require 'spec_helper_acceptance'
-PUPPETLABS_GPG_KEY_SHORT_ID = 'EF8D349F'
-PUPPETLABS_GPG_KEY_LONG_ID = '7F438280EF8D349F'
-PUPPETLABS_GPG_KEY_FINGERPRINT = '6F6B15509CF8E59E6E469F327F438280EF8D349F'
-PUPPETLABS_APT_URL = 'apt.puppetlabs.com'
-PUPPETLABS_GPG_KEY_FILE = 'DEB-GPG-KEY-puppet'
-CENTOS_GPG_KEY_SHORT_ID = 'C105B9DE'
-CENTOS_GPG_KEY_LONG_ID = '0946FCA2C105B9DE'
-CENTOS_GPG_KEY_FINGERPRINT = 'C1DAC52D1664E8A4386DBA430946FCA2C105B9DE'
-CENTOS_REPO_URL = 'ftp.cvut.cz/centos'
-CENTOS_GPG_KEY_FILE = 'RPM-GPG-KEY-CentOS-6'
-
-SHOULD_NEVER_EXIST_ID = 'EF8D349F'
-
-KEY_CHECK_COMMAND = "apt-key adv --list-keys --with-colons --fingerprint | grep "
-PUPPETLABS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{PUPPETLABS_GPG_KEY_FINGERPRINT}"
-CENTOS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{CENTOS_GPG_KEY_FINGERPRINT}"
+PUPPETLABS_GPG_KEY_SHORT_ID = 'EF8D349F'.freeze
+PUPPETLABS_GPG_KEY_LONG_ID = '7F438280EF8D349F'.freeze
+PUPPETLABS_GPG_KEY_FINGERPRINT = '6F6B15509CF8E59E6E469F327F438280EF8D349F'.freeze
+PUPPETLABS_APT_URL = 'apt.puppetlabs.com'.freeze
+PUPPETLABS_GPG_KEY_FILE = 'DEB-GPG-KEY-puppet'.freeze
+CENTOS_GPG_KEY_SHORT_ID = 'C105B9DE'.freeze
+CENTOS_GPG_KEY_LONG_ID = '0946FCA2C105B9DE'.freeze
+CENTOS_GPG_KEY_FINGERPRINT = 'C1DAC52D1664E8A4386DBA430946FCA2C105B9DE'.freeze
+CENTOS_REPO_URL = 'ftp.cvut.cz/centos'.freeze
+CENTOS_GPG_KEY_FILE = 'RPM-GPG-KEY-CentOS-6'.freeze
+
+SHOULD_NEVER_EXIST_ID = 'EF8D349F'.freeze
+
+KEY_CHECK_COMMAND = 'apt-key adv --list-keys --with-colons --fingerprint | grep '.freeze
+PUPPETLABS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{PUPPETLABS_GPG_KEY_FINGERPRINT}".freeze
+CENTOS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{CENTOS_GPG_KEY_FINGERPRINT}".freeze
+
+MAX_TIMEOUT_RETRY = 3
+TIMEOUT_RETRY_WAIT = 5
+TIMEOUT_ERROR_MATCHER = %r{no valid OpenPGP data found}
describe 'apt_key' do
before(:each) do
# Delete twice to make sure everything is cleaned
# up after the short key collision
shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}",
- :acceptable_exit_codes => [0,1,2])
+ acceptable_exit_codes: [0, 1, 2])
shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}",
- :acceptable_exit_codes => [0,1,2])
+ acceptable_exit_codes: [0, 1, 2])
end
describe 'default options' do
key_versions = {
- '32bit key id' => "#{PUPPETLABS_GPG_KEY_SHORT_ID}",
- '64bit key id' => "#{PUPPETLABS_GPG_KEY_LONG_ID}",
- '160bit key fingerprint' => "#{PUPPETLABS_GPG_KEY_FINGERPRINT}",
- '32bit lowercase key id' => "#{PUPPETLABS_GPG_KEY_SHORT_ID.downcase}",
- '64bit lowercase key id' => "#{PUPPETLABS_GPG_KEY_LONG_ID.downcase}",
- '160bit lowercase key fingerprint' => "#{PUPPETLABS_GPG_KEY_FINGERPRINT.downcase}",
+ '32bit key id' => PUPPETLABS_GPG_KEY_SHORT_ID.to_s,
+ '64bit key id' => PUPPETLABS_GPG_KEY_LONG_ID.to_s,
+ '160bit key fingerprint' => PUPPETLABS_GPG_KEY_FINGERPRINT.to_s,
+ '32bit lowercase key id' => PUPPETLABS_GPG_KEY_SHORT_ID.downcase.to_s,
+ '64bit lowercase key id' => PUPPETLABS_GPG_KEY_LONG_ID.downcase.to_s,
+ '160bit lowercase key fingerprint' => PUPPETLABS_GPG_KEY_FINGERPRINT.downcase.to_s,
