Code Review / puppet-modules / puppetlabs-apt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Merge branch '1.4.x' into 14x-merge
[puppet-modules/puppetlabs-apt.git] / spec / acceptance / apt_key_provider_spec.rb
1 require 'spec_helper_acceptance'
2
3 PUPPETLABS_GPG_KEY_ID   = '4BD6EC30'
4 PUPPETLABS_APT_URL      = 'apt.puppetlabs.com'
5 PUPPETLABS_GPG_KEY_FILE = 'pubkey.gpg'
6 CENTOS_GPG_KEY_ID       = 'C105B9DE'
7 CENTOS_REPO_URL         = 'ftp.cvut.cz/centos'
8 CENTOS_GPG_KEY_FILE     = 'RPM-GPG-KEY-CentOS-6'
9
10 describe 'apt_key' do
11   before(:each) do
12     shell("apt-key del #{PUPPETLABS_GPG_KEY_ID}",
13           :acceptable_exit_codes => [0,1,2])
14   end
15
16   describe 'default options' do
17     key_versions = {
18       '32bit key id'                        => '4BD6EC30',
19       '64bit key id'                        => '1054B7A24BD6EC30',
20       '32bit lowercase key id'              => '4bd6ec30',
21       '64bit lowercase key id'              => '1054b7a24bd6ec30',
22       '0x formatted 32bit key id'           => '0x4BD6EC30',
23       '0x formatted 64bit key id'           => '0x1054B7A24BD6EC30',
24       '0x formatted 32bit lowercase key id' => '0x4bd6ec30',
25       '0x formatted 64bit lowercase key id' => '0x1054b7a24bd6ec30',
26     }
27
28     key_versions.each do |key, value|
29       context "#{key}" do
30         it 'works' do
31           pp = <<-EOS
32           apt_key { 'puppetlabs':
33             id     => '#{value}',
34             ensure => 'present',
35           }
36           EOS
37
38           apply_manifest(pp, :catch_failures => true)
39           expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
40           shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
41         end
42       end
43     end
44
45     context 'invalid length key id' do
46       it 'fails' do
47         pp = <<-EOS
48         apt_key { 'puppetlabs':
49           id => '4B7A24BD6EC30',
50         }
51         EOS
52
53         apply_manifest(pp, :expect_failures => true) do |r|
54           expect(r.stderr).to match(/Valid values match/)
55         end
56       end
57     end
58   end
59
60   describe 'ensure =>' do
61     context 'absent' do
62       it 'is removed' do
63         pp = <<-EOS
64         apt_key { 'puppetlabs':
65           id     => '#{PUPPETLABS_GPG_KEY_ID}',
66           ensure => 'absent',
67         }
68         EOS
69
70         # Install the key first
71         shell("apt-key adv --keyserver keyserver.ubuntu.com \
72               --recv-keys #{PUPPETLABS_GPG_KEY_ID}")
73         shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
74
75         # Time to remove it using Puppet
76         apply_manifest(pp, :catch_failures => true)
77         expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
78
79         shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}",
80               :acceptable_exit_codes => [1])
81       end
82     end
83   end
84
85   describe 'content =>' do
86     context 'puppetlabs gpg key' do
87       it 'works' do
88         pp = <<-EOS
89           apt_key { 'puppetlabs':
90             id      => '#{PUPPETLABS_GPG_KEY_ID}',
91             ensure  => 'present',
92             content => "-----BEGIN PGP PUBLIC KEY BLOCK-----
