Code Review / puppet-modules / puppetlabs-apt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge pull request #365 from mhaskel/long_key_support
[puppet-modules/puppetlabs-apt.git] / spec / acceptance / apt_key_provider_spec.rb
1 require 'spec_helper_acceptance'
2
3 PUPPETLABS_GPG_KEY_ID        = '4BD6EC30'
4 PUPPETLABS_GPG_LONG_KEY_ID   = '1054B7A24BD6EC30'
5 PUPPETLABS_APT_URL           = 'apt.puppetlabs.com'
6 PUPPETLABS_GPG_KEY_FILE      = 'pubkey.gpg'
7 CENTOS_GPG_KEY_ID            = 'C105B9DE'
8 CENTOS_REPO_URL              = 'ftp.cvut.cz/centos'
9 CENTOS_GPG_KEY_FILE          = 'RPM-GPG-KEY-CentOS-6'
10
11 describe 'apt_key' do
12   before(:each) do
13     # Delete twice to make sure everything is cleaned
14     # up after the short key collision
15     shell("apt-key del #{PUPPETLABS_GPG_KEY_ID}",
16           :acceptable_exit_codes => [0,1,2])
17     shell("apt-key del #{PUPPETLABS_GPG_KEY_ID}",
18           :acceptable_exit_codes => [0,1,2])
19   end
20
21   describe 'default options' do
22     key_versions = {
23       '32bit key id'                        => '4BD6EC30',
24       '64bit key id'                        => '1054B7A24BD6EC30',
25       '32bit lowercase key id'              => '4bd6ec30',
26       '64bit lowercase key id'              => '1054b7a24bd6ec30',
27       '0x formatted 32bit key id'           => '0x4BD6EC30',
28       '0x formatted 64bit key id'           => '0x1054B7A24BD6EC30',
29       '0x formatted 32bit lowercase key id' => '0x4bd6ec30',
30       '0x formatted 64bit lowercase key id' => '0x1054b7a24bd6ec30',
31     }
32
33     key_versions.each do |key, value|
34       context "#{key}" do
35         it 'works' do
36           pp = <<-EOS
37           apt_key { 'puppetlabs':
38             id     => '#{value}',
39             ensure => 'present',
40           }
41           EOS
42
43           apply_manifest(pp, :catch_failures => true)
44           apply_manifest(pp, :catch_changes => true)
45           shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
46         end
47       end
48     end
49
50     context 'invalid length key id' do
51       it 'fails' do
52         pp = <<-EOS
53         apt_key { 'puppetlabs':
54           id => '4B7A24BD6EC30',
55         }
56         EOS
57
58         apply_manifest(pp, :expect_failures => true) do |r|
59           expect(r.stderr).to match(/Valid values match/)
60         end
61       end
62     end
63   end
64
65   describe 'ensure =>' do
66     context 'absent' do
67       it 'is removed' do
68         pp = <<-EOS
69         apt_key { 'puppetlabs':
70           id     => '#{PUPPETLABS_GPG_KEY_ID}',
71           ensure => 'absent',
72         }
73         EOS
74
75         # Install the key first
76         shell("apt-key adv --keyserver keyserver.ubuntu.com \
77               --recv-keys #{PUPPETLABS_GPG_LONG_KEY_ID}")
78         shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
79
80         # Time to remove it using Puppet
81         apply_manifest(pp, :catch_failures => true)
82         apply_manifest(pp, :catch_failures => true)
83
84         shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}",
85               :acceptable_exit_codes => [1])
86       end
87     end
88   end
89
90   describe 'content =>' do
91     context 'puppetlabs gpg key' do
92       it 'works' do
93         pp = <<-EOS
94           apt_key { 'puppetlabs':
95             id      => '#{PUPPETLABS_GPG_KEY_ID}',
96             ensure  => 'present',
97             content => "-----BEGIN PGP PUBLIC KEY BLOCK-----