'0x formatted 32bit key id' => "0x#{PUPPETLABS_GPG_KEY_SHORT_ID}",
'0x formatted 64bit key id' => "0x#{PUPPETLABS_GPG_KEY_LONG_ID}",
'0x formatted 160bit key fingerprint' => "0x#{PUPPETLABS_GPG_KEY_FINGERPRINT}",
}
key_versions.each do |key, value|
- context "#{key}" do
+ context key.to_s do
it 'works' do
pp = <<-EOS
apt_key { 'puppetlabs':
}
EOS
- apply_manifest(pp, :catch_failures => true)
- apply_manifest(pp, :catch_changes => true)
+ apply_manifest(pp, catch_failures: true)
+ apply_manifest(pp, catch_changes: true)
shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
}
EOS
- apply_manifest(pp, :expect_failures => true) do |r|
- expect(r.stderr).to match(/Valid values match/)
+ apply_manifest(pp, expect_failures: true) do |r|
+ expect(r.stderr).to match(%r{Valid values match})
end
end
end
}
EOS
- # Install the key first
- shell("apt-key adv --keyserver hkps.pool.sks-keyservers.net \
+ # Install the key first (retry because key pool may timeout)
+ retry_on_error_matching(MAX_TIMEOUT_RETRY, TIMEOUT_RETRY_WAIT, TIMEOUT_ERROR_MATCHER) do
+ shell("apt-key adv --keyserver hkps.pool.sks-keyservers.net \
--recv-keys #{CENTOS_GPG_KEY_FINGERPRINT}")
+ end
shell(CENTOS_KEY_CHECK_COMMAND)
# Time to remove it using Puppet
- apply_manifest(pp, :catch_failures => true)
- apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, catch_failures: true)
+ apply_manifest(pp, catch_changes: true)
shell(CENTOS_KEY_CHECK_COMMAND,
- :acceptable_exit_codes => [1])
+ acceptable_exit_codes: [1])
- shell("apt-key adv --keyserver hkps.pool.sks-keyservers.net \
- --recv-keys #{CENTOS_GPG_KEY_FINGERPRINT}")
+ # Re-Install the key (retry because key pool may timeout)
+ retry_on_error_matching(MAX_TIMEOUT_RETRY, TIMEOUT_RETRY_WAIT, TIMEOUT_ERROR_MATCHER) do
+ shell("apt-key adv --keyserver hkps.pool.sks-keyservers.net \
+ --recv-keys #{CENTOS_GPG_KEY_FINGERPRINT}")
+ end
end
end
- context 'absent, added with long key', :unless => (fact('operatingsystem') == 'Debian' and fact('operatingsystemmajrelease') == '6') do
+ context 'absent, added with long key', unless: (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '6') do
it 'is removed' do
pp = <<-EOS
apt_key { 'puppetlabs':
}
EOS
- # Install the key first
- shell("apt-key adv --keyserver hkps.pool.sks-keyservers.net \
- --recv-keys #{PUPPETLABS_GPG_KEY_LONG_ID}")
+ # Install the key first (retry because key pool may timeout)
+ retry_on_error_matching(MAX_TIMEOUT_RETRY, TIMEOUT_RETRY_WAIT, TIMEOUT_ERROR_MATCHER) do
+ shell("apt-key adv --keyserver hkps.pool.sks-keyservers.net \
+ --recv-keys #{PUPPETLABS_GPG_KEY_LONG_ID}")
+ end
+
shell(PUPPETLABS_KEY_CHECK_COMMAND)
# Time to remove it using Puppet
- apply_manifest(pp, :catch_failures => true)
- apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, catch_failures: true)
+ apply_manifest(pp, catch_changes: true)
shell(PUPPETLABS_KEY_CHECK_COMMAND,
- :acceptable_exit_codes => [1])
+ acceptable_exit_codes: [1])
end
end
end
}
EOS
- apply_manifest(pp, :catch_failures => true)
- apply_manifest(pp, :catch_failures => true)
+ # Apply the manifest (Retry if timeout error is received from key pool)
+ retry_on_error_matching(MAX_TIMEOUT_RETRY, TIMEOUT_RETRY_WAIT, TIMEOUT_ERROR_MATCHER) do
