+# frozen_string_literal: true
+
require 'spec_helper_acceptance'
-PUPPETLABS_GPG_KEY_SHORT_ID = 'EF8D349F'.freeze
-PUPPETLABS_GPG_KEY_LONG_ID = '7F438280EF8D349F'.freeze
-PUPPETLABS_GPG_KEY_FINGERPRINT = '6F6B15509CF8E59E6E469F327F438280EF8D349F'.freeze
-PUPPETLABS_APT_URL = 'apt.puppetlabs.com'.freeze
-PUPPETLABS_GPG_KEY_FILE = 'DEB-GPG-KEY-puppet'.freeze
-CENTOS_GPG_KEY_SHORT_ID = 'C105B9DE'.freeze
-CENTOS_GPG_KEY_LONG_ID = '0946FCA2C105B9DE'.freeze
-CENTOS_GPG_KEY_FINGERPRINT = 'C1DAC52D1664E8A4386DBA430946FCA2C105B9DE'.freeze
-CENTOS_REPO_URL = 'ftp.cvut.cz/centos'.freeze
-CENTOS_GPG_KEY_FILE = 'RPM-GPG-KEY-CentOS-6'.freeze
-
-SHOULD_NEVER_EXIST_ID = 'EF8D349F'.freeze
-
-KEY_CHECK_COMMAND = 'apt-key adv --list-keys --with-colons --fingerprint | grep '.freeze
-PUPPETLABS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{PUPPETLABS_GPG_KEY_FINGERPRINT}".freeze
-CENTOS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{CENTOS_GPG_KEY_FINGERPRINT}".freeze
-
-MAX_TIMEOUT_RETRY = 3
-TIMEOUT_RETRY_WAIT = 5
-TIMEOUT_ERROR_MATCHER = %r{no valid OpenPGP data found}
-
-def populate_default_options_pp(value)
- default_options_pp = <<-EOS
- apt_key { 'puppetlabs':
- id => '#{value}',
- ensure => 'present',
- }
- EOS
- default_options_pp
-end
+PUPPETLABS_GPG_KEY_SHORT_ID = 'EF8D349F'.freeze
+PUPPETLABS_GPG_KEY_LONG_ID = '7F438280EF8D349F'.freeze
+PUPPETLABS_GPG_KEY_FINGERPRINT = '6F6B15509CF8E59E6E469F327F438280EF8D349F'.freeze
+PUPPETLABS_APT_URL = 'apt.puppetlabs.com'.freeze
+PUPPETLABS_GPG_KEY_FILE = 'DEB-GPG-KEY-puppet'.freeze
+CENTOS_GPG_KEY_SHORT_ID = 'C105B9DE'.freeze
+CENTOS_GPG_KEY_LONG_ID = '0946FCA2C105B9DE'.freeze
+CENTOS_GPG_KEY_FINGERPRINT = 'C1DAC52D1664E8A4386DBA430946FCA2C105B9DE'.freeze
+CENTOS_REPO_URL = 'ftp.cvut.cz/centos'.freeze
+CENTOS_GPG_KEY_FILE = 'RPM-GPG-KEY-CentOS-6'.freeze
+PUPPETLABS_EXP_KEY_LONG_ID = '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30'.freeze
+PUPPETLABS_EXP_KEY_DATES = 'pub:e:4096:1:1054B7A24BD6EC30:2010-07-10:2017-01-05::-:Puppet Labs Release Key'.freeze
+SHOULD_NEVER_EXIST_ID = 'EF8D349F'.freeze
+KEY_CHECK_COMMAND = 'apt-key adv --no-tty --list-keys --with-colons --fingerprint | grep '.freeze
+PUPPETLABS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{PUPPETLABS_GPG_KEY_FINGERPRINT}".freeze
+CENTOS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{CENTOS_GPG_KEY_FINGERPRINT}".freeze
+PUPPETLABS_EXP_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} '#{PUPPETLABS_EXP_KEY_DATES}'".freeze
+DEBIAN_PUPPETLABS_EXP_CHECK_COMMAND = 'apt-key list | grep -F -A 1 \'pub rsa4096 2010-07-10 [SC] [expired: 2017-01-05]\' | grep \'47B3 20EB 4C7C 375A A9DA E1A0 1054 B7A2 4BD6 EC30\''.freeze
def install_key(key)
- retry_on_error_matching(MAX_TIMEOUT_RETRY, TIMEOUT_RETRY_WAIT, TIMEOUT_ERROR_MATCHER) do
- shell("apt-key adv --keyserver hkps.pool.sks-keyservers.net \
- --recv-keys #{key}")
+ retry_on_error_matching do
+ run_shell("apt-key adv --no-tty --keyserver pgp.mit.edu --recv-keys #{key}")
end
end
def apply_manifest_twice(manifest_pp)
