X-Git-Url: https://review.fuel-infra.org/gitweb?a=blobdiff_plain;f=manifests%2Fkey.pp;h=9d3106dbd53a85334a69052366b3918800e2ce69;hb=c0b8640fc6a7c3381877863960e02da3fa1fe640;hp=9387899ad954d473a3fd8da5cfce7c93644f1ae2;hpb=02ec0b38bc9df6eed5219347fcc96451897593f5;p=puppet-modules%2Fpuppetlabs-apt.git

diff --git a/manifests/key.pp b/manifests/key.pp
index 9387899..9d3106d 100644
--- a/manifests/key.pp
+++ b/manifests/key.pp
@@ -6,7 +6,7 @@
 # @example Declare Apt key for apt.puppetlabs.com source
 #   apt::key { 'puppetlabs':
 #     id      => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
-#     server  => 'hkps.pool.sks-keyservers.net',
+#     server  => 'keyserver.ubuntu.com',
 #     options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"',
 #   }
 #
@@ -26,75 +26,82 @@
 #   an absolute path.
 #
 # @param server
-#   Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, or 
-#   hkp://).
+#   Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://,
+#   hkp:// or hkps://). The hkps:// protocol is currently only supported on Ubuntu 18.04.
+#
+# @param weak_ssl
+#    Specifies whether strict SSL verification on a https URL should be disabled. Valid options: true or false.
 #
 # @param options
 #   Passes additional options to `apt-key adv --keyserver-options`.
 #
 define apt::key (
-  Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/] $id = $title,
-  Enum['present', 'absent', 'refreshed'] $ensure                                                 = present,
-  Optional[String] $content                                                                      = undef,
-  Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $source                            = undef,
-  Pattern[/\A((hkp|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?$/] $server  = $::apt::keyserver,
-  Optional[String] $options                                                                      = undef,
-  ) {
-
+  Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/] $id                        = $title,
+  Enum['present', 'absent', 'refreshed'] $ensure                                                                        = present,
+  Optional[String] $content                                                                                             = undef,
+  Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $source                                                   = undef,
+  Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(\/[a-zA-Z\d\-_.]+)*\/?$/] $server = $apt::keyserver,
+  Boolean $weak_ssl                                                                                                     = false,
+  Optional[String] $options                                                                                             = $apt::key_options,
+) {
   case $ensure {
     /^(refreshed|present)$/: {
-      if defined(Anchor["apt_key ${id} absent"]){
-        fail(translate('key with id %{_id} already ensured as absent'), {'_id' => id})
+      if defined(Anchor["apt_key ${id} absent"]) {
+        fail("key with id ${id} already ensured as absent")
       }
 
       if !defined(Anchor["apt_key ${id} present"]) {
         apt_key { $title:
-          ensure  => present,
-          refresh => $ensure == 'refreshed',
-          id      => $id,
-          source  => $source,
-          content => $content,
-          server  => $server,
-          options => $options,
+          ensure   => present,
+          refresh  => $ensure == 'refreshed',
+          id       => $id,
+          source   => $source,
+          content  => $content,
+          server   => $server,
+          weak_ssl => $weak_ssl,
+          options  => $options,
         } -> anchor { "apt_key ${id} present": }
 
         case $facts['os']['name'] {
           'Debian': {
             if versioncmp($facts['os']['release']['major'], '9') >= 0 {
-              ensure_packages(['dirmngr'])
+              stdlib::ensure_packages(['gnupg'])
               Apt::Key<| title == $title |>
             }
           }
           'Ubuntu': {
             if versioncmp($facts['os']['release']['full'], '17.04') >= 0 {
-              ensure_packages(['dirmngr'])
+              stdlib::ensure_packages(['gnupg'])
               Apt::Key<| title == $title |>
             }
           }
-          default: { }
+          default: {
+            # Nothing in here
+          }
         }
       }
     }
 
-    absent: {
-      if defined(Anchor["apt_key ${id} present"]){
-        fail(translate('key with id %{_id} already ensured as present', {'_id' => id}))
+    /^absent$/: {
+      if defined(Anchor["apt_key ${id} present"]) {
+        fail("key with id ${id} already ensured as present")
       }
 
-      if !defined(Anchor["apt_key ${id} absent"]){
+      if !defined(Anchor["apt_key ${id} absent"]) {
         apt_key { $title:
-          ensure  => $ensure,
-          id      => $id,
-          source  => $source,
-          content => $content,
-          server  => $server,
-          options => $options,
+          ensure   => $ensure,
+          id       => $id,
+          source   => $source,
+          content  => $content,
+          server   => $server,
+          weak_ssl => $weak_ssl,
+          options  => $options,
         } -> anchor { "apt_key ${id} absent": }
       }
     }
 
     default: {
-      fail translate('Invalid \'ensure\' value \'%{_ensure}\' for apt::key', {'_ensure' => ensure})
+      fail("Invalid \'ensure\' value \'${ensure}\' for apt::key")
     }
   }
 }