Code Review / puppet-modules / puppetlabs-apt.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Fix check for ubuntu version
[puppet-modules/puppetlabs-apt.git] / spec / acceptance / apt_key_provider_spec.rb
diff --git a/spec/acceptance/apt_key_provider_spec.rb b/spec/acceptance/apt_key_provider_spec.rb
index 43ddf9a406bd3d3f6b793e4de69b194d7b105c83..0db1d32ae3d014002b982fbc3f007be5ba5f729e 100644 (file)
--- a/spec/acceptance/apt_key_provider_spec.rb
+++ b/spec/acceptance/apt_key_provider_spec.rb
@@ -1,37 +1,29 @@
+# frozen_string_literal: true
+
 require 'spec_helper_acceptance'
 
-PUPPETLABS_GPG_KEY_SHORT_ID         = 'EF8D349F'.freeze
-PUPPETLABS_GPG_KEY_LONG_ID          = '7F438280EF8D349F'.freeze
-PUPPETLABS_GPG_KEY_FINGERPRINT      = '6F6B15509CF8E59E6E469F327F438280EF8D349F'.freeze
-PUPPETLABS_APT_URL                  = 'apt.puppetlabs.com'.freeze
-PUPPETLABS_GPG_KEY_FILE             = 'DEB-GPG-KEY-puppet'.freeze
-CENTOS_GPG_KEY_SHORT_ID             = 'C105B9DE'.freeze
-CENTOS_GPG_KEY_LONG_ID              = '0946FCA2C105B9DE'.freeze
-CENTOS_GPG_KEY_FINGERPRINT          = 'C1DAC52D1664E8A4386DBA430946FCA2C105B9DE'.freeze
-CENTOS_REPO_URL                     = 'ftp.cvut.cz/centos'.freeze
-CENTOS_GPG_KEY_FILE                 = 'RPM-GPG-KEY-CentOS-6'.freeze
-PUPPETLABS_EXP_KEY_LONG_ID          = '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30'.freeze
-PUPPETLABS_EXP_KEY_DATES            = 'pub:e:4096:1:1054B7A24BD6EC30:2010-07-10:2017-01-05::-:Puppet Labs Release Key'.freeze
-SHOULD_NEVER_EXIST_ID               = 'EF8D349F'.freeze
-KEY_CHECK_COMMAND                   = 'apt-key adv --list-keys --with-colons --fingerprint | grep '.freeze
-PUPPETLABS_KEY_CHECK_COMMAND        = "#{KEY_CHECK_COMMAND} #{PUPPETLABS_GPG_KEY_FINGERPRINT}".freeze
-CENTOS_KEY_CHECK_COMMAND            = "#{KEY_CHECK_COMMAND} #{CENTOS_GPG_KEY_FINGERPRINT}".freeze
-PUPPETLABS_EXP_CHECK_COMMAND        = "#{KEY_CHECK_COMMAND} '#{PUPPETLABS_EXP_KEY_DATES}'".freeze
-DEBIAN_PUPPETLABS_EXP_CHECK_COMMAND = 'apt-key list | grep -F -A 1 \'pub   rsa4096 2010-07-10 [SC] [expired: 2017-01-05]\' | grep \'47B3 20EB 4C7C 375A A9DA  E1A0 1054 B7A2 4BD6 EC30\''.freeze
-
-def populate_default_options_pp(value)
-  default_options_pp = <<-MANIFEST
-          apt_key { 'puppetlabs':
-            id     => '#{value}',
-            ensure => 'present',
-          }
-  MANIFEST
-  default_options_pp
-end
+PUPPETLABS_GPG_KEY_SHORT_ID         = 'EF8D349F'
+PUPPETLABS_GPG_KEY_LONG_ID          = '7F438280EF8D349F'
+PUPPETLABS_GPG_KEY_FINGERPRINT      = '6F6B15509CF8E59E6E469F327F438280EF8D349F'
+PUPPETLABS_APT_URL                  = 'apt.puppetlabs.com'
+PUPPETLABS_GPG_KEY_FILE             = 'DEB-GPG-KEY-puppet'
+CENTOS_GPG_KEY_SHORT_ID             = 'C105B9DE'
+CENTOS_GPG_KEY_LONG_ID              = '0946FCA2C105B9DE'
+CENTOS_GPG_KEY_FINGERPRINT          = 'C1DAC52D1664E8A4386DBA430946FCA2C105B9DE'
+CENTOS_REPO_URL                     = 'ftp.cvut.cz/centos'
+CENTOS_GPG_KEY_FILE                 = 'RPM-GPG-KEY-CentOS-6'
+PUPPETLABS_EXP_KEY_LONG_ID          = '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30'
+PUPPETLABS_EXP_KEY_DATES            = 'pub:e:4096:1:1054B7A24BD6EC30:2010-07-10:2017-01-05::-:Puppet Labs Release Key'
+SHOULD_NEVER_EXIST_ID               = 'EF8D349F'
+KEY_CHECK_COMMAND                   = 'apt-key adv --no-tty --list-keys --with-colons --fingerprint | grep '
+PUPPETLABS_KEY_CHECK_COMMAND        = "#{KEY_CHECK_COMMAND} #{PUPPETLABS_GPG_KEY_FINGERPRINT}"
+CENTOS_KEY_CHECK_COMMAND            = "#{KEY_CHECK_COMMAND} #{CENTOS_GPG_KEY_FINGERPRINT}"
+PUPPETLABS_EXP_CHECK_COMMAND        = "#{KEY_CHECK_COMMAND} '#{PUPPETLABS_EXP_KEY_DATES}'"
+DEBIAN_PUPPETLABS_EXP_CHECK_COMMAND = 'apt-key list | grep -F -A 1 \'pub   rsa4096 2010-07-10 [SC] [expired: 2017-01-05]\' | grep \'47B3 20EB 4C7C 375A A9DA  E1A0 1054 B7A2 4BD6 EC30\''
 