93 Version: GnuPG v1.4.12 (GNU/Linux)
94 Comment: GPGTools - http://gpgtools.org
95
96 mQINBEw3u0ABEAC1+aJQpU59fwZ4mxFjqNCgfZgDhONDSYQFMRnYC1dzBpJHzI6b
97 fUBQeaZ8rh6N4kZ+wq1eL86YDXkCt4sCvNTP0eF2XaOLbmxtV9bdpTIBep9bQiKg
98 5iZaz+brUZlFk/MyJ0Yz//VQ68N1uvXccmD6uxQsVO+gx7rnarg/BGuCNaVtGwy+
99 S98g8Begwxs9JmGa8pMCcSxtC7fAfAEZ02cYyrw5KfBvFI3cHDdBqrEJQKwKeLKY
100 GHK3+H1TM4ZMxPsLuR/XKCbvTyl+OCPxU2OxPjufAxLlr8BWUzgJv6ztPe9imqpH
101 Ppp3KuLFNorjPqWY5jSgKl94W/CO2x591e++a1PhwUn7iVUwVVe+mOEWnK5+Fd0v
102 VMQebYCXS+3dNf6gxSvhz8etpw20T9Ytg4EdhLvCJRV/pYlqhcq+E9le1jFOHOc0
103 Nc5FQweUtHGaNVyn8S1hvnvWJBMxpXq+Bezfk3X8PhPT/l9O2lLFOOO08jo0OYiI
104 wrjhMQQOOSZOb3vBRvBZNnnxPrcdjUUm/9cVB8VcgI5KFhG7hmMCwH70tpUWcZCN
105 NlI1wj/PJ7Tlxjy44f1o4CQ5FxuozkiITJvh9CTg+k3wEmiaGz65w9jRl9ny2gEl
106 f4CR5+ba+w2dpuDeMwiHJIs5JsGyJjmA5/0xytB7QvgMs2q25vWhygsmUQARAQAB
107 tEdQdXBwZXQgTGFicyBSZWxlYXNlIEtleSAoUHVwcGV0IExhYnMgUmVsZWFzZSBL
108 ZXkpIDxpbmZvQHB1cHBldGxhYnMuY29tPokCPgQTAQIAKAUCTDe7QAIbAwUJA8Jn
109 AAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQEFS3okvW7DAZaw//aLmE/eob
110 pXpIUVyCUWQxEvPtM/h/SAJsG3KoHN9u216ews+UHsL/7F91ceVXQQdD2e8CtYWF
111 eLNM0RSM9i/KM60g4CvIQlmNqdqhi1HsgGqInZ72/XLAXun0gabfC36rLww2kel+
112 aMpRf58SrSuskY321NnMEJl4OsHV2hfNtAIgw2e/zm9RhoMpGKxoHZCvFhnP7u2M
113 2wMq7iNDDWb6dVsLpzdlVf242zCbubPCxxQXOpA56rzkUPuJ85mdVw4i19oPIFIZ
114 VL5owit1SxCOxBg4b8oaMS36hEl3qtZG834rtLfcqAmqjhx6aJuJLOAYN84QjDEU
115 3NI5IfNRMvluIeTcD4Dt5FCYahN045tW1Rc6s5GAR8RW45GYwQDzG+kkkeeGxwEh
116 qCW7nOHuwZIoVJufNhd28UFn83KGJHCQt4NBBr3K5TcY6bDQEIrpSplWSDBbd3p1
117 IaoZY1WSDdP9OTVOSbsz0JiglWmUWGWCdd/CMSW/D7/3VUOJOYRDwptvtSYcjJc8
118 1UV+1zB+rt5La/OWe4UOORD+jU1ATijQEaFYxBbqBBkFboAEXq9btRQyegqk+eVp
119 HhzacP5NYFTMThvHuTapNytcCso5au/cMywqCgY1DfcMJyjocu4bCtrAd6w4kGKN
120 MUdwNDYQulHZDI+UjJInhramyngdzZLjdeGJARwEEAECAAYFAkw3wEYACgkQIVr+
121 UOQUcDKvEwgAoBuOPnPioBwYp8oHVPTo/69cJn1225kfraUYGebCcrRwuoKd8Iyh
122 R165nXYJmD8yrAFBk8ScUVKsQ/pSnqNrBCrlzQD6NQvuIWVFegIdjdasrWX6Szj+
123 N1OllbzIJbkE5eo0WjCMEKJVI/GTY2AnTWUAm36PLQC5HnSATykqwxeZDsJ/s8Rc
124 kd7+QN5sBVytG3qb45Q7jLJpLcJO6KYH4rz9ZgN7LzyyGbu9DypPrulADG9OrL7e
125 lUnsGDG4E1M8Pkgk9Xv9MRKao1KjYLD5zxOoVtdeoKEQdnM+lWMJin1XvoqJY7FT
126 DJk6o+cVqqHkdKL+sgsscFVQljgCEd0EgIkCHAQQAQgABgUCTPlA6QAKCRBcE9bb
127 kwUuAxdYD/40FxAeNCYByxkr/XRT0gFT+NCjPuqPWCM5tf2NIhSapXtb2+32WbAf
128 DzVfqWjC0G0RnQBve+vcjpY4/rJu4VKIDGIT8CtnKOIyEcXTNFOehi65xO4ypaei
129 BPSb3ip3P0of1iZZDQrNHMW5VcyL1c+PWT/6exXSGsePtO/89tc6mupqZtC05f5Z
130 XG4jswMF0U6Q5s3S0tG7Y+oQhKNFJS4sH4rHe1o5CxKwNRSzqccA0hptKy3MHUZ2
131 +zeHzuRdRWGjb2rUiVxnIvPPBGxF2JHhB4ERhGgbTxRZ6wZbdW06BOE8r7pGrUpU
132 fCw/WRT3gGXJHpGPOzFAvr3Xl7VcDUKTVmIajnpd3SoyD1t2XsvJlSQBOWbViucH
133 dvE4SIKQ77vBLRlZIoXXVb6Wu7Vq+eQs1ybjwGOhnnKjz8llXcMnLzzN86STpjN4
134 qGTXQy/E9+dyUP1sXn3RRwb+ZkdI77m1YY95QRNgG/hqh77IuWWg1MtTSgQnP+F2
135 7mfo0/522hObhdAe73VO3ttEPiriWy7tw3bS9daP2TAVbYyFqkvptkBb1OXRUSzq
136 UuWjBmZ35UlXjKQsGeUHlOiEh84aondF90A7gx0X/ktNIPRrfCGkHJcDu+HVnR7x
137 Kk+F0qb9+/pGLiT3rqeQTr8fYsb4xLHT7uEg1gVFB1g0kd+RQHzV74kCPgQTAQIA
138 KAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAk/x5PoFCQtIMjoACgkQEFS3
139 okvW7DAIKQ/9HvZyf+LHVSkCk92Kb6gckniin3+5ooz67hSr8miGBfK4eocqQ0H7
140 bdtWjAILzR/IBY0xj6OHKhYP2k8TLc7QhQjt0dRpNkX+Iton2AZryV7vUADreYz4
141 4B0bPmhiE+LL46ET5IThLKu/KfihzkEEBa9/t178+dO9zCM2xsXaiDhMOxVE32gX