98 Version: GnuPG v1.4.12 (GNU/Linux)
99 Comment: GPGTools - http://gpgtools.org
100
101 mQINBEw3u0ABEAC1+aJQpU59fwZ4mxFjqNCgfZgDhONDSYQFMRnYC1dzBpJHzI6b
102 fUBQeaZ8rh6N4kZ+wq1eL86YDXkCt4sCvNTP0eF2XaOLbmxtV9bdpTIBep9bQiKg
103 5iZaz+brUZlFk/MyJ0Yz//VQ68N1uvXccmD6uxQsVO+gx7rnarg/BGuCNaVtGwy+
104 S98g8Begwxs9JmGa8pMCcSxtC7fAfAEZ02cYyrw5KfBvFI3cHDdBqrEJQKwKeLKY
105 GHK3+H1TM4ZMxPsLuR/XKCbvTyl+OCPxU2OxPjufAxLlr8BWUzgJv6ztPe9imqpH
106 Ppp3KuLFNorjPqWY5jSgKl94W/CO2x591e++a1PhwUn7iVUwVVe+mOEWnK5+Fd0v
107 VMQebYCXS+3dNf6gxSvhz8etpw20T9Ytg4EdhLvCJRV/pYlqhcq+E9le1jFOHOc0
108 Nc5FQweUtHGaNVyn8S1hvnvWJBMxpXq+Bezfk3X8PhPT/l9O2lLFOOO08jo0OYiI
109 wrjhMQQOOSZOb3vBRvBZNnnxPrcdjUUm/9cVB8VcgI5KFhG7hmMCwH70tpUWcZCN
110 NlI1wj/PJ7Tlxjy44f1o4CQ5FxuozkiITJvh9CTg+k3wEmiaGz65w9jRl9ny2gEl
111 f4CR5+ba+w2dpuDeMwiHJIs5JsGyJjmA5/0xytB7QvgMs2q25vWhygsmUQARAQAB
112 tEdQdXBwZXQgTGFicyBSZWxlYXNlIEtleSAoUHVwcGV0IExhYnMgUmVsZWFzZSBL
113 ZXkpIDxpbmZvQHB1cHBldGxhYnMuY29tPokCPgQTAQIAKAUCTDe7QAIbAwUJA8Jn
114 AAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQEFS3okvW7DAZaw//aLmE/eob
115 pXpIUVyCUWQxEvPtM/h/SAJsG3KoHN9u216ews+UHsL/7F91ceVXQQdD2e8CtYWF
116 eLNM0RSM9i/KM60g4CvIQlmNqdqhi1HsgGqInZ72/XLAXun0gabfC36rLww2kel+
117 aMpRf58SrSuskY321NnMEJl4OsHV2hfNtAIgw2e/zm9RhoMpGKxoHZCvFhnP7u2M
118 2wMq7iNDDWb6dVsLpzdlVf242zCbubPCxxQXOpA56rzkUPuJ85mdVw4i19oPIFIZ
119 VL5owit1SxCOxBg4b8oaMS36hEl3qtZG834rtLfcqAmqjhx6aJuJLOAYN84QjDEU
120 3NI5IfNRMvluIeTcD4Dt5FCYahN045tW1Rc6s5GAR8RW45GYwQDzG+kkkeeGxwEh
121 qCW7nOHuwZIoVJufNhd28UFn83KGJHCQt4NBBr3K5TcY6bDQEIrpSplWSDBbd3p1
122 IaoZY1WSDdP9OTVOSbsz0JiglWmUWGWCdd/CMSW/D7/3VUOJOYRDwptvtSYcjJc8
123 1UV+1zB+rt5La/OWe4UOORD+jU1ATijQEaFYxBbqBBkFboAEXq9btRQyegqk+eVp
124 HhzacP5NYFTMThvHuTapNytcCso5au/cMywqCgY1DfcMJyjocu4bCtrAd6w4kGKN
125 MUdwNDYQulHZDI+UjJInhramyngdzZLjdeGJARwEEAECAAYFAkw3wEYACgkQIVr+
126 UOQUcDKvEwgAoBuOPnPioBwYp8oHVPTo/69cJn1225kfraUYGebCcrRwuoKd8Iyh
127 R165nXYJmD8yrAFBk8ScUVKsQ/pSnqNrBCrlzQD6NQvuIWVFegIdjdasrWX6Szj+
128 N1OllbzIJbkE5eo0WjCMEKJVI/GTY2AnTWUAm36PLQC5HnSATykqwxeZDsJ/s8Rc
129 kd7+QN5sBVytG3qb45Q7jLJpLcJO6KYH4rz9ZgN7LzyyGbu9DypPrulADG9OrL7e
130 lUnsGDG4E1M8Pkgk9Xv9MRKao1KjYLD5zxOoVtdeoKEQdnM+lWMJin1XvoqJY7FT
131 DJk6o+cVqqHkdKL+sgsscFVQljgCEd0EgIkCHAQQAQgABgUCTPlA6QAKCRBcE9bb
132 kwUuAxdYD/40FxAeNCYByxkr/XRT0gFT+NCjPuqPWCM5tf2NIhSapXtb2+32WbAf
133 DzVfqWjC0G0RnQBve+vcjpY4/rJu4VKIDGIT8CtnKOIyEcXTNFOehi65xO4ypaei
134 BPSb3ip3P0of1iZZDQrNHMW5VcyL1c+PWT/6exXSGsePtO/89tc6mupqZtC05f5Z
135 XG4jswMF0U6Q5s3S0tG7Y+oQhKNFJS4sH4rHe1o5CxKwNRSzqccA0hptKy3MHUZ2
136 +zeHzuRdRWGjb2rUiVxnIvPPBGxF2JHhB4ERhGgbTxRZ6wZbdW06BOE8r7pGrUpU
137 fCw/WRT3gGXJHpGPOzFAvr3Xl7VcDUKTVmIajnpd3SoyD1t2XsvJlSQBOWbViucH
138 dvE4SIKQ77vBLRlZIoXXVb6Wu7Vq+eQs1ybjwGOhnnKjz8llXcMnLzzN86STpjN4
139 qGTXQy/E9+dyUP1sXn3RRwb+ZkdI77m1YY95QRNgG/hqh77IuWWg1MtTSgQnP+F2
140 7mfo0/522hObhdAe73VO3ttEPiriWy7tw3bS9daP2TAVbYyFqkvptkBb1OXRUSzq
141 UuWjBmZ35UlXjKQsGeUHlOiEh84aondF90A7gx0X/ktNIPRrfCGkHJcDu+HVnR7x
142 Kk+F0qb9+/pGLiT3rqeQTr8fYsb4xLHT7uEg1gVFB1g0kd+RQHzV74kCPgQTAQIA
143 KAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAk/x5PoFCQtIMjoACgkQEFS3
144 okvW7DAIKQ/9HvZyf+LHVSkCk92Kb6gckniin3+5ooz67hSr8miGBfK4eocqQ0H7
145 bdtWjAILzR/IBY0xj6OHKhYP2k8TLc7QhQjt0dRpNkX+Iton2AZryV7vUADreYz4
146 4B0bPmhiE+LL46ET5IThLKu/KfihzkEEBa9/t178+dO9zCM2xsXaiDhMOxVE32gX
147 vSZKP3hmvnK/FdylUY3nWtPedr+lHpBLoHGaPH7cjI+MEEugU3oAJ0jpq3V8n4w0
148 jIq2V77wfmbD9byIV7dXcxApzciK+ekwpQNQMSaceuxLlTZKcdSqo0/qmS2A863Y
149 ZQ0ZBe+Xyf5OI33+y+Mry+vl6Lre2VfPm3udgR10E4tWXJ9Q2CmG+zNPWt73U1FD