 def install_key(key)
   retry_on_error_matching do
-    shell("apt-key adv --keyserver pgp.mit.edu --recv-keys #{key}")
+    run_shell("apt-key adv --no-tty --keyserver pgp.mit.edu --recv-keys #{key}")
   end
 end
 
@@ -44,26 +36,6 @@ def apply_manifest_twice(manifest_pp)
   end
 end
 
-invalid_key_length_pp = <<-MANIFEST
-        apt_key { 'puppetlabs':
-          id => '8280EF8D349F',
-        }
-  MANIFEST
-
-ensure_absent_pp = <<-MANIFEST
-        apt_key { 'centos':
-          id     => '#{CENTOS_GPG_KEY_LONG_ID}',
-          ensure => 'absent',
-        }
-  MANIFEST
-
-ensure_absent_long_key_pp = <<-MANIFEST
-        apt_key { 'puppetlabs':
-          id     => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
-          ensure => 'absent',
-        }
-  MANIFEST
-
 refresh_pp = <<-MANIFEST
         apt_key { '#{PUPPETLABS_EXP_KEY_LONG_ID}':
           id      => '#{PUPPETLABS_EXP_KEY_LONG_ID}',
@@ -462,24 +434,16 @@ bogus_key_pp = <<-MANIFEST
         }
   MANIFEST
 
-hkps_pool_pp = <<-MANIFEST
-        apt_key { 'puppetlabs':
-          id     => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
-          ensure => 'present',
-          server => 'pgp.mit.edu',
-        }
-  MANIFEST
-
 hkp_pool_pp = <<-MANIFEST
         apt_key { 'puppetlabs':
           id     => '#{PUPPETLABS_GPG_KEY_FINGERPRINT}',
           ensure => 'present',
-          server => 'hkp://pgp.mit.edu:80',
+          server => 'hkp://keyserver.ubuntu.com:80',
         }
   MANIFEST
 
-hkps_protocol_supported = fact('operatingsystem') =~ %r{Ubuntu} && \
-                          fact('operatingsystemrelease') =~ %r{^18\.04}
+hkps_protocol_supported = host_inventory['facter']['os']['family'] =~ %r{Ubuntu}i && \
+                          host_inventory['facter']['os']['release']['major'] =~ %r{^18\.04}
 
 if hkps_protocol_supported
   hkps_ubuntu_pp = <<-MANIFEST
@@ -571,6 +535,15 @@ https_works_pp = <<-MANIFEST
         }
   MANIFEST
 
