X-Git-Url: https://review.fuel-infra.org/gitweb?a=blobdiff_plain;f=spec%2Facceptance%2Fapt_key_provider_spec.rb;h=4ca9dba219a9a4d9213519113a5711683e3630d3;hb=ec7f4e29c6f57ee9250c65432ee0051282367760;hp=fdb2ec63d0f35bc02b1234ff461b96d0aa99ded1;hpb=4a90396df778dae89988221187d767d6c940159f;p=puppet-modules%2Fpuppetlabs-apt.git diff --git a/spec/acceptance/apt_key_provider_spec.rb b/spec/acceptance/apt_key_provider_spec.rb index fdb2ec6..4ca9dba 100644 --- a/spec/acceptance/apt_key_provider_spec.rb +++ b/spec/acceptance/apt_key_provider_spec.rb @@ -1,37 +1,28 @@ +# frozen_string_literal: true + require 'spec_helper_acceptance' -PUPPETLABS_GPG_KEY_SHORT_ID = 'EF8D349F'.freeze -PUPPETLABS_GPG_KEY_LONG_ID = '7F438280EF8D349F'.freeze -PUPPETLABS_GPG_KEY_FINGERPRINT = '6F6B15509CF8E59E6E469F327F438280EF8D349F'.freeze -PUPPETLABS_APT_URL = 'apt.puppetlabs.com'.freeze -PUPPETLABS_GPG_KEY_FILE = 'DEB-GPG-KEY-puppet'.freeze -CENTOS_GPG_KEY_SHORT_ID = 'C105B9DE'.freeze -CENTOS_GPG_KEY_LONG_ID = '0946FCA2C105B9DE'.freeze -CENTOS_GPG_KEY_FINGERPRINT = 'C1DAC52D1664E8A4386DBA430946FCA2C105B9DE'.freeze -CENTOS_REPO_URL = 'ftp.cvut.cz/centos'.freeze -CENTOS_GPG_KEY_FILE = 'RPM-GPG-KEY-CentOS-6'.freeze -PUPPETLABS_EXP_KEY_LONG_ID = '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30'.freeze -PUPPETLABS_EXP_KEY_DATES = 'pub:e:4096:1:1054B7A24BD6EC30:2010-07-10:2017-01-05::-:Puppet Labs Release Key'.freeze -SHOULD_NEVER_EXIST_ID = 'EF8D349F'.freeze -KEY_CHECK_COMMAND = 'apt-key adv --no-tty --list-keys --with-colons --fingerprint | grep '.freeze -PUPPETLABS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{PUPPETLABS_GPG_KEY_FINGERPRINT}".freeze -CENTOS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{CENTOS_GPG_KEY_FINGERPRINT}".freeze -PUPPETLABS_EXP_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} '#{PUPPETLABS_EXP_KEY_DATES}'".freeze -DEBIAN_PUPPETLABS_EXP_CHECK_COMMAND = 'apt-key list | grep -F -A 1 \'pub rsa4096 2010-07-10 [SC] [expired: 2017-01-05]\' | grep \'47B3 20EB 4C7C 375A A9DA E1A0 1054 B7A2 4BD6 EC30\''.freeze - -def populate_default_options_pp(value) - default_options_pp = <<-MANIFEST - apt_key { 'puppetlabs': - id => '#{value}', - ensure => 'present', - } - MANIFEST - default_options_pp -end +PUPPETLABS_GPG_KEY_SHORT_ID = 'EF8D349F' +PUPPETLABS_GPG_KEY_LONG_ID = '7F438280EF8D349F' +PUPPETLABS_GPG_KEY_FINGERPRINT = '6F6B15509CF8E59E6E469F327F438280EF8D349F' +PUPPETLABS_APT_URL = 'apt.puppetlabs.com' +PUPPETLABS_GPG_KEY_FILE = 'DEB-GPG-KEY-puppet' +CENTOS_GPG_KEY_SHORT_ID = 'C105B9DE' +CENTOS_GPG_KEY_LONG_ID = '0946FCA2C105B9DE' +CENTOS_GPG_KEY_FINGERPRINT = 'C1DAC52D1664E8A4386DBA430946FCA2C105B9DE' +CENTOS_REPO_URL = 'ftp.cvut.cz/centos' +CENTOS_GPG_KEY_FILE = 'RPM-GPG-KEY-CentOS-6' +PUPPETLABS_EXP_KEY_LONG_ID = '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30' +PUPPETLABS_EXP_KEY_DATES = 'pub:e:4096:1:1054B7A24BD6EC30:2010-07-10:2017-01-05::-:Puppet Labs Release Key' +SHOULD_NEVER_EXIST_ID = 'EF8D349F' +KEY_CHECK_COMMAND = 'apt-key adv --no-tty --list-keys --with-colons --fingerprint | grep ' +PUPPETLABS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{PUPPETLABS_GPG_KEY_FINGERPRINT}" +CENTOS_KEY_CHECK_COMMAND = "#{KEY_CHECK_COMMAND} #{CENTOS_GPG_KEY_FINGERPRINT}" +PUPPETLABS_EXP_CHECK_COMMAND = 'apt-key list | grep -F -A 1 \'pub rsa4096 2010-07-10 [SC] [expired: 2017-01-05]\' | grep \'47B3 20EB 4C7C 375A A9DA E1A0 1054 B7A2 4BD6 EC30\'' def install_key(key) retry_on_error_matching do - shell("apt-key adv --no-tty --keyserver pgp.mit.edu --recv-keys #{key}") + run_shell("apt-key adv --no-tty --keyserver pgp.mit.edu --recv-keys #{key}") end end @@ -44,26 +35,6 @@ def apply_manifest_twice(manifest_pp) end end -invalid_key_length_pp = <<-MANIFEST - apt_key { 'puppetlabs': - id => '8280EF8D349F', - } - MANIFEST - -ensure_absent_pp = <<-MANIFEST - apt_key { 'centos': - id => '#{CENTOS_GPG_KEY_LONG_ID}', - ensure => 'absent', - } - MANIFEST - -ensure_absent_long_key_pp = <<-MANIFEST - apt_key { 'puppetlabs': - id => '#{PUPPETLABS_GPG_KEY_LONG_ID}', - ensure => 'absent', - } - MANIFEST - refresh_pp = <<-MANIFEST apt_key { '#{PUPPETLABS_EXP_KEY_LONG_ID}': id => '#{PUPPETLABS_EXP_KEY_LONG_ID}', @@ -140,7 +111,7 @@ refresh_pp = <<-MANIFEST =cXcR -----END PGP PUBLIC KEY BLOCK-----' } - MANIFEST +MANIFEST gpg_key_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -199,7 +170,7 @@ gpg_key_pp = <<-MANIFEST =mMjt -----END PGP PUBLIC KEY BLOCK-----", } - MANIFEST +MANIFEST multiple_keys_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -452,7 +423,7 @@ multiple_keys_pp = <<-MANIFEST =TREp -----END PGP PUBLIC KEY BLOCK----- ", } - MANIFEST +MANIFEST bogus_key_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -460,26 +431,18 @@ bogus_key_pp = <<-MANIFEST ensure => 'present', content => 'For posterity: such content, much bogus, wow', } - MANIFEST - -hkps_pool_pp = <<-MANIFEST - apt_key { 'puppetlabs': - id => '#{PUPPETLABS_GPG_KEY_LONG_ID}', - ensure => 'present', - server => 'pgp.mit.edu', - } - MANIFEST +MANIFEST hkp_pool_pp = <<-MANIFEST apt_key { 'puppetlabs': id => '#{PUPPETLABS_GPG_KEY_FINGERPRINT}', ensure => 'present', - server => 'hkp://pgp.mit.edu:80', + server => 'hkp://keyserver.ubuntu.com:80', } - MANIFEST +MANIFEST -hkps_protocol_supported = fact('operatingsystem') =~ %r{Ubuntu} && \ - fact('operatingsystemrelease') =~ %r{^18\.04} +hkps_protocol_supported = host_inventory['facter']['os']['family'] =~ %r{Ubuntu}i && \ + host_inventory['facter']['os']['release']['major'] =~ %r{^18\.04} if hkps_protocol_supported hkps_ubuntu_pp = <<-MANIFEST @@ -488,7 +451,7 @@ if hkps_protocol_supported ensure => 'present', server => 'hkps://keyserver.ubuntu.com', } - MANIFEST + MANIFEST end nonexistant_key_server_pp = <<-MANIFEST @@ -497,7 +460,7 @@ nonexistant_key_server_pp = <<-MANIFEST ensure => 'present', server => 'nonexistant.key.server', } - MANIFEST +MANIFEST dot_server_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -505,7 +468,7 @@ dot_server_pp = <<-MANIFEST ensure => 'present', server => '.pgp.key.server', } - MANIFEST +MANIFEST http_works_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -513,7 +476,7 @@ http_works_pp = <<-MANIFEST ensure => 'present', source => 'http://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}', } - MANIFEST +MANIFEST http_works_userinfo_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -521,7 +484,7 @@ http_works_userinfo_pp = <<-MANIFEST ensure => 'present', source => 'http://dummyuser:dummypassword@#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}', } - MANIFEST +MANIFEST four_oh_four_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -529,7 +492,7 @@ four_oh_four_pp = <<-MANIFEST ensure => 'present', source => 'http://#{PUPPETLABS_APT_URL}/herpderp.gpg', } - MANIFEST +MANIFEST socket_error_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -537,7 +500,7 @@ socket_error_pp = <<-MANIFEST ensure => 'present', source => 'http://apt.puppetlabss.com/herpderp.gpg', } - MANIFEST +MANIFEST ftp_works_pp = <<-MANIFEST apt_key { 'CentOS 6': @@ -545,7 +508,7 @@ ftp_works_pp = <<-MANIFEST ensure => 'present', source => 'ftp://#{CENTOS_REPO_URL}/#{CENTOS_GPG_KEY_FILE}', } - MANIFEST +MANIFEST ftp_550_pp = <<-MANIFEST apt_key { 'CentOS 6': @@ -553,7 +516,7 @@ ftp_550_pp = <<-MANIFEST ensure => 'present', source => 'ftp://#{CENTOS_REPO_URL}/herpderp.gpg', } - MANIFEST +MANIFEST ftp_socket_error_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -561,7 +524,7 @@ ftp_socket_error_pp = <<-MANIFEST ensure => 'present', source => 'ftp://apt.puppetlabss.com/herpderp.gpg', } - MANIFEST +MANIFEST https_works_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -569,7 +532,16 @@ https_works_pp = <<-MANIFEST ensure => 'present', source => 'https://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}', } - MANIFEST +MANIFEST + +https_with_weak_ssl_works_pp = <<-MANIFEST + apt_key { 'puppetlabs': + id => '#{PUPPETLABS_GPG_KEY_LONG_ID}', + ensure => 'present', + source => 'https://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}', + weak_ssl => true, + } +MANIFEST https_userinfo_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -577,7 +549,7 @@ https_userinfo_pp = <<-MANIFEST ensure => 'present', source => 'https://dummyuser:dummypassword@#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}', } - MANIFEST +MANIFEST https_404_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -585,7 +557,7 @@ https_404_pp = <<-MANIFEST ensure => 'present', source => 'https://#{PUPPETLABS_APT_URL}/herpderp.gpg', } - MANIFEST +MANIFEST https_socket_error_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -593,7 +565,7 @@ https_socket_error_pp = <<-MANIFEST ensure => 'present', source => 'https://apt.puppetlabss.com/herpderp.gpg', } - MANIFEST +MANIFEST path_exists_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -601,7 +573,7 @@ path_exists_pp = <<-MANIFEST ensure => 'present', source => '/tmp/puppetlabs-pubkey.gpg', } - MANIFEST +MANIFEST path_does_not_exist_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -609,7 +581,7 @@ path_does_not_exist_pp = <<-MANIFEST ensure => 'present', source => '/tmp/totally_bogus.file', } - MANIFEST +MANIFEST path_bogus_content_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -617,7 +589,7 @@ path_bogus_content_pp = <<-MANIFEST ensure => 'present', source => '/tmp/fake-key.gpg', } - MANIFEST +MANIFEST debug_works_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -625,7 +597,7 @@ debug_works_pp = <<-MANIFEST ensure => 'present', options => 'debug', } - MANIFEST +MANIFEST fingerprint_match_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -633,7 +605,7 @@ fingerprint_match_pp = <<-MANIFEST ensure => 'present', source => 'https://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}', } - MANIFEST +MANIFEST fingerprint_does_not_match_pp = <<-MANIFEST apt_key { 'puppetlabs': @@ -641,7 +613,7 @@ fingerprint_does_not_match_pp = <<-MANIFEST ensure => 'present', source => 'https://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}', } - MANIFEST +MANIFEST refresh_true_pp = <<-MANIFEST apt_key { '#{PUPPETLABS_EXP_KEY_LONG_ID}': @@ -649,7 +621,7 @@ refresh_true_pp = <<-MANIFEST ensure => 'present', refresh => true, } - MANIFEST +MANIFEST refresh_false_pp = <<-MANIFEST apt_key { '#{PUPPETLABS_EXP_KEY_LONG_ID}': @@ -675,74 +647,31 @@ describe 'apt_key' do before(:each) do # Delete twice to make sure everything is cleaned # up after the short key collision - shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}", - acceptable_exit_codes: [0, 1, 2]) - shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}", - acceptable_exit_codes: [0, 1, 2]) - end - - describe 'default options' do - key_versions = { - '32bit key id' => PUPPETLABS_GPG_KEY_SHORT_ID.to_s, - '64bit key id' => PUPPETLABS_GPG_KEY_LONG_ID.to_s, - '160bit key fingerprint' => PUPPETLABS_GPG_KEY_FINGERPRINT.to_s, - '32bit lowercase key id' => PUPPETLABS_GPG_KEY_SHORT_ID.downcase.to_s, - '64bit lowercase key id' => PUPPETLABS_GPG_KEY_LONG_ID.downcase.to_s, - '160bit lowercase key fingerprint' => PUPPETLABS_GPG_KEY_FINGERPRINT.downcase.to_s, - '0x formatted 32bit key id' => "0x#{PUPPETLABS_GPG_KEY_SHORT_ID}", - '0x formatted 64bit key id' => "0x#{PUPPETLABS_GPG_KEY_LONG_ID}", - '0x formatted 160bit key fingerprint' => "0x#{PUPPETLABS_GPG_KEY_FINGERPRINT}", - '0x formatted 32bit lowercase key id' => "0x#{PUPPETLABS_GPG_KEY_SHORT_ID.downcase}", - '0x formatted 64bit lowercase key id' => "0x#{PUPPETLABS_GPG_KEY_LONG_ID.downcase}", - '0x formatted 160bit lowercase key fingerprint' => "0x#{PUPPETLABS_GPG_KEY_FINGERPRINT.downcase}", - } - - key_versions.each do |key, value| # rubocop:disable Lint/UnusedBlockArgument - context 'when key.to_s' do - it 'works' do - apply_manifest_twice(populate_default_options_pp(value)) - shell(PUPPETLABS_KEY_CHECK_COMMAND) - end - end - end - - context 'with invalid length key id' do - it 'fails' do - apply_manifest(invalid_key_length_pp, expect_failures: true) do |r| - expect(r.stderr).to match(%r{Valid values match}) - end - end - end + run_shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}", expect_failures: true) + run_shell("apt-key del #{PUPPETLABS_GPG_KEY_SHORT_ID}", expect_failures: true) end describe 'ensure =>' do - context 'when absent' do - it 'is removed' do - # Install the key first (retry because key pool may timeout) - install_key(CENTOS_GPG_KEY_FINGERPRINT) - shell(CENTOS_KEY_CHECK_COMMAND) - - # Time to remove it using Puppet - apply_manifest_twice(ensure_absent_pp) + ensure_present_pp = <<-MANIFEST + apt_key { 'centos': + id => '#{CENTOS_GPG_KEY_LONG_ID}', + ensure => 'present', + } + MANIFEST - shell(CENTOS_KEY_CHECK_COMMAND, acceptable_exit_codes: [1]) + ensure_absent_pp = <<-MANIFEST + apt_key { 'centos': + id => '#{CENTOS_GPG_KEY_LONG_ID}', + ensure => 'absent', + } + MANIFEST - # Re-Install the key (retry because key pool may timeout) - install_key(CENTOS_GPG_KEY_FINGERPRINT) - end + it 'add an apt_key resource' do + apply_manifest_twice(ensure_present_pp) end - context 'when absent, added with long key' do - it 'is removed' do - # Install the key first (retry because key pool may timeout) - install_key(PUPPETLABS_GPG_KEY_LONG_ID) - shell(PUPPETLABS_KEY_CHECK_COMMAND) - - # Time to remove it using Puppet - apply_manifest_twice(ensure_absent_long_key_pp) - - shell(PUPPETLABS_KEY_CHECK_COMMAND, acceptable_exit_codes: [1]) - end + it 'remove the apt_key resource' do + apply_manifest_twice(ensure_absent_pp) end end @@ -755,14 +684,14 @@ describe 'apt_key' do end apply_manifest(gpg_key_pp, catch_changes: true) - shell(PUPPETLABS_KEY_CHECK_COMMAND) + run_shell(PUPPETLABS_KEY_CHECK_COMMAND) end end context 'with multiple keys' do it 'runs without errors' do apply_manifest_twice(multiple_keys_pp) - shell(PUPPETLABS_KEY_CHECK_COMMAND) + run_shell(PUPPETLABS_KEY_CHECK_COMMAND) end end @@ -776,18 +705,6 @@ describe 'apt_key' do end describe 'server =>' do - context 'with pgp.mit.edu' do - it 'works' do - # Apply the manifest (Retry if timeout error is received from key pool) - retry_on_error_matching do - apply_manifest(hkps_pool_pp, catch_failures: true) - end - - apply_manifest(hkps_pool_pp, catch_changes: true) - shell(PUPPETLABS_KEY_CHECK_COMMAND) - end - end - context 'with hkp://pgp.mit.edu:80' do it 'works' do retry_on_error_matching do @@ -795,7 +712,7 @@ describe 'apt_key' do end apply_manifest(hkp_pool_pp, catch_changes: true) - shell(PUPPETLABS_KEY_CHECK_COMMAND) + run_shell(PUPPETLABS_KEY_CHECK_COMMAND) end end @@ -807,7 +724,7 @@ describe 'apt_key' do end apply_manifest(hkps_ubuntu_pp, catch_changes: true) - shell(PUPPETLABS_KEY_CHECK_COMMAND) + run_shell(PUPPETLABS_KEY_CHECK_COMMAND) end end end @@ -833,12 +750,12 @@ describe 'apt_key' do context 'with http://' do it 'works' do apply_manifest_twice(http_works_pp) - shell(PUPPETLABS_KEY_CHECK_COMMAND) + run_shell(PUPPETLABS_KEY_CHECK_COMMAND) end it 'works with userinfo' do apply_manifest_twice(http_works_userinfo_pp) - shell(PUPPETLABS_KEY_CHECK_COMMAND) + run_shell(PUPPETLABS_KEY_CHECK_COMMAND) end it 'fails with a 404' do @@ -857,13 +774,12 @@ describe 'apt_key' do # disabled when running in travis, security issues prevent FTP context 'with ftp://', unless: (ENV['TRAVIS'] == 'true') do before(:each) do - shell("apt-key del #{CENTOS_GPG_KEY_LONG_ID}", - acceptable_exit_codes: [0, 1, 2]) + run_shell("apt-key del #{CENTOS_GPG_KEY_LONG_ID}", expect_failures: true) end it 'works' do apply_manifest_twice(ftp_works_pp) - shell(CENTOS_KEY_CHECK_COMMAND) + run_shell(CENTOS_KEY_CHECK_COMMAND) end it 'fails with a 550' do @@ -882,12 +798,17 @@ describe 'apt_key' do context 'with https://' do it 'works' do