150 7xBI7PPvOlyzCX4QJhy2Fn/fvzaNjHp4/FSiCw0HvX01epcersyun3xxPkRIjwwR
151 M9m5MJ0o4hhPfa97zibXSh8XXBnosBQxeg6nEnb26eorVQbqGx0ruu/W2m5/JpUf
152 REsFmNOBUbi8xlKNS5CZypH3Zh88EZiTFolOMEh+hT6s0l6znBAGGZ4m/Unacm5y
153 DHmg7unCk4JyVopQ2KHMoqG886elu+rm0ASkhyqBAk9sWKptMl3NHiYTRE/m9VAk
154 ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
155 =a34C
156 -----END PGP PUBLIC KEY BLOCK-----",
157           }
158         EOS
159
160         apply_manifest(pp, :catch_failures => true)
161         apply_manifest(pp, :catch_failures => true)
162         shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
163       end
164     end
165
166     context 'bogus key' do
167       it 'fails' do
168         pp = <<-EOS
169         apt_key { 'puppetlabs':
170           id      => '#{PUPPETLABS_GPG_KEY_ID}',
171           ensure  => 'present',
172           content => 'For posterity: such content, much bogus, wow',
173         }
174         EOS
175
176         apply_manifest(pp, :expect_failures => true) do |r|
177           expect(r.stderr).to match(/no valid OpenPGP data found/)
178         end
179       end
180     end
181   end
182
183   describe 'server =>' do
184     context 'pgp.mit.edu' do
185       it 'works' do
186         pp = <<-EOS
187         apt_key { 'puppetlabs':
188           id     => '#{PUPPETLABS_GPG_KEY_ID}',
189           ensure => 'present',
190           server => 'pgp.mit.edu',
191         }
192         EOS
193
194         apply_manifest(pp, :catch_failures => true)
195         apply_manifest(pp, :catch_failures => true)
196         shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
197       end
198     end
199
200     context 'hkp://pgp.mit.edu:80' do
201       it 'works' do
202         pp = <<-EOS
203         apt_key { 'puppetlabs':
204           id     => '#{PUPPETLABS_GPG_KEY_ID}',
205           ensure => 'present',
206           server => 'hkp://pgp.mit.edu:80',
207         }
208         EOS
209
210         apply_manifest(pp, :catch_failures => true)
211         apply_manifest(pp, :catch_failures => true)
212         shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
213       end
214     end
215
216     context 'nonexistant.key.server' do
217       it 'fails' do
218         pp = <<-EOS
219         apt_key { 'puppetlabs':
220           id     => '#{PUPPETLABS_GPG_KEY_ID}',
221           ensure => 'present',
222           server => 'nonexistant.key.server',
223         }
224         EOS
225
226         apply_manifest(pp, :expect_failures => true) do |r|
227           expect(r.stderr).to match(/(Host not found|Couldn't resolve host)/)
228         end
229       end
230     end
231
232     context 'key server start with dot' do
233       it 'fails' do
234         pp = <<-EOS
235         apt_key { 'puppetlabs':
236           id     => '#{PUPPETLABS_GPG_KEY_ID}',
237           ensure => 'present',
238           server => '.pgp.key.server',
239         }
240         EOS
241
242         apply_manifest(pp, :expect_failures => true) do |r|
243           expect(r.stderr).to match(/Invalid value \".pgp.key.server\"/)
244         end
245       end
246     end
247   end
248
249   describe 'source =>' do
250     context 'http://' do
251       it 'works' do
252         pp = <<-EOS
253         apt_key { 'puppetlabs':
254           id     => '#{PUPPETLABS_GPG_KEY_ID}',
255           ensure => 'present',
256           source => 'http://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
257         }
258         EOS
259
260         apply_manifest(pp, :catch_failures => true)