- apply_manifest(manifest_pp, catch_failures: true)
- apply_manifest(manifest_pp, catch_changes: true)
+ retry_on_error_matching do
+ apply_manifest(manifest_pp, catch_failures: true)
+ end
+ retry_on_error_matching do
+ apply_manifest(manifest_pp, catch_changes: true)
+ end
end
-invalid_key_length_pp = <<-EOS
- apt_key { 'puppetlabs':
- id => '8280EF8D349F',
- }
- EOS
-
-ensure_absent_pp = <<-EOS
- apt_key { 'centos':
- id => '#{CENTOS_GPG_KEY_LONG_ID}',
- ensure => 'absent',
- }
- EOS
+refresh_pp = <<-MANIFEST
+ apt_key { '#{PUPPETLABS_EXP_KEY_LONG_ID}':
+ id => '#{PUPPETLABS_EXP_KEY_LONG_ID}',
+ ensure => 'present',
+ content => '-----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1
-ensure_absent_long_key_pp = <<-EOS
- apt_key { 'puppetlabs':
- id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
- ensure => 'absent',
- }
- EOS
+ mQINBEw3u0ABEAC1+aJQpU59fwZ4mxFjqNCgfZgDhONDSYQFMRnYC1dzBpJHzI6b
+ fUBQeaZ8rh6N4kZ+wq1eL86YDXkCt4sCvNTP0eF2XaOLbmxtV9bdpTIBep9bQiKg
+ 5iZaz+brUZlFk/MyJ0Yz//VQ68N1uvXccmD6uxQsVO+gx7rnarg/BGuCNaVtGwy+
+ S98g8Begwxs9JmGa8pMCcSxtC7fAfAEZ02cYyrw5KfBvFI3cHDdBqrEJQKwKeLKY
+ GHK3+H1TM4ZMxPsLuR/XKCbvTyl+OCPxU2OxPjufAxLlr8BWUzgJv6ztPe9imqpH
+ Ppp3KuLFNorjPqWY5jSgKl94W/CO2x591e++a1PhwUn7iVUwVVe+mOEWnK5+Fd0v
+ VMQebYCXS+3dNf6gxSvhz8etpw20T9Ytg4EdhLvCJRV/pYlqhcq+E9le1jFOHOc0
+ Nc5FQweUtHGaNVyn8S1hvnvWJBMxpXq+Bezfk3X8PhPT/l9O2lLFOOO08jo0OYiI
+ wrjhMQQOOSZOb3vBRvBZNnnxPrcdjUUm/9cVB8VcgI5KFhG7hmMCwH70tpUWcZCN
+ NlI1wj/PJ7Tlxjy44f1o4CQ5FxuozkiITJvh9CTg+k3wEmiaGz65w9jRl9ny2gEl
+ f4CR5+ba+w2dpuDeMwiHJIs5JsGyJjmA5/0xytB7QvgMs2q25vWhygsmUQARAQAB
+ tEdQdXBwZXQgTGFicyBSZWxlYXNlIEtleSAoUHVwcGV0IExhYnMgUmVsZWFzZSBL
+ ZXkpIDxpbmZvQHB1cHBldGxhYnMuY29tPokCPgQTAQIAKAUCTDe7QAIbAwUJA8Jn
+ AAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQEFS3okvW7DAZaw//aLmE/eob
+ pXpIUVyCUWQxEvPtM/h/SAJsG3KoHN9u216ews+UHsL/7F91ceVXQQdD2e8CtYWF
+ eLNM0RSM9i/KM60g4CvIQlmNqdqhi1HsgGqInZ72/XLAXun0gabfC36rLww2kel+
+ aMpRf58SrSuskY321NnMEJl4OsHV2hfNtAIgw2e/zm9RhoMpGKxoHZCvFhnP7u2M
+ 2wMq7iNDDWb6dVsLpzdlVf242zCbubPCxxQXOpA56rzkUPuJ85mdVw4i19oPIFIZ
+ VL5owit1SxCOxBg4b8oaMS36hEl3qtZG834rtLfcqAmqjhx6aJuJLOAYN84QjDEU
+ 3NI5IfNRMvluIeTcD4Dt5FCYahN045tW1Rc6s5GAR8RW45GYwQDzG+kkkeeGxwEh
+ qCW7nOHuwZIoVJufNhd28UFn83KGJHCQt4NBBr3K5TcY6bDQEIrpSplWSDBbd3p1
+ IaoZY1WSDdP9OTVOSbsz0JiglWmUWGWCdd/CMSW/D7/3VUOJOYRDwptvtSYcjJc8
+ 1UV+1zB+rt5La/OWe4UOORD+jU1ATijQEaFYxBbqBBkFboAEXq9btRQyegqk+eVp
+ HhzacP5NYFTMThvHuTapNytcCso5au/cMywqCgY1DfcMJyjocu4bCtrAd6w4kGKN
+ MUdwNDYQulHZDI+UjJInhramyngdzZLjdeGJARwEEAECAAYFAkw3wEYACgkQIVr+
+ UOQUcDKvEwgAoBuOPnPioBwYp8oHVPTo/69cJn1225kfraUYGebCcrRwuoKd8Iyh
+ R165nXYJmD8yrAFBk8ScUVKsQ/pSnqNrBCrlzQD6NQvuIWVFegIdjdasrWX6Szj+
+ N1OllbzIJbkE5eo0WjCMEKJVI/GTY2AnTWUAm36PLQC5HnSATykqwxeZDsJ/s8Rc
+ kd7+QN5sBVytG3qb45Q7jLJpLcJO6KYH4rz9ZgN7LzyyGbu9DypPrulADG9OrL7e
+ lUnsGDG4E1M8Pkgk9Xv9MRKao1KjYLD5zxOoVtdeoKEQdnM+lWMJin1XvoqJY7FT
+ DJk6o+cVqqHkdKL+sgsscFVQljgCEd0EgIkCHAQQAQgABgUCTPlA6QAKCRBcE9bb
+ kwUuAxdYD/40FxAeNCYByxkr/XRT0gFT+NCjPuqPWCM5tf2NIhSapXtb2+32WbAf
+ DzVfqWjC0G0RnQBve+vcjpY4/rJu4VKIDGIT8CtnKOIyEcXTNFOehi65xO4ypaei
