+# frozen_string_literal: true
+
require 'spec_helper_acceptance'
-PUPPETLABS_GPG_KEY_SHORT_ID = 'EF8D349F'.freeze
-PUPPETLABS_GPG_KEY_LONG_ID = '7F438280EF8D349F'.freeze
-PUPPETLABS_GPG_KEY_FINGERPRINT = '6F6B15509CF8E59E6E469F327F438280EF8D349F'.freeze
-PUPPETLABS_APT_URL = 'apt.puppetlabs.com'.freeze
-PUPPETLABS_GPG_KEY_FILE = 'DEB-GPG-KEY-puppet'.freeze
-CENTOS_GPG_KEY_SHORT_ID = 'C105B9DE'.freeze
-CENTOS_GPG_KEY_LONG_ID = '0946FCA2C105B9DE'.freeze
-CENTOS_GPG_KEY_FINGERPRINT = 'C1DAC52D1664E8A4386DBA430946FCA2C105B9DE'.freeze
-CENTOS_REPO_URL = 'ftp.cvut.cz/centos'.freeze
-CENTOS_GPG_KEY_FILE = 'RPM-GPG-KEY-CentOS-6'.freeze
-PUPPETLABS_EXP_KEY_LONG_ID = '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30'.freeze
-PUPPETLABS_EXP_KEY_DATES = 'pub:e:4096:1:1054B7A24BD6EC30:2010-07-10:2017-01-05::-:Puppet Labs Release Key'.freeze
-SHOULD_NEVER_EXIST_ID = 'EF8D349F'.freeze
-KEY_CHECK_COMMAND = 'apt-key adv --no-tty --list-keys --with-colons --fingerprint | grep '.freeze
-PUPPETLABS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{PUPPETLABS_GPG_KEY_FINGERPRINT}".freeze
-CENTOS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{CENTOS_GPG_KEY_FINGERPRINT}".freeze
-PUPPETLABS_EXP_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} '#{PUPPETLABS_EXP_KEY_DATES}'".freeze
-DEBIAN_PUPPETLABS_EXP_CHECK_COMMAND = 'apt-key list | grep -F -A 1 \'pub rsa4096 2010-07-10 [SC] [expired: 2017-01-05]\' | grep \'47B3 20EB 4C7C 375A A9DA E1A0 1054 B7A2 4BD6 EC30\''.freeze
+PUPPETLABS_GPG_KEY_SHORT_ID = 'EF8D349F'
+PUPPETLABS_GPG_KEY_LONG_ID = '7F438280EF8D349F'
+PUPPETLABS_GPG_KEY_FINGERPRINT = '6F6B15509CF8E59E6E469F327F438280EF8D349F'
+PUPPETLABS_APT_URL = 'apt.puppetlabs.com'
+PUPPETLABS_GPG_KEY_FILE = 'DEB-GPG-KEY-puppet'
+CENTOS_GPG_KEY_SHORT_ID = 'C105B9DE'
+CENTOS_GPG_KEY_LONG_ID = '0946FCA2C105B9DE'
+CENTOS_GPG_KEY_FINGERPRINT = 'C1DAC52D1664E8A4386DBA430946FCA2C105B9DE'
+CENTOS_REPO_URL = 'ftp.cvut.cz/centos'
+CENTOS_GPG_KEY_FILE = 'RPM-GPG-KEY-CentOS-6'
+PUPPETLABS_EXP_KEY_LONG_ID = '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30'
+PUPPETLABS_EXP_KEY_DATES = 'pub:e:4096:1:1054B7A24BD6EC30:2010-07-10:2017-01-05::-:Puppet Labs Release Key'
+SHOULD_NEVER_EXIST_ID = 'EF8D349F'
+KEY_CHECK_COMMAND = 'apt-key adv --no-tty --list-keys --with-colons --fingerprint | grep '
+PUPPETLABS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{PUPPETLABS_GPG_KEY_FINGERPRINT}"
+CENTOS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{CENTOS_GPG_KEY_FINGERPRINT}"
+PUPPETLABS_EXP_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} '#{PUPPETLABS_EXP_KEY_DATES}'"
+DEBIAN_PUPPETLABS_EXP_CHECK_COMMAND = 'apt-key list | grep -F -A 1 \'pub rsa4096 2010-07-10 [SC] [expired: 2017-01-05]\' | grep \'47B3 20EB 4C7C 375A A9DA E1A0 1054 B7A2 4BD6 EC30\''
def install_key(key)
retry_on_error_matching do
- shell("apt-key adv --no-tty --keyserver pgp.mit.edu --recv-keys #{key}")
+ run_shell("apt-key adv --no-tty --keyserver pgp.mit.edu --recv-keys #{key}")
end
end
}
MANIFEST
-hkps_protocol_supported = fact('operatingsystem') =~ %r{Ubuntu} && \
- fact('operatingsystemrelease') =~ %r{^18\.04}
+hkps_protocol_supported = host_inventory['facter']['os']['family'] =~ %r{Ubuntu}i && \
+ host_inventory['facter']['os']['release']['major'] =~ %r{^18\.04}
if hkps_protocol_supported
hkps_ubuntu_pp = <<-MANIFEST
}
MANIFEST
+https_with_weak_ssl_works_pp = <<-MANIFEST
+ apt_key { 'puppetlabs':
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
+ ensure => 'present',
+ source => 'https://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
+ weak_ssl => true,
+ }
+ MANIFEST
+
https_userinfo_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
before(:each) do
# Delete twice to make sure everything is cleaned
# up after the short key collision
- shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}",
- acceptable_exit_codes: [0, 1, 2])
- shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}",
- acceptable_exit_codes: [0, 1, 2])
+ run_shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}", expect_failures: true)
+ run_shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}", expect_failures: true)
end
describe 'ensure =>' do
end
apply_manifest(gpg_key_pp, catch_changes: true)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