261         apply_manifest(pp, :catch_failures => true)
262         shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
263       end
264
265       it 'fails with a 404' do
266         pp = <<-EOS
267         apt_key { 'puppetlabs':
268           id     => '#{PUPPETLABS_GPG_KEY_ID}',
269           ensure => 'present',
270           source => 'http://#{PUPPETLABS_APT_URL}/herpderp.gpg',
271         }
272         EOS
273
274         apply_manifest(pp, :expect_failures => true) do |r|
275           expect(r.stderr).to match(/404 Not Found/)
276         end
277       end
278
279       it 'fails with a socket error' do
280         pp = <<-EOS
281         apt_key { 'puppetlabs':
282           id     => '#{PUPPETLABS_GPG_KEY_ID}',
283           ensure => 'present',
284           source => 'http://apt.puppetlabss.com/herpderp.gpg',
285         }
286         EOS
287
288         apply_manifest(pp, :expect_failures => true) do |r|
289           expect(r.stderr).to match(/could not resolve/)
290         end
291       end
292     end
293
294     context 'ftp://' do
295       before(:each) do
296         shell("apt-key del #{CENTOS_GPG_KEY_ID}",
297               :acceptable_exit_codes => [0,1,2])
298       end
299
300       it 'works' do
301         pp = <<-EOS
302         apt_key { 'CentOS 6':
303           id     => '#{CENTOS_GPG_KEY_ID}',
304           ensure => 'present',
305           source => 'ftp://#{CENTOS_REPO_URL}/#{CENTOS_GPG_KEY_FILE}',
306         }
307         EOS
308
309         apply_manifest(pp, :catch_failures => true)
310         apply_manifest(pp, :catch_failures => true)
311         shell("apt-key list | grep #{CENTOS_GPG_KEY_ID}")
312       end
313
314       it 'fails with a 550' do
315         pp = <<-EOS
316         apt_key { 'CentOS 6':
317           id     => '#{CENTOS_GPG_KEY_ID}',
318           ensure => 'present',
319           source => 'ftp://#{CENTOS_REPO_URL}/herpderp.gpg',
320         }
321         EOS
322
323         apply_manifest(pp, :expect_failures => true) do |r|
324           expect(r.stderr).to match(/550 Failed to open/)
325         end
326       end
327
328       it 'fails with a socket error' do
329         pp = <<-EOS
330         apt_key { 'puppetlabs':
331           id     => '#{PUPPETLABS_GPG_KEY_ID}',
332           ensure => 'present',
333           source => 'ftp://apt.puppetlabss.com/herpderp.gpg',
334         }
335         EOS
336
337         apply_manifest(pp, :expect_failures => true) do |r|
338           expect(r.stderr).to match(/could not resolve/)
339         end
340       end
341     end
342
343     context 'https://' do
344       it 'works' do
345         pp = <<-EOS
346         apt_key { 'puppetlabs':
347           id     => '#{PUPPETLABS_GPG_KEY_ID}',
348           ensure => 'present',
349           source => 'https://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
350         }
351         EOS
352
353         apply_manifest(pp, :catch_failures => true)
354         apply_manifest(pp, :catch_failures => true)
355         shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
356       end
357
358       it 'fails with a 404' do
359         pp = <<-EOS
360         apt_key { 'puppetlabs':
361           id     => '4BD6EC30',
362           ensure => 'present',
363           source => 'https://#{PUPPETLABS_APT_URL}/herpderp.gpg',
364         }
365         EOS
366
367         apply_manifest(pp, :expect_failures => true) do |r|
368           expect(r.stderr).to match(/404 Not Found/)
369         end
370       end