+ BPSb3ip3P0of1iZZDQrNHMW5VcyL1c+PWT/6exXSGsePtO/89tc6mupqZtC05f5Z
+ XG4jswMF0U6Q5s3S0tG7Y+oQhKNFJS4sH4rHe1o5CxKwNRSzqccA0hptKy3MHUZ2
+ +zeHzuRdRWGjb2rUiVxnIvPPBGxF2JHhB4ERhGgbTxRZ6wZbdW06BOE8r7pGrUpU
+ fCw/WRT3gGXJHpGPOzFAvr3Xl7VcDUKTVmIajnpd3SoyD1t2XsvJlSQBOWbViucH
+ dvE4SIKQ77vBLRlZIoXXVb6Wu7Vq+eQs1ybjwGOhnnKjz8llXcMnLzzN86STpjN4
+ qGTXQy/E9+dyUP1sXn3RRwb+ZkdI77m1YY95QRNgG/hqh77IuWWg1MtTSgQnP+F2
+ 7mfo0/522hObhdAe73VO3ttEPiriWy7tw3bS9daP2TAVbYyFqkvptkBb1OXRUSzq
+ UuWjBmZ35UlXjKQsGeUHlOiEh84aondF90A7gx0X/ktNIPRrfCGkHJcDu+HVnR7x
+ Kk+F0qb9+/pGLiT3rqeQTr8fYsb4xLHT7uEg1gVFB1g0kd+RQHzV74kCPgQTAQIA
+ KAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAk/x5PoFCQtIMjoACgkQEFS3
+ okvW7DAIKQ/9HvZyf+LHVSkCk92Kb6gckniin3+5ooz67hSr8miGBfK4eocqQ0H7
+ bdtWjAILzR/IBY0xj6OHKhYP2k8TLc7QhQjt0dRpNkX+Iton2AZryV7vUADreYz4
+ 4B0bPmhiE+LL46ET5IThLKu/KfihzkEEBa9/t178+dO9zCM2xsXaiDhMOxVE32gX
+ vSZKP3hmvnK/FdylUY3nWtPedr+lHpBLoHGaPH7cjI+MEEugU3oAJ0jpq3V8n4w0
+ jIq2V77wfmbD9byIV7dXcxApzciK+ekwpQNQMSaceuxLlTZKcdSqo0/qmS2A863Y
+ ZQ0ZBe+Xyf5OI33+y+Mry+vl6Lre2VfPm3udgR10E4tWXJ9Q2CmG+zNPWt73U1FD
+ 7xBI7PPvOlyzCX4QJhy2Fn/fvzaNjHp4/FSiCw0HvX01epcersyun3xxPkRIjwwR
+ M9m5MJ0o4hhPfa97zibXSh8XXBnosBQxeg6nEnb26eorVQbqGx0ruu/W2m5/JpUf
+ REsFmNOBUbi8xlKNS5CZypH3Zh88EZiTFolOMEh+hT6s0l6znBAGGZ4m/Unacm5y
+ DHmg7unCk4JyVopQ2KHMoqG886elu+rm0ASkhyqBAk9sWKptMl3NHiYTRE/m9VAk
+ ugVIB2pi+8u84f+an4Hml4xlyijgYu05pqNvnLRyJDLd61hviLC8GYWJAhwEEAEC
+ AAYFAlHk3M4ACgkQSjMLmtZI+uP5hA//UTZfD340ukip6jPlMzxwSD/QapwtO7D4
+ gsGTsXezDkO97D21d1pNaNT0RrXAMagwk1ElDxmn/YHUDfMovZa2bKagjWmV38xk
+ Ws+Prh1P44vUDG30CAU6KZ+mTGLUbolfOvDffCTm9Mn1i2kxFaJxbVhWR6zR28KZ
+ R28s1IBsrqeTCksYfdKdkuw1/j850hW8MM3hPBJ/48VLx5QEFfnlXwt1fp+LygAv
+ rIyJw7vJtsa9QjCIkQk2tcv77rhkiZ6ADthgVIx5j3yDWSm4nLqFpwbQTKrNRrCb
+ 5XbL/oIMeHJuFICb2HckDS1KuKXHmqvDuLoRr0/wFEZMps5XQevomUa7JkMeS5j9
+ AubCG4g1zKEtPPaGDsfDKBljCHBKwUysQj5oGU5w8VvlOPnS62DBfsgU2y5ipmmI
+ TYkjSOL6LXwO6xG5/sxA8cyoJSmbN286imcY6AHloTiiu6/N7Us+CNrhw/V7HAun
+ 56etWBn3bZWCRGGAPF3qJr4y2sUMY0E3Ha7OPEHIKfBb4MiJnpXntWT28nQfF3dl
+ TFTthAzwcnZchx2es4yrfDXn33Y4eisqxWCbTluErXUogUEKH1KohSatYMtxencv
+ 7bUlzIr22zSUCYyVf9cyg50kBy+0J7seEpqG5K5R8z9s/63BT5Oghmi6bB2s5iK5
+ fBt3Tu1IYpw=
+ =cXcR
+ -----END PGP PUBLIC KEY BLOCK-----'
+ }
+ MANIFEST
-gpg_key_pp = <<-EOS
+gpg_key_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_FINGERPRINT}',
ensure => 'present',
=mMjt
-----END PGP PUBLIC KEY BLOCK-----",
}
- EOS
+ MANIFEST
-multiple_keys_pp = <<-EOS
+multiple_keys_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_FINGERPRINT}',
ensure => 'present',
=TREp
-----END PGP PUBLIC KEY BLOCK----- ",
}
- EOS
+ MANIFEST
-bogus_key_pp = <<-EOS
+bogus_key_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
content => 'For posterity: such content, much bogus, wow',
}
- EOS
-
-hkps_pool_pp = <<-EOS
- apt_key { 'puppetlabs':
- id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
- ensure => 'present',
- server => 'hkps.pool.sks-keyservers.net',
- }
- EOS
+ MANIFEST
-hkp_pool_pp = <<-EOS
