subject do
     plugin.run
@@ -32,7 +31,6 @@ describe Ohai::System, "plugin fips" do
 
   before(:each) do
     allow(plugin).to receive(:collect_os).and_return(:linux)
-    allow(::File).to receive(:read).with(fips_path).and_return(enabled)
   end
 
   around do |ex|
@@ -44,47 +42,17 @@ describe Ohai::System, "plugin fips" do
     end
   end
 
-  context "fips file is present and contains 1" do
-    let(:enabled) { "1" }
-
-    it "sets fips plugin" do
-      expect(subject).to be(true)
-    end
-  end
-
-  context "fips file does not contain 1" do
-    let(:enabled) { "0" }
-
+  context "with OpenSSL.fips_mode == false" do
+    before { allow(OpenSSL).to receive(:fips_mode).and_return(false) }
     it "does not set fips plugin" do
       expect(subject).to be(false)
     end
   end
 
-  context "fips file is not present" do
-    before do
-      allow(::File).to receive(:read).and_raise(Errno::ENOENT, "bibbleboop")
-    end
-
-    it "does not set fips plugin" do
-      expect(subject).to be(false)
-    end
-  end
-
-  context "with Ruby 2.5 or newer", if: defined?(OpenSSL.fips_mode) do
-    let(:openssl_test_mode) { false }
-
-    context "with OpenSSL.fips_mode == false" do
-      before { allow(OpenSSL).to receive(:fips_mode).and_return(false) }
-      it "does not set fips plugin" do
-        expect(subject).to be(false)
-      end
-    end
-
-    context "with OpenSSL.fips_mode == true" do
-      before { allow(OpenSSL).to receive(:fips_mode).and_return(true) }
-      it "sets fips plugin" do
-        expect(subject).to be(true)
-      end
+  context "with OpenSSL.fips_mode == true" do
+    before { allow(OpenSSL).to receive(:fips_mode).and_return(true) }
+    it "sets fips plugin" do
+      expect(subject).to be(true)
     end
   end
 end
diff --git a/spec/unit/plugins/windows/fips_spec.rb b/spec/unit/plugins/windows/fips_spec.rb
index b36e4265..7591ffef 100644
--- a/spec/unit/plugins/windows/fips_spec.rb
+++ b/spec/unit/plugins/windows/fips_spec.rb
@@ -1,6 +1,6 @@
 #
 # Author:: Matt Wrock (<matt@mattwrock.com>)
-# Copyright:: Copyright (c) 2016 Chef Software, Inc.
+# Copyright:: Copyright (c) 2016-2018 Chef Software, Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -22,9 +22,7 @@ require "openssl"
 describe Ohai::System, "plugin fips", :windows_only do
   let(:enabled) { 0 }
   let(:plugin) { get_plugin("windows/fips") }
-  let(:fips_key) { 'System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy' }
-  let(:win_reg_entry) { { "Enabled" => enabled } }
-  let(:openssl_test_mode) { true }
+  let(:openssl_test_mode) { false }
 
   subject do
     plugin.run
@@ -33,7 +31,6 @@ describe Ohai::System, "plugin fips", :windows_only do
 
   before(:each) do
     allow(plugin).to receive(:collect_os).and_return(:windows)
-    allow(Win32::Registry::HKEY_LOCAL_MACHINE).to receive(:open).with(fips_key, arch).and_yield(win_reg_entry)
   end
 
   around do |ex|
@@ -45,73 +42,17 @@ describe Ohai::System, "plugin fips", :windows_only do
     end
   end
 
-  shared_examples "fips_plugin" do
-    context "fips enabled key is set to 1" do
-      let(:enabled) { 1 }
-
-      it "sets fips plugin" do
-        expect(subject).to be(true)
-      end
-    end
-
-    context "fips enabled key is set to 0" do
-      let(:enabled) { 0 }
-
-      it "does not set fips plugin" do
-        expect(subject).to be(false)
-      end
+  context "with OpenSSL.fips_mode == false" do
+    before { allow(OpenSSL).to receive(:fips_mode).and_return(false) }
+    it "does not set fips plugin" do
+      expect(subject).to be(false)
     end
-
-    context "fips key does not exist" do
-      before do
-        allow(Win32::Registry::HKEY_LOCAL_MACHINE).to receive(:open).and_raise(Win32::Registry::Error, 50)
-      end
-
-      it "does not set fips plugin" do
-        expect(subject).to be(false)
-      end
-    end
-  end
-
-  context "on 32 bit ruby" do
-    let(:arch) { Win32::Registry::KEY_READ | 0x100 }
-
-    before { stub_const("::RbConfig::CONFIG", { "target_cpu" => "i386" } ) }
-
-    it_behaves_like "fips_plugin"
   end
 
-  context "on 64 bit ruby" do
-    let(:arch) { Win32::Registry::KEY_READ | 0x200 }
-
-    before { stub_const("::RbConfig::CONFIG", { "target_cpu" => "x86_64" } ) }
-
-    it_behaves_like "fips_plugin"
-  end
-
-  context "on unknown ruby" do
-    let(:arch) { Win32::Registry::KEY_READ }
-
-    before { stub_const("::RbConfig::CONFIG", { "target_cpu" => nil } ) }
-
-    it_behaves_like "fips_plugin"
-  end
-
-  context "with Ruby 2.5 or newer", if: defined?(OpenSSL.fips_mode) do
-    let(:openssl_test_mode) { false }
-
-    context "with OpenSSL.fips_mode == false" do
-      before { allow(OpenSSL).to receive(:fips_mode).and_return(false) }
-      it "does not set fips plugin" do
-        expect(subject).to be(false)
-      end
-    end
-
-    context "with OpenSSL.fips_mode == true" do
-      before { allow(OpenSSL).to receive(:fips_mode).and_return(true) }
-      it "sets fips plugin" do
-        expect(subject).to be(true)
-      end
+  context "with OpenSSL.fips_mode == true" do
+    before { allow(OpenSSL).to receive(:fips_mode).and_return(true) }
+    it "sets fips plugin" do
+      expect(subject).to be(true)
     end
   end
 end