+ apply_manifest(pp, catch_failures: true)
+ end
+
+ apply_manifest(pp, catch_changes: true)
shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
-----END PGP PUBLIC KEY BLOCK----- ",
}
EOS
- apply_manifest(pp, :catch_failures => true)
- apply_manifest(pp, :catch_failures => true)
+
+ apply_manifest(pp, catch_failures: true)
+ apply_manifest(pp, catch_changes: true)
shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
}
EOS
- apply_manifest(pp, :expect_failures => true) do |r|
- expect(r.stderr).to match(/no valid OpenPGP data found/)
+ apply_manifest(pp, expect_failures: true) do |r|
+ expect(r.stderr).to match(%r{no valid OpenPGP data found})
end
end
end
}
EOS
- apply_manifest(pp, :catch_failures => true)
- apply_manifest(pp, :catch_failures => true)
+ # Apply the manifest (Retry if timeout error is received from key pool)
+ retry_on_error_matching(MAX_TIMEOUT_RETRY, TIMEOUT_RETRY_WAIT, TIMEOUT_ERROR_MATCHER) do
+ apply_manifest(pp, catch_failures: true)
+ end
+
+ apply_manifest(pp, catch_changes: true)
shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
}
EOS
- apply_manifest(pp, :catch_failures => true)
- apply_manifest(pp, :catch_failures => true)
+ retry_on_error_matching(MAX_TIMEOUT_RETRY, TIMEOUT_RETRY_WAIT, TIMEOUT_ERROR_MATCHER) do
+ apply_manifest(pp, catch_failures: true)
+ end
+
+ apply_manifest(pp, catch_changes: true)
shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
}
EOS
- apply_manifest(pp, :expect_failures => true) do |r|
- expect(r.stderr).to match(/(Host not found|Couldn't resolve host)/)
+ apply_manifest(pp, expect_failures: true) do |r|
+ expect(r.stderr).to match(%r{(Host not found|Couldn't resolve host)})
end
end
end
}
EOS
- apply_manifest(pp, :expect_failures => true) do |r|
- expect(r.stderr).to match(/Invalid value \".pgp.key.server\"/)
+ apply_manifest(pp, expect_failures: true) do |r|
+ expect(r.stderr).to match(%r{Invalid value \".pgp.key.server\"})
end
end
end
}
EOS
- apply_manifest(pp, :catch_failures => true)
- apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, catch_failures: true)
+ apply_manifest(pp, catch_changes: true)
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ end
+
+ it 'works with userinfo' do
+ pp = <<-EOS
+ apt_key { 'puppetlabs':
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
+ ensure => 'present',
+ source => 'http://dummyuser:dummypassword@#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
+ }
+ EOS
+
+ apply_manifest(pp, catch_failures: true)
+ apply_manifest(pp, catch_changes: true)
shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
}
EOS
- apply_manifest(pp, :expect_failures => true) do |r|
- expect(r.stderr).to match(/404 Not Found/)
+ apply_manifest(pp, expect_failures: true) do |r|
+ expect(r.stderr).to match(%r{404 Not Found})
end
end
}
EOS
- apply_manifest(pp, :expect_failures => true) do |r|
- expect(r.stderr).to match(/could not resolve/)
+ apply_manifest(pp, expect_failures: true) do |r|
+ expect(r.stderr).to match(%r{could not resolve})
end
end
end
context 'ftp://' do
before(:each) do
shell("apt-key del #{CENTOS_GPG_KEY_LONG_ID}",