+hkp_pool_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_FINGERPRINT}',
ensure => 'present',
- server => 'hkp://hkps.pool.sks-keyservers.net:80',
+ server => 'hkp://keyserver.ubuntu.com:80',
}
- EOS
+ MANIFEST
+
+hkps_protocol_supported = os[:family] =~ %r{Ubuntu} && \
+ os[:family][:release][:full] =~ %r{^18\.04}
+
+if hkps_protocol_supported
+ hkps_ubuntu_pp = <<-MANIFEST
+ apt_key { 'puppetlabs':
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
+ ensure => 'present',
+ server => 'hkps://keyserver.ubuntu.com',
+ }
+ MANIFEST
+end
-nonexistant_key_server_pp = <<-EOS
+nonexistant_key_server_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
server => 'nonexistant.key.server',
}
- EOS
+ MANIFEST
-dot_server_pp = <<-EOS
+dot_server_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
server => '.pgp.key.server',
}
- EOS
+ MANIFEST
-http_works_pp = <<-EOS
+http_works_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => 'http://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
}
- EOS
+ MANIFEST
-http_works_userinfo_pp = <<-EOS
+http_works_userinfo_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => 'http://dummyuser:dummypassword@#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
}
- EOS
+ MANIFEST
-four_oh_four_pp = <<-EOS
+four_oh_four_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => 'http://#{PUPPETLABS_APT_URL}/herpderp.gpg',
}
- EOS
+ MANIFEST
-socket_error_pp = <<-EOS
+socket_error_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => 'http://apt.puppetlabss.com/herpderp.gpg',
}
- EOS
+ MANIFEST
-ftp_works_pp = <<-EOS
+ftp_works_pp = <<-MANIFEST
apt_key { 'CentOS 6':
id => '#{CENTOS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => 'ftp://#{CENTOS_REPO_URL}/#{CENTOS_GPG_KEY_FILE}',
}
- EOS
+ MANIFEST
-ftp_550_pp = <<-EOS
+ftp_550_pp = <<-MANIFEST
apt_key { 'CentOS 6':
id => '#{SHOULD_NEVER_EXIST_ID}',
ensure => 'present',
source => 'ftp://#{CENTOS_REPO_URL}/herpderp.gpg',
}
- EOS
+ MANIFEST
-ftp_socket_error_pp = <<-EOS
+ftp_socket_error_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => 'ftp://apt.puppetlabss.com/herpderp.gpg',
}
- EOS
+ MANIFEST
+
+https_works_pp = <<-MANIFEST
+ apt_key { 'puppetlabs':
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
+ ensure => 'present',
+ source => 'https://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
+ }
+ MANIFEST
-https_works_pp = <<-EOS
+https_with_weak_ssl_works_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => 'https://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
+ weak_ssl => true,
}
- EOS
+ MANIFEST
-https_userinfo_pp = <<-EOS
+https_userinfo_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => 'https://dummyuser:dummypassword@#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
}
- EOS
+ MANIFEST
-https_404_pp = <<-EOS
+https_404_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{SHOULD_NEVER_EXIST_ID}',
ensure => 'present',
source => 'https://#{PUPPETLABS_APT_URL}/herpderp.gpg',
}
- EOS
+ MANIFEST
-https_socket_error_pp = <<-EOS
