}
```
+### Manage login configuration settings for an APT source or proxy in `/etc/apt/auth.conf`
+
+Starting with APT version 1.5 you can define login configuration settings (like
+username and password) for APT sources or proxies that require authentication
+in the file `/etc/apt/auth.conf`. This is preferable to embedding login
+information directly in `source.list` entries which are usually world-readable.
+
+The file `/etc/apt/auth.conf` follows the format of netrc (as used by ftp or
+curl) and has restrictive file permissions. See
+https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for details.
+
+Use the optional `apt::auth_conf_entries` parameter to specify an array of
+hashes containing login configuration settings. These hashes may only contain
+the keys `machine`, `login` and `password`.
+
+```puppet
+class { 'apt':
+ auth_conf_entries => [
+ {
+ 'machine' => 'apt-proxy.example.net',
+ 'login' => 'proxylogin',
+ 'password' => 'proxypassword',
+ },
+ {
+ 'machine' => 'apt.example.com/ubuntu',
+ 'login' => 'reader',
+ 'password' => 'supersecret',
+ },
+ ],
+}
+```
+
## Reference
### Classes
* `https`: Specifies whether to enable https proxies. Valid options: `true` and `false`. Default: `false`.
* `ensure`: Optional parameter. Valid options: 'file', 'present', and 'absent'. Default: `undef`. Prefer 'file' over 'present'.
-
+
* `direct`: Specifies whether or not to use a 'DIRECT' https proxy if http proxy is used but https is not. Valid options: `true` and `false`. Default: `false`.
* `purge`: Specifies whether to purge any existing settings that aren't managed by Puppet. Valid options: a hash made up from the following keys:
* `settings`: Creates new `apt::setting` resources. Valid options: a hash to be passed to the [`create_resources` function](https://docs.puppetlabs.com/references/latest/function.html#createresources). Default: {}.
+* `auth_conf_entries`: An optional array of login configuration settings (hashes) that will be recorded in the file `/etc/apt/auth.conf`. This file has a netrc-like format (similar to what curl uses) and contains the login configuration for APT sources and proxies that require authentication. See https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for details. If specified each hash must contain the keys `machine`, `login` and `password` and no others. Default: [].
+
* `sources`: Creates new `apt::source` resources. Valid options: a hash to be passed to the [`create_resources` function](https://docs.puppetlabs.com/references/latest/function.html#createresources). Default: {}.
* `pins`: Creates new `apt::pin` resources. Valid options: a hash to be passed to the [`create_resources` function](https://docs.puppetlabs.com/references/latest/function.html#createresources). Default: {}.
Hash $ppas = $apt::params::ppas,
Hash $pins = $apt::params::pins,
Hash $settings = $apt::params::settings,
+ Array[Apt::Auth_conf_entry]
+ $auth_conf_entries = $apt::params::auth_conf_entries,
String $root = $apt::params::root,
String $sources_list = $apt::params::sources_list,
String $sources_list_d = $apt::params::sources_list_d,
create_resources('apt::setting', $settings)
}
+ $auth_conf_ensure = $auth_conf_entries ? {
+ [] => 'absent',
+ default => 'present',
+ }
+
+ $auth_conf_tmp = epp('apt/auth_conf.epp')
+
+ file { '/etc/apt/auth.conf':
+ ensure => $auth_conf_ensure,
+ owner => 'root',
+ group => 'root',
+ mode => '0600',
+ content => "${confheadertmp}${auth_conf_tmp}",
+ notify => Class['apt::update'],
+ }
+
# manage pins if present
if $pins {
create_resources('apt::pin', $pins)
$ppas = {}
$pins = {}
$settings = {}
+ $auth_conf_entries = []
$config_files = {
'conf' => {
is_expected.to contain_file('preferences.d').that_notifies('Class[Apt::Update]').only_with(preferences_d)
}
+ it { is_expected.to contain_file('/etc/apt/auth.conf').with_ensure('absent') }
+
it 'lays down /etc/apt/apt.conf.d/15update-stamp' do
is_expected.to contain_file('/etc/apt/apt.conf.d/15update-stamp').with(group: 'root',
mode: '0644',
}
end
+ context 'with entries for /etc/apt/auth.conf' do
+ let(:params) do
+ {
+ auth_conf_entries: [
+ { machine: 'deb.example.net',
+ login: 'foologin',
+ password: 'secret' },
+ { machine: 'apt.example.com',
+ login: 'aptlogin',
+ password: 'supersecret' },
+ ],
+ }
+ end
+
+ auth_conf_content = "// This file is managed by Puppet. DO NOT EDIT.
+machine deb.example.net login foologin password secret
+machine apt.example.com login aptlogin password supersecret
+"
+
+ it {
+ is_expected.to contain_file('/etc/apt/auth.conf').with(ensure: 'present',
+ owner: 'root',
+ group: 'root',
+ mode: '0600',
+ notify: 'Class[Apt::Update]',
+ content: auth_conf_content)
+ }
+ end
+
+ context 'with improperly specified entries for /etc/apt/auth.conf' do
+ let(:params) do
+ {
+ auth_conf_entries: [
+ { machinn: 'deb.example.net',
+ username: 'foologin',
+ password: 'secret' },
+ { machine: 'apt.example.com',
+ login: 'aptlogin',
+ password: 'supersecret' },
+ ],
+ }
+ end
+
+ it { is_expected.to raise_error(Puppet::Error) }
+ end
+
context 'with sources defined on valid osfamily' do
let :facts do
{ os: { family: 'Debian', name: 'Ubuntu', release: { major: '16', full: '16.04' } },
--- /dev/null
+<% if $apt::auth_conf_entries != [] { -%>
+<% $apt::auth_conf_entries.each | $auth_conf_entry | { -%>
+machine <%= $auth_conf_entry['machine'] %> login <%= $auth_conf_entry['login'] %> password <%= $auth_conf_entry['password'] %>
+<% } -%>
+<% } -%>
--- /dev/null
+type Apt::Auth_conf_entry = Struct[{ machine => String[1], login => String, password => String }]
Code Review / puppet-modules / puppetlabs-apt.git / commitdiff