X-Git-Url: https://review.fuel-infra.org/gitweb?a=blobdiff_plain;f=manifests%2Fkey.pp;h=dfa1daf2b61935886b79cf22b5876511807397c4;hb=a06eece5526b8838bcdd0a5f9b649b95727e09d7;hp=24eef9e9cf2f94c6a253f71a5f49a75c6a1c72d5;hpb=8cdaf855a1d0dd24fed02fc3ee9941e0a1e6849b;p=puppet-modules%2Fpuppetlabs-apt.git diff --git a/manifests/key.pp b/manifests/key.pp index 24eef9e..dfa1daf 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -1,68 +1,60 @@ +# == Define: apt::key define apt::key ( - $key = $title, - $ensure = present, - $key_content = false, - $key_source = false, - $key_server = "keyserver.ubuntu.com" -) { + String $id = $title, + Enum['present', 'absent'] $ensure = present, + Optional[String] $content = undef, + Optional[String] $source = undef, + String $server = $::apt::keyserver, + Optional[String] $options = undef, + ) { - include apt::params + validate_re($id, ['\A(0x)?[0-9a-fA-F]{8}\Z', '\A(0x)?[0-9a-fA-F]{16}\Z', '\A(0x)?[0-9a-fA-F]{40}\Z']) - if $key_content { - $method = "content" - } elsif $key_source { - $method = "source" - } elsif $key_server { - $method = "server" + if $source { + validate_re($source, ['\Ahttps?:\/\/', '\Aftp:\/\/', '\A\/\w+']) } - # This is a hash of the parts of the key definition that we care about. - # It is used as a unique identifier for this instance of apt::key. It gets - # hashed to ensure that the resource name doesn't end up being pages and - # pages (e.g. in the situation where key_content is specified). - $digest = sha1("${key}/${key_content}/${key_source}/${key_server}/") + if $server { + validate_re($server,['\A((hkp|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?$']) + } - # Allow multiple ensure => present for the same key to account for many - # apt::source resources that all reference the same key. case $ensure { present: { - if defined(Exec["apt::key $key absent"]) { - fail ("Cannot ensure Apt::Key[$key] present; $key already ensured absent") - } elsif !defined(Exec["apt::key $key present"]) { - # this is a marker to ensure we don't simultaneously define a key - # ensure => absent AND ensure => present - exec { "apt::key $key present": - path => "/", - onlyif => "/bin/false", - noop => true; - } + if defined(Anchor["apt_key ${id} absent"]){ + fail("key with id ${id} already ensured as absent") } - if !defined(Exec[$digest]) { - exec { $digest: - path => "/bin:/usr/bin", - unless => "/usr/bin/apt-key list | /bin/grep '${key}'", - command => $method ? { - "content" => "echo '${key_content}' | /usr/bin/apt-key add -", - "source" => "wget -q '${key_source}' -O- | apt-key add -", - "server" => "apt-key adv --keyserver '${key_server}' --recv-keys '${key}'", - }; - } + + if !defined(Anchor["apt_key ${id} present"]) { + apt_key { $title: + ensure => $ensure, + id => $id, + source => $source, + content => $content, + server => $server, + options => $options, + } -> anchor { "apt_key ${id} present": } } } + absent: { - if defined(Exec["apt::key $key present"]) { - fail ("Cannot ensure Apt::Key[$key] absent; $key already ensured present") + if defined(Anchor["apt_key ${id} present"]){ + fail("key with id ${id} already ensured as present") } - exec { "apt::key $key absent": - path => "/bin:/usr/bin", - onlyif => "apt-key list | grep '$key'", - command => "apt-key del '$key'", - user => "root", - group => "root", + + if !defined(Anchor["apt_key ${id} absent"]){ + apt_key { $title: + ensure => $ensure, + id => $id, + source => $source, + content => $content, + server => $server, + options => $options, + } -> anchor { "apt_key ${id} absent": } } } + default: { - fail "Invalid 'ensure' value '$ensure' for aptkey" + fail "Invalid 'ensure' value '${ensure}' for apt::key" } } }