+https_socket_error_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{SHOULD_NEVER_EXIST_ID}',
ensure => 'present',
source => 'https://apt.puppetlabss.com/herpderp.gpg',
}
- EOS
+ MANIFEST
-path_exists_pp = <<-EOS
+path_exists_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => 'EF8D349F',
ensure => 'present',
source => '/tmp/puppetlabs-pubkey.gpg',
}
- EOS
+ MANIFEST
-path_does_not_exist_pp = <<-EOS
+path_does_not_exist_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => '/tmp/totally_bogus.file',
}
- EOS
+ MANIFEST
-path_bogus_content_pp = <<-EOS
+path_bogus_content_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
source => '/tmp/fake-key.gpg',
}
- EOS
+ MANIFEST
-debug_works_pp = <<-EOS
+debug_works_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
ensure => 'present',
options => 'debug',
}
- EOS
+ MANIFEST
-fingerprint_match_pp = <<-EOS
+fingerprint_match_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_FINGERPRINT}',
ensure => 'present',
source => 'https://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
}
- EOS
+ MANIFEST
-fingerprint_does_not_match_pp = <<-EOS
+fingerprint_does_not_match_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '6F6B15509CF8E59E6E469F327F438280EF8D9999',
ensure => 'present',
source => 'https://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
}
- EOS
+ MANIFEST
+
+refresh_true_pp = <<-MANIFEST
+ apt_key { '#{PUPPETLABS_EXP_KEY_LONG_ID}':
+ id => '#{PUPPETLABS_EXP_KEY_LONG_ID}',
+ ensure => 'present',
+ refresh => true,
+ }
+ MANIFEST
+
+refresh_false_pp = <<-MANIFEST
+ apt_key { '#{PUPPETLABS_EXP_KEY_LONG_ID}':
+ id => '#{PUPPETLABS_EXP_KEY_LONG_ID}',
+ ensure => 'present',
+ refresh => false,
+ }
+MANIFEST
+
+refresh_del_key_pp = <<-MANIFEST
+ apt_key { '#{PUPPETLABS_EXP_KEY_LONG_ID}':
+ ensure => 'absent',
+ }
+MANIFEST
+
+refresh_check_for_dirmngr_pp = <<-MANIFEST
+ package { 'dirmngr':
+ ensure => 'present',
+ }
+MANIFEST
describe 'apt_key' do
before(:each) do
# Delete twice to make sure everything is cleaned
# up after the short key collision
- shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}",
- acceptable_exit_codes: [0, 1, 2])
- shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}",
- acceptable_exit_codes: [0, 1, 2])
- end
-
- describe 'default options' do
- key_versions = {
- '32bit key id' => PUPPETLABS_GPG_KEY_SHORT_ID.to_s,
- '64bit key id' => PUPPETLABS_GPG_KEY_LONG_ID.to_s,
- '160bit key fingerprint' => PUPPETLABS_GPG_KEY_FINGERPRINT.to_s,
- '32bit lowercase key id' => PUPPETLABS_GPG_KEY_SHORT_ID.downcase.to_s,
- '64bit lowercase key id' => PUPPETLABS_GPG_KEY_LONG_ID.downcase.to_s,
- '160bit lowercase key fingerprint' => PUPPETLABS_GPG_KEY_FINGERPRINT.downcase.to_s,
- '0x formatted 32bit key id' => "0x#{PUPPETLABS_GPG_KEY_SHORT_ID}",
- '0x formatted 64bit key id' => "0x#{PUPPETLABS_GPG_KEY_LONG_ID}",
- '0x formatted 160bit key fingerprint' => "0x#{PUPPETLABS_GPG_KEY_FINGERPRINT}",
- '0x formatted 32bit lowercase key id' => "0x#{PUPPETLABS_GPG_KEY_SHORT_ID.downcase}",
- '0x formatted 64bit lowercase key id' => "0x#{PUPPETLABS_GPG_KEY_LONG_ID.downcase}",
