From eb4b4a548946752bc5e6181f4b96dbb3f42065a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Jeanneret=20=28Tengu=29?=
 <cjeanner@redhat.com>
Date: Tue, 13 Aug 2019 06:06:07 +0000
Subject: [PATCH] Revert "Ensure we get a subnet for ctlplane"

This reverts commit 9e5efd591101928daa7337f4b7a4b076fab24ff8.

The issue was caused by out-dated downstream documentation, and this
change might introduce a regression.

Change-Id: Idc259bfd6c92762d833419f0aab8f5404ee7e801
---
 .../tripleo-firewall-baremetal-puppet.yaml    | 32 ++++++-------------
 1 file changed, 9 insertions(+), 23 deletions(-)

diff --git a/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml b/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml
index c90369d88b..ca756466e7 100644
--- a/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml
+++ b/deployment/tripleo-firewall/tripleo-firewall-baremetal-puppet.yaml
@@ -39,12 +39,6 @@ parameters:
     description: Whether IPtables rules should be purged before setting up the new ones.
     type: boolean
 
-conditions:
-  get_ctlplane_from_hiera:
-    equals:
-      - get_param: [ServiceData, net_cidr_map, ctlplane]
-      - Null
-
 outputs:
   role_data:
     description: Role data for the TripleO firewall settings
@@ -54,23 +48,15 @@ outputs:
         tripleo::firewall::manage_firewall: {get_param: ManageFirewall}
         tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
         tripleo::tripleo_firewall::firewall_rules:
-          if:
-            - get_ctlplane_from_hiera
-            -
-              "004 accept ssh from ctlplane subnet %{hiera('ctlplane_subnet')}":
-                source: "%{hiera('ctlplane_subnet')}"
-                proto: 'tcp'
-                port: 22
-            -
-              map_merge:
-                repeat:
-                  for_each:
-                    <%net_cidr%>: {get_param: [ServiceData, net_cidr_map, ctlplane]}
-                  template:
-                    '003 accept ssh from ctlplane subnet <%net_cidr%>':
-                      source: <%net_cidr%>
-                      proto: 'tcp'
-                      dport: 22
+          map_merge:
+            repeat:
+              for_each:
+                <%net_cidr%>: {get_param: [ServiceData, net_cidr_map, ctlplane]}
+              template:
+                '003 accept ssh from ctlplane subnet <%net_cidr%>':
+                  source: <%net_cidr%>
+                  proto: 'tcp'
+                  dport: 22
 
       step_config: |
         include ::tripleo::firewall