371
372       it 'fails with a socket error' do
373         pp = <<-EOS
374         apt_key { 'puppetlabs':
375           id     => '4BD6EC30',
376           ensure => 'present',
377           source => 'https://apt.puppetlabss.com/herpderp.gpg',
378         }
379         EOS
380
381         apply_manifest(pp, :expect_failures => true) do |r|
382           expect(r.stderr).to match(/could not resolve/)
383         end
384       end
385     end
386
387     context '/path/that/exists' do
388       before(:each) do
389         shell("curl -o /tmp/puppetlabs-pubkey.gpg \
390               http://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}")
391       end
392
393       after(:each) do
394         shell('rm /tmp/puppetlabs-pubkey.gpg')
395       end
396
397       it 'works' do
398         pp = <<-EOS
399         apt_key { 'puppetlabs':
400           id     => '4BD6EC30',
401           ensure => 'present',
402           source => '/tmp/puppetlabs-pubkey.gpg',
403         }
404         EOS
405
406         apply_manifest(pp, :catch_failures => true)
407         apply_manifest(pp, :catch_failures => true)
408         shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
409       end
410     end
411
412     context '/path/that/does/not/exist' do
413       it 'fails' do
414         pp = <<-EOS
415         apt_key { 'puppetlabs':
416           id     => '#{PUPPETLABS_GPG_KEY_ID}',
417           ensure => 'present',
418           source => '/tmp/totally_bogus.file',
419         }
420         EOS
421
422         apply_manifest(pp, :expect_failures => true) do |r|
423           expect(r.stderr).to match(/does not exist/)
424         end
425       end
426     end
427
428     context '/path/that/exists/with/bogus/content' do
429       before(:each) do
430         shell('echo "here be dragons" > /tmp/fake-key.gpg')
431       end
432
433       after(:each) do
434         shell('rm /tmp/fake-key.gpg')
435       end
436       it 'fails' do
437         pp = <<-EOS
438         apt_key { 'puppetlabs':
439           id     => '#{PUPPETLABS_GPG_KEY_ID}',
440           ensure => 'present',
441           source => '/tmp/fake-key.gpg',
442         }
443         EOS
444
445         apply_manifest(pp, :expect_failures => true) do |r|
446           expect(r.stderr).to match(/no valid OpenPGP data found/)
447         end
448       end
449     end
450   end
451
452   describe 'keyserver_options =>' do
453     context 'debug' do
454       it 'works' do
455         pp = <<-EOS
456         apt_key { 'puppetlabs':
457           id                => '#{PUPPETLABS_GPG_KEY_ID}',
458           ensure            => 'present',
459           keyserver_options => 'debug',
460         }
461         EOS
462
463         apply_manifest(pp, :catch_failures => true)
464         apply_manifest(pp, :catch_failures => true)
465         shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
466       end
467
468       it 'fails on invalid options' do
469         pp = <<-EOS
470         apt_key { 'puppetlabs':
471           id                => '#{PUPPETLABS_GPG_KEY_ID}',
472           ensure            => 'present',
473           keyserver_options => 'this is totally bonkers',
474         }
475         EOS
476
477         shell("apt-key del #{PUPPETLABS_GPG_KEY_ID}", :acceptable_exit_codes => [0,1,2])
478         apply_manifest(pp, :expect_failures => true) do |r|
479           expect(r.stderr).to match(/--keyserver-options this is totally/)
480         end
481       end
482     end
483   end
484 end