142 vSZKP3hmvnK/FdylUY3nWtPedr+lHpBLoHGaPH7cjI+MEEugU3oAJ0jpq3V8n4w0
143 jIq2V77wfmbD9byIV7dXcxApzciK+ekwpQNQMSaceuxLlTZKcdSqo0/qmS2A863Y
144 ZQ0ZBe+Xyf5OI33+y+Mry+vl6Lre2VfPm3udgR10E4tWXJ9Q2CmG+zNPWt73U1FD
145 7xBI7PPvOlyzCX4QJhy2Fn/fvzaNjHp4/FSiCw0HvX01epcersyun3xxPkRIjwwR
146 M9m5MJ0o4hhPfa97zibXSh8XXBnosBQxeg6nEnb26eorVQbqGx0ruu/W2m5/JpUf
147 REsFmNOBUbi8xlKNS5CZypH3Zh88EZiTFolOMEh+hT6s0l6znBAGGZ4m/Unacm5y
148 DHmg7unCk4JyVopQ2KHMoqG886elu+rm0ASkhyqBAk9sWKptMl3NHiYTRE/m9VAk
149 ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYU=
150 =a34C
151 -----END PGP PUBLIC KEY BLOCK-----",
152           }
153         EOS
154
155         apply_manifest(pp, :catch_failures => true)
156         expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
157         shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
158       end
159     end
160
161     context 'bogus key' do
162       it 'fails' do
163         pp = <<-EOS
164         apt_key { 'puppetlabs':
165           id      => '#{PUPPETLABS_GPG_KEY_ID}',
166           ensure  => 'present',
167           content => 'For posterity: such content, much bogus, wow',
168         }
169         EOS
170
171         apply_manifest(pp, :expect_failures => true) do |r|
172           expect(r.stderr).to match(/no valid OpenPGP data found/)
173         end
174       end
175     end
176   end
177
178   describe 'server =>' do
179     context 'pgp.mit.edu' do
180       it 'works' do
181         pp = <<-EOS
182         apt_key { 'puppetlabs':
183           id     => '#{PUPPETLABS_GPG_KEY_ID}',
184           ensure => 'present',
185           server => 'pgp.mit.edu',
186         }
187         EOS
188
189         apply_manifest(pp, :catch_failures => true)
190         expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
191         shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
192       end
193     end
194
195     context 'nonexistant.key.server' do
196       it 'fails' do
197         pp = <<-EOS
198         apt_key { 'puppetlabs':
199           id     => '#{PUPPETLABS_GPG_KEY_ID}',
200           ensure => 'present',
201           server => 'nonexistant.key.server',
202         }
203         EOS
204
205         apply_manifest(pp, :expect_failures => true) do |r|
206           expect(r.stderr).to match(/Host not found/)
207         end
208       end
209     end
210   end
211
212   describe 'source =>' do
213     context 'http://' do
214       it 'works' do
215         pp = <<-EOS
216         apt_key { 'puppetlabs':
217           id     => '#{PUPPETLABS_GPG_KEY_ID}',
218           ensure => 'present',
219           source => 'http://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
220         }
221         EOS
222
223         apply_manifest(pp, :catch_failures => true)
224         expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
225         shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
226       end
227
228       it 'fails with a 404' do
229         pp = <<-EOS
230         apt_key { 'puppetlabs':
231           id     => '#{PUPPETLABS_GPG_KEY_ID}',
232           ensure => 'present',
233           source => 'http://#{PUPPETLABS_APT_URL}/herpderp.gpg',
234         }
235         EOS
236
237         apply_manifest(pp, :expect_failures => true) do |r|