apply_manifest_twice(https_works_pp) - shell(PUPPETLABS_KEY_CHECK_COMMAND) + run_shell(PUPPETLABS_KEY_CHECK_COMMAND) + end + + it 'works with weak ssl' do + apply_manifest_twice(https_with_weak_ssl_works_pp) + run_shell(PUPPETLABS_KEY_CHECK_COMMAND) end it 'works with userinfo' do apply_manifest_twice(https_userinfo_pp) - shell(PUPPETLABS_KEY_CHECK_COMMAND) + run_shell(PUPPETLABS_KEY_CHECK_COMMAND) end it 'fails with a 404' do @@ -905,17 +826,17 @@ describe 'apt_key' do context 'with /path/that/exists' do before(:each) do - shell("curl -o /tmp/puppetlabs-pubkey.gpg \ + run_shell("curl -o /tmp/puppetlabs-pubkey.gpg \ http://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}") end after(:each) do - shell('rm /tmp/puppetlabs-pubkey.gpg') + run_shell('rm /tmp/puppetlabs-pubkey.gpg') end it 'works' do apply_manifest_twice(path_exists_pp) - shell(PUPPETLABS_KEY_CHECK_COMMAND) + run_shell(PUPPETLABS_KEY_CHECK_COMMAND) end end @@ -929,12 +850,13 @@ describe 'apt_key' do context 'with /path/that/exists/with/bogus/content' do before(:each) do - shell('echo "here be dragons" > /tmp/fake-key.gpg') + run_shell('echo "here be dragons" > /tmp/fake-key.gpg') end after(:each) do - shell('rm /tmp/fake-key.gpg') + run_shell('rm /tmp/fake-key.gpg') end + it 'fails' do apply_manifest(path_bogus_content_pp, expect_failures: true) do |r| expect(r.stderr).to match(%r{no valid OpenPGP data found}) @@ -947,7 +869,7 @@ describe 'apt_key' do context 'with debug' do it 'works' do apply_manifest_twice(debug_works_pp) - shell(PUPPETLABS_KEY_CHECK_COMMAND) + run_shell(PUPPETLABS_KEY_CHECK_COMMAND) end end end @@ -969,34 +891,28 @@ describe 'apt_key' do end describe 'refresh' do - if fact('osfamily') == 'Debian' && (fact('lsbdistcodename') == 'stretch' || fact('lsbdistcodename') == 'bionic') - # Set Debian Stetch specific value of puppetlabs_exp_check_command - let(:puppetlabs_exp_check_command) { DEBIAN_PUPPETLABS_EXP_CHECK_COMMAND } - else - # Set default value of puppetlabs_exp_check_command - let(:puppetlabs_exp_check_command) { PUPPETLABS_EXP_CHECK_COMMAND } - end + # Ensure dirmngr package is installed + apply_manifest(refresh_check_for_dirmngr_pp, acceptable_exit_codes: [0, 2]) + before(:each) do - if fact('lsbdistcodename') == 'stretch' || fact('lsbdistcodename') == 'bionic' - # Ensure dirmngr package is installed - apply_manifest(refresh_check_for_dirmngr_pp, acceptable_exit_codes: [0, 2]) - end # Delete the Puppet Labs Release Key and install an expired version of the key apply_manifest(refresh_del_key_pp) apply_manifest(refresh_pp, catch_failures: true) end + context 'when refresh => true' do it 'updates an expired key' do apply_manifest(refresh_true_pp) # Check key has been updated to new version - shell(puppetlabs_exp_check_command.to_s, acceptable_exit_codes: [0]) + run_shell(PUPPETLABS_EXP_CHECK_COMMAND.to_s) end end + context 'when refresh => false' do it 'does not replace an expired key' do apply_manifest(refresh_false_pp) # Expired key is present and has not been updated by the new version - shell(puppetlabs_exp_check_command.to_s, acceptable_exit_codes: [1]) + run_shell(PUPPETLABS_EXP_CHECK_COMMAND.to_s, expect_failures: true) end end end