+https_with_weak_ssl_works_pp = <<-MANIFEST
+        apt_key { 'puppetlabs':
+          id     => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
+          ensure => 'present',
+          source => 'https://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
+          weak_ssl => true,
+        }
+  MANIFEST
+
 https_userinfo_pp = <<-MANIFEST
         apt_key { 'puppetlabs':
           id     => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
@@ -675,74 +648,30 @@ describe 'apt_key' do
   before(:each) do
     # Delete twice to make sure everything is cleaned
     # up after the short key collision
-    shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}",
-          acceptable_exit_codes: [0, 1, 2])
-    shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}",
-          acceptable_exit_codes: [0, 1, 2])
-  end
-
-  describe 'default options' do
-    key_versions = {
-      '32bit key id'                        => PUPPETLABS_GPG_KEY_SHORT_ID.to_s,
-      '64bit key id'                        => PUPPETLABS_GPG_KEY_LONG_ID.to_s,
-      '160bit key fingerprint'              => PUPPETLABS_GPG_KEY_FINGERPRINT.to_s,
-      '32bit lowercase key id'              => PUPPETLABS_GPG_KEY_SHORT_ID.downcase.to_s,
-      '64bit lowercase key id'              => PUPPETLABS_GPG_KEY_LONG_ID.downcase.to_s,
-      '160bit lowercase key fingerprint'    => PUPPETLABS_GPG_KEY_FINGERPRINT.downcase.to_s,
-      '0x formatted 32bit key id'           => "0x#{PUPPETLABS_GPG_KEY_SHORT_ID}",
-      '0x formatted 64bit key id'           => "0x#{PUPPETLABS_GPG_KEY_LONG_ID}",
-      '0x formatted 160bit key fingerprint' => "0x#{PUPPETLABS_GPG_KEY_FINGERPRINT}",
-      '0x formatted 32bit lowercase key id' => "0x#{PUPPETLABS_GPG_KEY_SHORT_ID.downcase}",
-      '0x formatted 64bit lowercase key id' => "0x#{PUPPETLABS_GPG_KEY_LONG_ID.downcase}",
-      '0x formatted 160bit lowercase key fingerprint' => "0x#{PUPPETLABS_GPG_KEY_FINGERPRINT.downcase}",
-    }
-
-    key_versions.each do |key, value| # rubocop:disable Lint/UnusedBlockArgument
-      context 'when key.to_s' do
-        it 'works' do
-          apply_manifest_twice(populate_default_options_pp(value))
-          shell(PUPPETLABS_KEY_CHECK_COMMAND)
-        end
-      end
-    end
-
-    context 'with invalid length key id' do
-      it 'fails' do
-        apply_manifest(invalid_key_length_pp, expect_failures: true) do |r|
-          expect(r.stderr).to match(%r{Valid values match})
-        end
-      end
-    end
+    run_shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}", expect_failures: true)
+    run_shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}", expect_failures: true)
   end
 
   describe 'ensure =>' do
-    context 'when absent' do
-      it 'is removed' do
-        # Install the key first (retry because key pool may timeout)
-        install_key(CENTOS_GPG_KEY_FINGERPRINT)
-        shell(CENTOS_KEY_CHECK_COMMAND)
-
-        # Time to remove it using Puppet
-        apply_manifest_twice(ensure_absent_pp)
+    ensure_present_pp = <<-MANIFEST
+            apt_key { 'centos':
+              id     => '#{CENTOS_GPG_KEY_LONG_ID}',
+              ensure => 'present',
+            }
+      MANIFEST
 
-        shell(CENTOS_KEY_CHECK_COMMAND, acceptable_exit_codes: [1])
+    ensure_absent_pp = <<-MANIFEST
+            apt_key { 'centos':
+              id     => '#{CENTOS_GPG_KEY_LONG_ID}',
+              ensure => 'absent',
+            }
+      MANIFEST
 