context 'with multiple keys' do
it 'runs without errors' do
apply_manifest_twice(multiple_keys_pp)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
end
apply_manifest(hkp_pool_pp, catch_changes: true)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
end
apply_manifest(hkps_ubuntu_pp, catch_changes: true)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
end
context 'with http://' do
it 'works' do
apply_manifest_twice(http_works_pp)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
it 'works with userinfo' do
apply_manifest_twice(http_works_userinfo_pp)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
it 'fails with a 404' do
# disabled when running in travis, security issues prevent FTP
context 'with ftp://', unless: (ENV['TRAVIS'] == 'true') do
before(:each) do
- shell("apt-key del #{CENTOS_GPG_KEY_LONG_ID}",
- acceptable_exit_codes: [0, 1, 2])
+ run_shell("apt-key del #{CENTOS_GPG_KEY_LONG_ID}", expect_failures: true)
end
it 'works' do
apply_manifest_twice(ftp_works_pp)
- shell(CENTOS_KEY_CHECK_COMMAND)
+ run_shell(CENTOS_KEY_CHECK_COMMAND)
end
it 'fails with a 550' do
context 'with https://' do
it 'works' do
apply_manifest_twice(https_works_pp)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ end
+
+ it 'works with weak ssl' do
+ apply_manifest_twice(https_with_weak_ssl_works_pp)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
it 'works with userinfo' do
apply_manifest_twice(https_userinfo_pp)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
it 'fails with a 404' do
context 'with /path/that/exists' do
before(:each) do
- shell("curl -o /tmp/puppetlabs-pubkey.gpg \
+ run_shell("curl -o /tmp/puppetlabs-pubkey.gpg \
http://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}")
end
after(:each) do
- shell('rm /tmp/puppetlabs-pubkey.gpg')
+ run_shell('rm /tmp/puppetlabs-pubkey.gpg')
end
it 'works' do
apply_manifest_twice(path_exists_pp)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
context 'with /path/that/exists/with/bogus/content' do
before(:each) do
- shell('echo "here be dragons" > /tmp/fake-key.gpg')
+ run_shell('echo "here be dragons" > /tmp/fake-key.gpg')
end
after(:each) do
- shell('rm /tmp/fake-key.gpg')
+ run_shell('rm /tmp/fake-key.gpg')
end
it 'fails' do
apply_manifest(path_bogus_content_pp, expect_failures: true) do |r|
context 'with debug' do
it 'works' do
apply_manifest_twice(debug_works_pp)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
end
end
describe 'refresh' do
- if fact('osfamily') == 'Debian' && (fact('lsbdistcodename') == 'stretch' || fact('lsbdistcodename') == 'bionic')
- # Set Debian Stetch specific value of puppetlabs_exp_check_command
- let(:puppetlabs_exp_check_command) { DEBIAN_PUPPETLABS_EXP_CHECK_COMMAND }
- else
- # Set default value of puppetlabs_exp_check_command
+ if ['8', '14.04', '16.04'].include?(host_inventory['facter']['os']['release']['major'])
+ # older OSes use puppetlabs_exp_check_command
let(:puppetlabs_exp_check_command) { PUPPETLABS_EXP_CHECK_COMMAND }
+
+ else
+ # Set Debian Stetch and newer OSes puppetlabs_exp_check_command
+ let(:puppetlabs_exp_check_command) { DEBIAN_PUPPETLABS_EXP_CHECK_COMMAND }
+
+ # Ensure dirmngr package is installed
+ apply_manifest(refresh_check_for_dirmngr_pp, acceptable_exit_codes: [0, 2])
end
before(:each) do
- if fact('lsbdistcodename') == 'stretch' || fact('lsbdistcodename') == 'bionic'
- # Ensure dirmngr package is installed
- apply_manifest(refresh_check_for_dirmngr_pp, acceptable_exit_codes: [0, 2])
- end
# Delete the Puppet Labs Release Key and install an expired version of the key
apply_manifest(refresh_del_key_pp)
apply_manifest(refresh_pp, catch_failures: true)
it 'updates an expired key' do
apply_manifest(refresh_true_pp)
# Check key has been updated to new version
- shell(puppetlabs_exp_check_command.to_s, acceptable_exit_codes: [0])
+ run_shell(puppetlabs_exp_check_command.to_s)
end
end
context 'when refresh => false' do
it 'does not replace an expired key' do
apply_manifest(refresh_false_pp)
# Expired key is present and has not been updated by the new version
- shell(puppetlabs_exp_check_command.to_s, acceptable_exit_codes: [1])
+ run_shell(puppetlabs_exp_check_command.to_s, expect_failures: true)
end
end
end
Code Review / puppet-modules / puppetlabs-apt.git / blobdiff