- :acceptable_exit_codes => [0,1,2])
+ acceptable_exit_codes: [0, 1, 2])
end
it 'works' do
}
EOS
- apply_manifest(pp, :catch_failures => true)
- apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, catch_failures: true)
+ apply_manifest(pp, catch_changes: true)
shell(CENTOS_KEY_CHECK_COMMAND)
end
}
EOS
- apply_manifest(pp, :expect_failures => true) do |r|
- expect(r.stderr).to match(/550 Failed to open/)
+ apply_manifest(pp, expect_failures: true) do |r|
+ expect(r.stderr).to match(%r{550 Failed to open})
end
end
}
EOS
- apply_manifest(pp, :expect_failures => true) do |r|
- expect(r.stderr).to match(/could not resolve/)
+ apply_manifest(pp, expect_failures: true) do |r|
+ expect(r.stderr).to match(%r{could not resolve})
end
end
end
}
EOS
- apply_manifest(pp, :catch_failures => true)
- apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, catch_failures: true)
+ apply_manifest(pp, catch_changes: true)
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ end
+
+ it 'works with userinfo' do
+ pp = <<-EOS
+ apt_key { 'puppetlabs':
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
+ ensure => 'present',
+ source => 'https://dummyuser:dummypassword@#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
+ }
+ EOS
+
+ apply_manifest(pp, catch_failures: true)
+ apply_manifest(pp, catch_changes: true)
shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
}
EOS
- apply_manifest(pp, :expect_failures => true) do |r|
- expect(r.stderr).to match(/404 Not Found/)
+ apply_manifest(pp, expect_failures: true) do |r|
+ expect(r.stderr).to match(%r{404 Not Found})
end
end
}
EOS
- apply_manifest(pp, :expect_failures => true) do |r|
- expect(r.stderr).to match(/could not resolve/)
+ apply_manifest(pp, expect_failures: true) do |r|
+ expect(r.stderr).to match(%r{could not resolve})
end
end
end
}
EOS
- apply_manifest(pp, :catch_failures => true)
- apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, catch_failures: true)
+ apply_manifest(pp, catch_changes: true)
shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
}
EOS
- apply_manifest(pp, :expect_failures => true) do |r|
- expect(r.stderr).to match(/does not exist/)
+ apply_manifest(pp, expect_failures: true) do |r|
+ expect(r.stderr).to match(%r{does not exist})
end
end
end
}
EOS
- apply_manifest(pp, :expect_failures => true) do |r|
- expect(r.stderr).to match(/no valid OpenPGP data found/)
+ apply_manifest(pp, expect_failures: true) do |r|
+ expect(r.stderr).to match(%r{no valid OpenPGP data found})
end
end
end
}
EOS
- apply_manifest(pp, :catch_failures => true)
- apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, catch_failures: true)
+ apply_manifest(pp, catch_changes: true)
shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
}
EOS
- apply_manifest(pp, :catch_failures => true)
- apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, catch_failures: true)
+ apply_manifest(pp, catch_changes: true)
end
end
}
EOS
- apply_manifest(pp, :expect_failures => true) do |r|
- expect(r.stderr).to match(/do not match/)
+ apply_manifest(pp, expect_failures: true) do |r|
+ expect(r.stderr).to match(%r{don't match})
end
end
end
end
-
end