-        # Re-Install the key (retry because key pool may timeout)
-        install_key(CENTOS_GPG_KEY_FINGERPRINT)
-      end
+    it 'add an apt_key resource' do
+      apply_manifest_twice(ensure_present_pp)
     end
-
-    context 'when absent, added with long key' do
-      it 'is removed' do
-        # Install the key first (retry because key pool may timeout)
-        install_key(PUPPETLABS_GPG_KEY_LONG_ID)
-        shell(PUPPETLABS_KEY_CHECK_COMMAND)
-
-        # Time to remove it using Puppet
-        apply_manifest_twice(ensure_absent_long_key_pp)
-
-        shell(PUPPETLABS_KEY_CHECK_COMMAND, acceptable_exit_codes: [1])
-      end
+    it 'remove the apt_key resource' do
+      apply_manifest_twice(ensure_absent_pp)
     end
   end
 
@@ -755,14 +684,14 @@ describe 'apt_key' do
         end
 
         apply_manifest(gpg_key_pp, catch_changes: true)
-        shell(PUPPETLABS_KEY_CHECK_COMMAND)
+        run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
       end
     end
 
     context 'with multiple keys' do
       it 'runs without errors' do
         apply_manifest_twice(multiple_keys_pp)
-        shell(PUPPETLABS_KEY_CHECK_COMMAND)
+        run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
       end
     end
 
@@ -776,18 +705,6 @@ describe 'apt_key' do
   end
 
   describe 'server =>' do
-    context 'with pgp.mit.edu' do
-      it 'works' do
-        # Apply the manifest (Retry if timeout error is received from key pool)
-        retry_on_error_matching do
-          apply_manifest(hkps_pool_pp, catch_failures: true)
-        end
-
-        apply_manifest(hkps_pool_pp, catch_changes: true)
-        shell(PUPPETLABS_KEY_CHECK_COMMAND)
-      end
-    end
-
     context 'with hkp://pgp.mit.edu:80' do
       it 'works' do
         retry_on_error_matching do
@@ -795,7 +712,7 @@ describe 'apt_key' do
         end
 
         apply_manifest(hkp_pool_pp, catch_changes: true)
-        shell(PUPPETLABS_KEY_CHECK_COMMAND)
+        run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
       end
     end
 
@@ -807,7 +724,7 @@ describe 'apt_key' do
           end
 
           apply_manifest(hkps_ubuntu_pp, catch_changes: true)
-          shell(PUPPETLABS_KEY_CHECK_COMMAND)
+          run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
         end
       end
     end
@@ -833,12 +750,12 @@ describe 'apt_key' do
     context 'with http://' do
       it 'works' do
         apply_manifest_twice(http_works_pp)
-        shell(PUPPETLABS_KEY_CHECK_COMMAND)
+        run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
       end
 
       it 'works with userinfo' do
         apply_manifest_twice(http_works_userinfo_pp)
-        shell(PUPPETLABS_KEY_CHECK_COMMAND)
+        run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
       end
 
       it 'fails with a 404' do
@@ -857,13 +774,12 @@ describe 'apt_key' do
     # disabled when running in travis, security issues prevent FTP
     context 'with ftp://', unless: (ENV['TRAVIS'] == 'true') do
       before(:each) do
-        shell("apt-key del #{CENTOS_GPG_KEY_LONG_ID}",
-              acceptable_exit_codes: [0, 1, 2])
+        run_shell("apt-key del #{CENTOS_GPG_KEY_LONG_ID}", expect_failures: true)
       end
 
       it 'works' do
         apply_manifest_twice(ftp_works_pp)
-        shell(CENTOS_KEY_CHECK_COMMAND)
+        run_shell(CENTOS_KEY_CHECK_COMMAND)
       end
 
       it 'fails with a 550' do
@@ -882,12 +798,17 @@ describe 'apt_key' do
     context 'with https://' do
       it 'works' do
         apply_manifest_twice(https_works_pp)
-        shell(PUPPETLABS_KEY_CHECK_COMMAND)
+        run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
+      end
+
+      it 'works with weak ssl' do
+        apply_manifest_twice(https_with_weak_ssl_works_pp)
+        run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
       end
 