238           expect(r.stderr).to match(/404 Not Found/)
239         end
240       end
241
242       it 'fails with a socket error' do
243         pp = <<-EOS
244         apt_key { 'puppetlabs':
245           id     => '#{PUPPETLABS_GPG_KEY_ID}',
246           ensure => 'present',
247           source => 'http://apt.puppetlabss.com/herpderp.gpg',
248         }
249         EOS
250
251         apply_manifest(pp, :expect_failures => true) do |r|
252           expect(r.stderr).to match(/could not resolve/)
253         end
254       end
255     end
256
257     context 'ftp://' do
258       before(:each) do
259         shell("apt-key del #{CENTOS_GPG_KEY_ID}",
260               :acceptable_exit_codes => [0,1,2])
261       end
262
263       it 'works' do
264         pp = <<-EOS
265         apt_key { 'CentOS 6':
266           id     => '#{CENTOS_GPG_KEY_ID}',
267           ensure => 'present',
268           source => 'ftp://#{CENTOS_REPO_URL}/#{CENTOS_GPG_KEY_FILE}',
269         }
270         EOS
271
272         apply_manifest(pp, :catch_failures => true)
273         expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
274         shell("apt-key list | grep #{CENTOS_GPG_KEY_ID}")
275       end
276
277       it 'fails with a 550' do
278         pp = <<-EOS
279         apt_key { 'CentOS 6':
280           id     => '#{CENTOS_GPG_KEY_ID}',
281           ensure => 'present',
282           source => 'ftp://#{CENTOS_REPO_URL}/herpderp.gpg',
283         }
284         EOS
285
286         apply_manifest(pp, :expect_failures => true) do |r|
287           expect(r.stderr).to match(/550 Failed to open/)
288         end
289       end
290
291       it 'fails with a socket error' do
292         pp = <<-EOS
293         apt_key { 'puppetlabs':
294           id     => '#{PUPPETLABS_GPG_KEY_ID}',
295           ensure => 'present',
296           source => 'ftp://apt.puppetlabss.com/herpderp.gpg',
297         }
298         EOS
299
300         apply_manifest(pp, :expect_failures => true) do |r|
301           expect(r.stderr).to match(/could not resolve/)
302         end
303       end
304     end
305
306     context 'https://' do
307       it 'works' do
308         pp = <<-EOS
309         apt_key { 'puppetlabs':
310           id     => '#{PUPPETLABS_GPG_KEY_ID}',
311           ensure => 'present',
312           source => 'https://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
313         }
314         EOS
315
316         apply_manifest(pp, :catch_failures => true)
317         expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
318         shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
319       end
320
321       it 'fails with a 404' do
322         pp = <<-EOS
323         apt_key { 'puppetlabs':
324           id     => '4BD6EC30',
325           ensure => 'present',
326           source => 'https://#{PUPPETLABS_APT_URL}/herpderp.gpg',
327         }
328         EOS
329
330         apply_manifest(pp, :expect_failures => true) do |r|
331           expect(r.stderr).to match(/404 Not Found/)
332         end
333       end
334
335       it 'fails with a socket error' do
336         pp = <<-EOS
337         apt_key { 'puppetlabs':
338           id     => '4BD6EC30',
339           ensure => 'present',
