1 # frozen_string_literal: true
5 describe Puppet::Type.type(:apt_key).provider(:apt_key) do
6 describe 'instances' do
7 it 'has an instance method' do
8 expect(described_class).to respond_to :instances
12 describe 'prefetch' do
13 it 'has a prefetch method' do
14 expect(described_class).to respond_to :prefetch
18 context 'with self.instances no key' do
20 # Unable to remove `master` from below terminology as it relies on outside code
21 allow(described_class).to receive(:apt_key).with(
22 ['adv', '--no-tty', '--list-keys', '--with-colons', '--fingerprint', '--fixed-list-mode'],
23 ).and_return('uid:-::::1284991450::07BEBE04F4AE4A8E885A761325717D8509D9C1DC::Ubuntu Extras Archive Automatic Signing Key <ftpmaster@ubuntu.com>::::::::::0:')
26 it 'returns no resources' do
27 expect(described_class.instances.size).to eq(0)
31 context 'with self.instances multiple keys' do
33 command_output = <<~OUTPUT
34 Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.DU0GdRxjmE --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/puppetlabs-pc1-keyring.gpg --no-tty --list-keys --with-colons --fingerprint --fixed-list-mode
35 tru:t:1:1549900774:0:3:1:5
36 pub:-:1024:17:40976EAF437D05B5:1095016255:::-:::scESC:
37 fpr:::::::::630239CC130E1A7FD81A27B140976EAF437D05B5:
38 uid:-::::1095016255::B84AE656F4F5A826C273A458512EF8E282754CE1::Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>:
39 sub:-:2048:16:251BEFF479164387:1095016263::::::e:
40 pub:-:1024:17:46181433FBB75451:1104433784:::-:::scSC:
41 fpr:::::::::C5986B4F1257FFA86632CBA746181433FBB75451:
43 allow(described_class).to receive(:apt_key).with(
44 ['adv', '--no-tty', '--list-keys', '--with-colons', '--fingerprint', '--fixed-list-mode'],
45 ).and_return(command_output)
48 it 'returns 2 resources' do # rubocop:disable RSpec/MultipleExpectations
49 expect(described_class.instances.size).to eq(2)
50 expect(described_class.instances[0].name).to eq('630239CC130E1A7FD81A27B140976EAF437D05B5')
51 expect(described_class.instances[0].id).to eq('40976EAF437D05B5')
52 expect(described_class.instances[0].expired).to be_falsey
53 expect(described_class.instances[1].name).to eq('C5986B4F1257FFA86632CBA746181433FBB75451')
54 expect(described_class.instances[1].id).to eq('46181433FBB75451')
55 expect(described_class.instances[1].expired).to be_falsey
59 context 'with self.instances expired subkeys' do
61 command_output = <<~OUTPUT
62 Executing: /tmp/apt-key-gpghome.0lru3TZOtF/gpg.1.sh --list-keys --with-colons --fingerprint 0x7721F63BD38B4796
63 tru:t:1:1682141947:0:3:1:5
64 pub:-:4096:1:7721F63BD38B4796:1460440275:::-:::scSC::::::23::0:
65 fpr:::::::::EB4C1BFD4F042F6DDDCCEC917721F63BD38B4796:
66 uid:-::::1460440275::7830FE2652F718E78EEE5881B7FA2CE8E3533BE4::Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>::::::::::0:
67 sub:e:4096:1:1397BC53640DB551:1460440520:1555048520:::::s::::::23:
68 fpr:::::::::3B068FB4789ABE4AEFA3BB491397BC53640DB551:
69 sub:e:4096:1:6494C6D6997C215E:1485225932:1579833932:::::s::::::23:
70 fpr:::::::::3E50F6D3EC278FDEB655C8CA6494C6D6997C215E:
72 allow(described_class).to receive(:apt_key).with(
73 ['adv', '--no-tty', '--list-keys', '--with-colons', '--fingerprint', '--fixed-list-mode'],
74 ).and_return(command_output)
77 it 'returns 1 expired resource' do
78 expect(described_class.instances.size).to eq(1)
79 expect(described_class.instances[0].expired).to be_truthy
83 context 'with create apt_key resource' do
84 it 'apt_key with content set and source nil' do
85 expect(described_class).to receive(:apt_key).with(['adv', '--no-tty',
87 :'keyserver.ubuntu.com',
90 resource = Puppet::Type::Apt_key.new(name: 'source and content nil',
94 provider = described_class.new(resource)
95 expect(provider).not_to be_exist
97 expect(provider).to be_exist
100 it 'apt_key content and source nil, options set' do
101 expect(described_class).to receive(:apt_key).with(['adv', '--no-tty',
103 :'keyserver.ubuntu.com',
104 '--keyserver-options',