       it 'works with userinfo' do
         apply_manifest_twice(https_userinfo_pp)
-        shell(PUPPETLABS_KEY_CHECK_COMMAND)
+        run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
       end
 
       it 'fails with a 404' do
@@ -905,17 +826,17 @@ describe 'apt_key' do
 
     context 'with /path/that/exists' do
       before(:each) do
-        shell("curl -o /tmp/puppetlabs-pubkey.gpg \
+        run_shell("curl -o /tmp/puppetlabs-pubkey.gpg \
               http://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}")
       end
 
       after(:each) do
-        shell('rm /tmp/puppetlabs-pubkey.gpg')
+        run_shell('rm /tmp/puppetlabs-pubkey.gpg')
       end
 
       it 'works' do
         apply_manifest_twice(path_exists_pp)
-        shell(PUPPETLABS_KEY_CHECK_COMMAND)
+        run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
       end
     end
 
@@ -929,11 +850,11 @@ describe 'apt_key' do
 
     context 'with /path/that/exists/with/bogus/content' do
       before(:each) do
-        shell('echo "here be dragons" > /tmp/fake-key.gpg')
+        run_shell('echo "here be dragons" > /tmp/fake-key.gpg')
       end
 
       after(:each) do
-        shell('rm /tmp/fake-key.gpg')
+        run_shell('rm /tmp/fake-key.gpg')
       end
       it 'fails' do
         apply_manifest(path_bogus_content_pp, expect_failures: true) do |r|
@@ -947,7 +868,7 @@ describe 'apt_key' do
     context 'with debug' do
       it 'works' do
         apply_manifest_twice(debug_works_pp)
-        shell(PUPPETLABS_KEY_CHECK_COMMAND)
+        run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
       end
     end
   end
@@ -969,20 +890,18 @@ describe 'apt_key' do
   end
 
   describe 'refresh' do
-    if fact('osfamily') == 'Debian' && (fact('lsbdistcodename') == 'stretch' || fact('lsbdistcodename') == 'bionic')
-      # Set Debian Stetch specific value of puppetlabs_exp_check_command
-      let(:puppetlabs_exp_check_command) { DEBIAN_PUPPETLABS_EXP_CHECK_COMMAND }
-    else
-      # Set default value of puppetlabs_exp_check_command
+    if ['8', '14.04', '16.04'].include?(host_inventory['facter']['os']['release']['major'])
+      # older OSes use puppetlabs_exp_check_command
       let(:puppetlabs_exp_check_command) { PUPPETLABS_EXP_CHECK_COMMAND }
+
+    else
+      # Set Debian Stetch and newer OSes puppetlabs_exp_check_command
+      let(:puppetlabs_exp_check_command) { DEBIAN_PUPPETLABS_EXP_CHECK_COMMAND }
+
+      # Ensure dirmngr package is installed
+      apply_manifest(refresh_check_for_dirmngr_pp, acceptable_exit_codes: [0, 2])
     end
     before(:each) do
-      if fact('lsbdistcodename') == 'stretch' || fact('lsbdistcodename') == 'bionic'
-        # Ensure dirmngr package is installed
-        apply_manifest(refresh_check_for_dirmngr_pp, acceptable_exit_codes: [0, 2])
-        # Export environment variable to disable apt-key warning when using grep
-        shell('export APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1')
-      end
       # Delete the Puppet Labs Release Key and install an expired version of the key
       apply_manifest(refresh_del_key_pp)
       apply_manifest(refresh_pp, catch_failures: true)
@@ -991,14 +910,14 @@ describe 'apt_key' do
       it 'updates an expired key' do
         apply_manifest(refresh_true_pp)
         # Check key has been updated to new version
-        shell(puppetlabs_exp_check_command.to_s, acceptable_exit_codes: [0])
+        run_shell(puppetlabs_exp_check_command.to_s)
       end
     end
     context 'when refresh => false' do
       it 'does not replace an expired key' do
         apply_manifest(refresh_false_pp)
         # Expired key is present and has not been updated by the new version
-        shell(puppetlabs_exp_check_command.to_s, acceptable_exit_codes: [1])
+        run_shell(puppetlabs_exp_check_command.to_s, expect_failures: true)
       end
     end
   end