X-Git-Url: https://review.fuel-infra.org/gitweb?a=blobdiff_plain;f=manifests%2Fkey.pp;h=8b77978ffb8d70863f01fcdc8fb9e41a9c5ee775;hb=65904b214d98c899f390ac6908322fc06e3aca13;hp=0f0572ed5f160c7483e3fd199c2fa9fedb087e05;hpb=0f3bdcdf5a44315197ded803401b52dfcce38ebe;p=puppet-modules%2Fpuppetlabs-apt.git

diff --git a/manifests/key.pp b/manifests/key.pp
index 0f0572e..8b77978 100644
--- a/manifests/key.pp
+++ b/manifests/key.pp
@@ -1,122 +1,81 @@
 # == Define: apt::key
-#
-# The apt::key defined type allows for keys to be added to apt's keyring
-# which is used for package validation. This defined type uses the apt_key
-# native type to manage keys. This is a simple wrapper around apt_key with
-# a few safeguards in place.
-#
-# === Parameters
-#
-# [*key*]
-#   _default_: +$title+, the title/name of the resource
-#
-#   Is a GPG key ID or full key fingerprint. This value is validated with
-#   a regex enforcing it to only contain valid hexadecimal characters, be
-#   precisely 8 or 16 hexadecimal characters long and optionally prefixed
-#   with 0x for key IDs, or 40 hexadecimal characters long for key
-#   fingerprints.
-#
-# [*ensure*]
-#   _default_: +present+
-#
-#   The state we want this key in, may be either one of:
-#   * +present+
-#   * +absent+
-#
-# [*content*]
-#   _default_: +undef+
-#
-#   This parameter can be used to pass in a GPG key as a
-#   string in case it cannot be fetched from a remote location
-#   and using a file resource is for other reasons inconvenient.
-#
-# [*source*]
-#   _default_: +undef+
-#
-#   This parameter can be used to pass in the location of a GPG
-#   key. This URI can take the form of a:
-#   * +URL+: ftp, http or https
-#   * +path+: absolute path to a file on the target system.
-#
-# [*server*]
-#   _default_: +undef+
-#
-#   The keyserver from where to fetch our GPG key. It can either be a domain
-#   name or url. It defaults to
-#   undef which results in apt_key's default keyserver being used,
-#   currently +keyserver.ubuntu.com+.
-#
-# [*options*]
-#   _default_: +undef+
-#
-#   Additional options to pass on to `apt-key adv --keyserver-options`.
 define apt::key (
-  $key     = $title,
-  $ensure  = present,
-  $content = undef,
-  $source  = undef,
-  $server  = undef,
-  $options = undef,
-) {
+    String $id                           = $title,
+    Enum['present', 'absent'] $ensure    = present,
+    Optional[String] $content            = undef,
+    Optional[String] $source             = undef,
+    String $server                       = $::apt::keyserver,
+    Optional[String] $options            = undef,
+    ) {
 
-  validate_re($key, ['\A(0x)?[0-9a-fA-F]{8}\Z', '\A(0x)?[0-9a-fA-F]{16}\Z', '\A(0x)?[0-9a-fA-F]{40}\Z'])
-  validate_re($ensure, ['\Aabsent|present\Z',])
-
-  if $content {
-    validate_string($content)
-  }
+  assert_type(
+    Pattern[
+      /\A(0x)?[0-9a-fA-F]{8}\Z/,
+      /\A(0x)?[0-9a-fA-F]{16}\Z/,
+      /\A(0x)?[0-9a-fA-F]{40}\Z/,
+    ], $id)
 
   if $source {
-    validate_re($source, ['\Ahttps?:\/\/', '\Aftp:\/\/', '\A\/\w+'])
+    assert_type(Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/], $source)
   }
 
   if $server {
-    validate_re($server,['\A((hkp|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?$'])
-  }
-
-  if $options {
-    validate_string($options)
+    assert_type(Pattern[/\A((hkp|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?$/], $server)
   }
 
   case $ensure {
     present: {
-      if defined(Anchor["apt_key ${key} absent"]){
-        fail("key with id ${key} already ensured as absent")
+      if defined(Anchor["apt_key ${id} absent"]){
+        fail(translate('key with id %{_id} already ensured as absent'),{'_id' => id})
       }
 
-      if !defined(Anchor["apt_key ${key} present"]) {
+      if !defined(Anchor["apt_key ${id} present"]) {
         apt_key { $title:
           ensure  => $ensure,
-          id      => $key,
+          id      => $id,
           source  => $source,
           content => $content,
           server  => $server,
           options => $options,
-        } ->
-        anchor { "apt_key ${key} present": }
+        } -> anchor { "apt_key ${id} present": }
+
+        case $facts['os']['name'] {
+          'Debian': {
+            if versioncmp($facts['os']['release']['major'], '9') >= 0 {
+              ensure_packages(['dirmngr'])
+              Apt::Key<| title == $title |>
+            }
+          }
+          'Ubuntu': {
+            if versioncmp($facts['os']['release']['full'], '17.04') >= 0 {
+              ensure_packages(['dirmngr'])
+              Apt::Key<| title == $title |>
+            }
+          }
+          default: { }
+        }
       }
     }
 
     absent: {
-      if defined(Anchor["apt_key ${key} present"]){
-        fail("key with id ${key} already ensured as present")
+      if defined(Anchor["apt_key ${id} present"]){
+        fail(translate('key with id %{_id} already ensured as present', {'_id' => id}))
       }
 
-      if !defined(Anchor["apt_key ${key} absent"]){
+      if !defined(Anchor["apt_key ${id} absent"]){
         apt_key { $title:
           ensure  => $ensure,
-          id      => $key,
+          id      => $id,
           source  => $source,
           content => $content,
           server  => $server,
           options => $options,
-        } ->
-        anchor { "apt_key ${key} absent": }
+        } -> anchor { "apt_key ${id} absent": }
       }
     }
 
     default: {
-      fail "Invalid 'ensure' value '${ensure}' for apt::key"
+      fail translate('Invalid \'ensure\' value \'%{_ensure}\' for apt::key', {'_ensure' => ensure})
     }
   }
 }