- '0x formatted 160bit lowercase key fingerprint' => "0x#{PUPPETLABS_GPG_KEY_FINGERPRINT.downcase}",
- }
-
- key_versions.each do |key, value|
- context key.to_s do
- it 'works' do
- apply_manifest_twice(populate_default_options_pp(value))
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
- end
- end
- end
-
- context 'invalid length key id' do
- it 'fails' do
- apply_manifest(invalid_key_length_pp, expect_failures: true) do |r|
- expect(r.stderr).to match(%r{Valid values match})
- end
- end
- end
+ run_shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}", expect_failures: true)
+ run_shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}", expect_failures: true)
end
describe 'ensure =>' do
- context 'absent' do
- it 'is removed' do
- # Install the key first (retry because key pool may timeout)
- install_key(CENTOS_GPG_KEY_FINGERPRINT)
- shell(CENTOS_KEY_CHECK_COMMAND)
-
- # Time to remove it using Puppet
- apply_manifest_twice(ensure_absent_pp)
+ ensure_present_pp = <<-MANIFEST
+ apt_key { 'centos':
+ id => '#{CENTOS_GPG_KEY_LONG_ID}',
+ ensure => 'present',
+ }
+ MANIFEST
- shell(CENTOS_KEY_CHECK_COMMAND, acceptable_exit_codes: [1])
+ ensure_absent_pp = <<-MANIFEST
+ apt_key { 'centos':
+ id => '#{CENTOS_GPG_KEY_LONG_ID}',
+ ensure => 'absent',
+ }
+ MANIFEST
- # Re-Install the key (retry because key pool may timeout)
- install_key(CENTOS_GPG_KEY_FINGERPRINT)
- end
+ it 'add an apt_key resource' do
+ apply_manifest_twice(ensure_present_pp)
end
-
- context 'absent, added with long key', unless: (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '6') do
- it 'is removed' do
- # Install the key first (retry because key pool may timeout)
- install_key(PUPPETLABS_GPG_KEY_LONG_ID)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
-
- # Time to remove it using Puppet
- apply_manifest_twice(ensure_absent_long_key_pp)
-
- shell(PUPPETLABS_KEY_CHECK_COMMAND, acceptable_exit_codes: [1])
- end
+ it 'remove the apt_key resource' do
+ apply_manifest_twice(ensure_absent_pp)
end
end
describe 'content =>' do
- context 'puppetlabs gpg key' do
+ context 'with puppetlabs gpg key' do
it 'works' do
# Apply the manifest (Retry if timeout error is received from key pool)
- retry_on_error_matching(MAX_TIMEOUT_RETRY, TIMEOUT_RETRY_WAIT, TIMEOUT_ERROR_MATCHER) do
+ retry_on_error_matching do
apply_manifest(gpg_key_pp, catch_failures: true)
end
apply_manifest(gpg_key_pp, catch_changes: true)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
- context 'multiple keys' do
+ context 'with multiple keys' do
it 'runs without errors' do
apply_manifest_twice(multiple_keys_pp)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
- context 'bogus key' do
+ context 'with bogus key' do
it 'fails' do
apply_manifest(bogus_key_pp, expect_failures: true) do |r|
expect(r.stderr).to match(%r{no valid OpenPGP data found})
end
describe 'server =>' do
- context 'hkps.pool.sks-keyservers.net' do
+ context 'with hkp://pgp.mit.edu:80' do
it 'works' do
- # Apply the manifest (Retry if timeout error is received from key pool)