340           source => 'https://apt.puppetlabss.com/herpderp.gpg',
341         }
342         EOS
343
344         apply_manifest(pp, :expect_failures => true) do |r|
345           expect(r.stderr).to match(/could not resolve/)
346         end
347       end
348     end
349
350     context '/path/that/exists' do
351       before(:each) do
352         shell("curl -o /tmp/puppetlabs-pubkey.gpg \
353               http://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}")
354       end
355
356       after(:each) do
357         shell('rm /tmp/puppetlabs-pubkey.gpg')
358       end
359
360       it 'works' do
361         pp = <<-EOS
362         apt_key { 'puppetlabs':
363           id     => '4BD6EC30',
364           ensure => 'present',
365           source => '/tmp/puppetlabs-pubkey.gpg',
366         }
367         EOS
368
369         apply_manifest(pp, :catch_failures => true)
370         expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
371         shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
372       end
373     end
374
375     context '/path/that/does/not/exist' do
376       it 'fails' do
377         pp = <<-EOS
378         apt_key { 'puppetlabs':
379           id     => '#{PUPPETLABS_GPG_KEY_ID}',
380           ensure => 'present',
381           source => '/tmp/totally_bogus.file',
382         }
383         EOS
384
385         apply_manifest(pp, :expect_failures => true) do |r|
386           expect(r.stderr).to match(/does not exist/)
387         end
388       end
389     end
390
391     context '/path/that/exists/with/bogus/content' do
392       before(:each) do
393         shell('echo "here be dragons" > /tmp/fake-key.gpg')
394       end
395
396       after(:each) do
397         shell('rm /tmp/fake-key.gpg')
398       end
399       it 'fails' do
400         pp = <<-EOS
401         apt_key { 'puppetlabs':
402           id     => '#{PUPPETLABS_GPG_KEY_ID}',
403           ensure => 'present',
404           source => '/tmp/fake-key.gpg',
405         }
406         EOS
407
408         apply_manifest(pp, :expect_failures => true) do |r|
409           expect(r.stderr).to match(/no valid OpenPGP data found/)
410         end
411       end
412     end
413   end
414
415   describe 'keyserver_options =>' do
416     context 'debug' do
417       it 'works' do
418         pp = <<-EOS
419         apt_key { 'puppetlabs':
420           id                => '#{PUPPETLABS_GPG_KEY_ID}',
421           ensure            => 'present',
422           keyserver_options => 'debug',
423         }
424         EOS
425
426         apply_manifest(pp, :catch_failures => true)
427         expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
428         shell("apt-key list | grep #{PUPPETLABS_GPG_KEY_ID}")
429       end
430
431       it 'fails on invalid options' do
432         pp = <<-EOS
433         apt_key { 'puppetlabs':
434           id                => '#{PUPPETLABS_GPG_KEY_ID}',
435           ensure            => 'present',
436           keyserver_options => 'this is totally bonkers',
437         }
438         EOS
439
440         apply_manifest(pp, :expect_failures => true) do |r|
441           expect(r.stderr).to match(/--keyserver-options this is totally/)
442         end
443       end
444     end
445   end
446 end