108 resource = Puppet::Type::Apt_key.new(name: 'source and content nil',
113 provider = described_class.new(resource)
114 expect(provider).not_to be_exist
116 expect(provider).to be_exist
119 it 'apt_key with content set' do # rubocop:disable RSpec/MultipleExpectations
120 expect(described_class).to receive(:apt_key).with(array_including('add', kind_of(String)))
121 resource = Puppet::Type::Apt_key.new(name: 'gsd',
126 provider = described_class.new(resource)
127 expect(provider).not_to be_exist
128 expect(provider).to receive(:tempfile).and_return(Tempfile.new('foo'))
130 expect(provider).to be_exist
133 it 'apt_key with source set' do # rubocop:disable RSpec/MultipleExpectations
134 expect(described_class).to receive(:apt_key).with(array_including('add', kind_of(String)))
135 resource = Puppet::Type::Apt_key.new(name: 'gsd',
137 source: 'ftp://bla/herpderp.gpg',
140 provider = described_class.new(resource)
141 expect(provider).not_to be_exist
142 expect(provider).to receive(:source_to_file).and_return(Tempfile.new('foo'))
144 expect(provider).to be_exist
147 it 'apt_key with source and weak ssl verify set' do # rubocop:disable RSpec/MultipleExpectations
148 expect(described_class).to receive(:apt_key).with(array_including('add', kind_of(String)))
149 resource = Puppet::Type::Apt_key.new(name: 'gsd',
151 source: 'https://bla/herpderp.gpg',
155 provider = described_class.new(resource)
156 expect(provider).not_to be_exist
157 expect(provider).to receive(:source_to_file).and_return(Tempfile.new('foo'))
159 expect(provider).to be_exist
162 describe 'different valid id keys' do
164 '32bit key id' => 'EF8D349F',
165 '64bit key id' => '7F438280EF8D349F',
166 '160bit key fingerprint' => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
167 '32bit key id lowercase' => 'EF8D349F'.downcase,
168 '64bit key id lowercase' => '7F438280EF8D349F'.downcase,
169 '160bit key fingerprint lowercase' => '6F6B15509CF8E59E6E469F327F438280EF8D349F'.downcase,
170 '32bit key id 0x formatted' => '0xEF8D349F',
171 '64bit key id 0x formatted' => '0x7F438280EF8D349F',
172 '160bit key fingerprint 0x formatted' => '0x6F6B15509CF8E59E6E469F327F438280EF8D349F'
174 hash_of_keys.each do |key_type, value|
175 it "#{key_type} #{value} is valid" do
176 expect(described_class).to receive(:apt_key).with(array_including('adv', '--no-tty',
178 :'keyserver.ubuntu.com',
180 resource = Puppet::Type::Apt_key.new(name: 'source and content nil',
184 provider = described_class.new(resource)
185 expect(provider).not_to be_exist
187 expect(provider).to be_exist
192 it 'apt_key with invalid key length' do
194 Puppet::Type::Apt_key.new(name: 'source and content nil',
197 }.to raise_error(Puppet::ResourceError, %r{Parameter id failed on Apt_key})
201 context 'with key_line_hash function' do
203 expect(described_class.key_line_hash('pub:-:1024:1:40976EAF437D05B5:1095016255:::-:::scESC:', ['fpr:::::::::630239CC130E1A7FD81A27B140976EAF437D05B5:'])).to include(
205 key_fingerprint: '630239CC130E1A7FD81A27B140976EAF437D05B5',
206 key_long: '40976EAF437D05B5',
207 key_short: '437D05B5',
214 expect(described_class.key_line_hash('pub:-:1024:17:40976EAF437D05B5:1095016255:::-:::scESC:', ['fpr:::::::::630239CC130E1A7FD81A27B140976EAF437D05B5:'])).to include(
216 key_fingerprint: '630239CC130E1A7FD81A27B140976EAF437D05B5',
217 key_long: '40976EAF437D05B5',
218 key_short: '437D05B5',
225 expect(described_class.key_line_hash('pub:-:1024:18:40976EAF437D05B5:1095016255:::-:::scESC:', ['fpr:::::::::630239CC130E1A7FD81A27B140976EAF437D05B5:'])).to include(
227 key_fingerprint: '630239CC130E1A7FD81A27B140976EAF437D05B5',
228 key_long: '40976EAF437D05B5',
229 key_short: '437D05B5',
235 it 'matches ecdsa' do
236 expect(described_class.key_line_hash('pub:-:1024:19:40976EAF437D05B5:1095016255:::-:::scESC:', ['fpr:::::::::630239CC130E1A7FD81A27B140976EAF437D05B5:'])).to include(
238 key_fingerprint: '630239CC130E1A7FD81A27B140976EAF437D05B5',
239 key_long: '40976EAF437D05B5',
240 key_short: '437D05B5',