- retry_on_error_matching(MAX_TIMEOUT_RETRY, TIMEOUT_RETRY_WAIT, TIMEOUT_ERROR_MATCHER) do
- apply_manifest(hkps_pool_pp, catch_failures: true)
+ retry_on_error_matching do
+ apply_manifest(hkp_pool_pp, catch_failures: true)
end
- apply_manifest(hkps_pool_pp, catch_changes: true)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ apply_manifest(hkp_pool_pp, catch_changes: true)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
- context 'hkp://hkps.pool.sks-keyservers.net:80' do
- it 'works' do
- retry_on_error_matching(MAX_TIMEOUT_RETRY, TIMEOUT_RETRY_WAIT, TIMEOUT_ERROR_MATCHER) do
- apply_manifest(hkp_pool_pp, catch_failures: true)
- end
+ if hkps_protocol_supported
+ context 'with hkps://keyserver.ubuntu.com' do
+ it 'works' do
+ retry_on_error_matching do
+ apply_manifest(hkps_ubuntu_pp, catch_failures: true)
+ end
- apply_manifest(hkp_pool_pp, catch_changes: true)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ apply_manifest(hkps_ubuntu_pp, catch_changes: true)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ end
end
end
- context 'nonexistant.key.server' do
+ context 'with nonexistant.key.server' do
it 'fails' do
apply_manifest(nonexistant_key_server_pp, expect_failures: true) do |r|
- expect(r.stderr).to match(%r{(Host not found|Couldn't resolve host)})
+ expect(r.stderr).to match(%r{(Host not found|Couldn't resolve host|No name)})
end
end
end
- context 'key server start with dot' do
+ context 'with key server start with dot' do
it 'fails' do
apply_manifest(dot_server_pp, expect_failures: true) do |r|
expect(r.stderr).to match(%r{Invalid value ".pgp.key.server"})
end
describe 'source =>' do
- context 'http://' do
+ context 'with http://' do
it 'works' do
apply_manifest_twice(http_works_pp)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
it 'works with userinfo' do
apply_manifest_twice(http_works_userinfo_pp)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
it 'fails with a 404' do
end
end
- context 'ftp://' do
+ # disabled when running in travis, security issues prevent FTP
+ context 'with ftp://', unless: (ENV['TRAVIS'] == 'true') do
before(:each) do
- shell("apt-key del #{CENTOS_GPG_KEY_LONG_ID}",
- acceptable_exit_codes: [0, 1, 2])
+ run_shell("apt-key del #{CENTOS_GPG_KEY_LONG_ID}", expect_failures: true)
end
it 'works' do
apply_manifest_twice(ftp_works_pp)
- shell(CENTOS_KEY_CHECK_COMMAND)
+ run_shell(CENTOS_KEY_CHECK_COMMAND)
end
it 'fails with a 550' do
end
end
- context 'https://' do
+ context 'with https://' do
it 'works' do
apply_manifest_twice(https_works_pp)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ end
+
+ it 'works with weak ssl' do
+ apply_manifest_twice(https_with_weak_ssl_works_pp)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
it 'works with userinfo' do
apply_manifest_twice(https_userinfo_pp)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
it 'fails with a 404' do
end
end
- context '/path/that/exists' do
+ context 'with /path/that/exists' do
before(:each) do
- shell("curl -o /tmp/puppetlabs-pubkey.gpg \
+ run_shell("curl -o /tmp/puppetlabs-pubkey.gpg \
http://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}")
end
after(:each) do
- shell('rm /tmp/puppetlabs-pubkey.gpg')
+ run_shell('rm /tmp/puppetlabs-pubkey.gpg')
end
it 'works' do
apply_manifest_twice(path_exists_pp)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
- context '/path/that/does/not/exist' do
+ context 'with /path/that/does/not/exist' do
it 'fails' do
apply_manifest(path_does_not_exist_pp, expect_failures: true) do |r|
expect(r.stderr).to match(%r{does not exist})
end
end
- context '/path/that/exists/with/bogus/content' do
+ context 'with /path/that/exists/with/bogus/content' do
before(:each) do
- shell('echo "here be dragons" > /tmp/fake-key.gpg')
+ run_shell('echo "here be dragons" > /tmp/fake-key.gpg')
end
after(:each) do
- shell('rm /tmp/fake-key.gpg')
+ run_shell('rm /tmp/fake-key.gpg')
end
it 'fails' do
apply_manifest(path_bogus_content_pp, expect_failures: true) do |r|
end
describe 'options =>' do
- context 'debug' do
+ context 'with debug' do
it 'works' do
apply_manifest_twice(debug_works_pp)
- shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ run_shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
end
end
describe 'fingerprint validation against source/content' do
- context 'fingerprint in id matches fingerprint from remote key' do
+ context 'with fingerprint in id matches fingerprint from remote key' do
it 'works' do
apply_manifest_twice(fingerprint_match_pp)
end
end
- context 'fingerprint in id does NOT match fingerprint from remote key' do
+ context 'with fingerprint in id does NOT match fingerprint from remote key' do
it 'works' do
apply_manifest(fingerprint_does_not_match_pp, expect_failures: true) do |r|
expect(r.stderr).to match(%r{don't match})
end
end
end
+
+ describe 'refresh' do
+ if ['8', '14.04', '16.04'].include?(host_inventory['facter']['os']['release']['major'])
+ # older OSes use puppetlabs_exp_check_command
+ let(:puppetlabs_exp_check_command) { PUPPETLABS_EXP_CHECK_COMMAND }
+
+ else
+ # Set Debian Stetch and newer OSes puppetlabs_exp_check_command
+ let(:puppetlabs_exp_check_command) { DEBIAN_PUPPETLABS_EXP_CHECK_COMMAND }
+
+ # Ensure dirmngr package is installed
+ apply_manifest(refresh_check_for_dirmngr_pp, acceptable_exit_codes: [0, 2])
+ end
+ before(:each) do
+ # Delete the Puppet Labs Release Key and install an expired version of the key
+ apply_manifest(refresh_del_key_pp)
+ apply_manifest(refresh_pp, catch_failures: true)
+ end
+ context 'when refresh => true' do
+ it 'updates an expired key' do
+ apply_manifest(refresh_true_pp)
+ # Check key has been updated to new version
+ run_shell(puppetlabs_exp_check_command.to_s)
+ end
+ end
+ context 'when refresh => false' do
+ it 'does not replace an expired key' do
+ apply_manifest(refresh_false_pp)
+ # Expired key is present and has not been updated by the new version
+ run_shell(puppetlabs_exp_check_command.to_s, expect_failures: true)
+ end
+ end
+ end
end
Code Review / puppet-modules / puppetlabs-apt.git / blobdiff