# == Define: apt::key
-#
-# The apt::key defined type allows for keys to be added to apt's keyring
-# which is used for package validation. This defined type uses the apt_key
-# native type to manage keys. This is a simple wrapper around apt_key with
-# a few safeguards in place.
-#
-# === Parameters
-#
-# [*id*]
-# _default_: +$title+, the title/name of the resource
-#
-# Is a GPG key ID or full key fingerprint. This value is validated with
-# a regex enforcing it to only contain valid hexadecimal characters, be
-# precisely 8 or 16 hexadecimal characters long and optionally prefixed
-# with 0x for key IDs, or 40 hexadecimal characters long for key
-# fingerprints.
-#
-# [*ensure*]
-# _default_: +present+
-#
-# The state we want this key in, may be either one of:
-# * +present+
-# * +absent+
-#
-# [*content*]
-# _default_: +undef+
-#
-# This parameter can be used to pass in a GPG key as a
-# string in case it cannot be fetched from a remote location
-# and using a file resource is for other reasons inconvenient.
-#
-# [*source*]
-# _default_: +undef+
-#
-# This parameter can be used to pass in the location of a GPG
-# key. This URI can take the form of a:
-# * +URL+: ftp, http or https
-# * +path+: absolute path to a file on the target system.
-#
-# [*server*]
-# _default_: +undef+
-#
-# The keyserver from where to fetch our GPG key. It can either be a domain
-# name or url. It defaults to +keyserver.ubuntu.com+.
-#
-# [*options*]
-# _default_: +undef+
-#
-# Additional options to pass on to `apt-key adv --keyserver-options`.
define apt::key (
- $id = $title,
- $ensure = present,
- $content = undef,
- $source = undef,
- $server = $::apt::keyserver,
- $options = undef,
+ $id = $title,
+ $ensure = present,
+ $content = undef,
+ $source = undef,
+ $server = $::apt::keyserver,
+ $options = undef,
+ $key = undef,
+ $key_content = undef,
+ $key_source = undef,
+ $key_server = undef,
+ $key_options = undef,
) {
- validate_re($id, ['\A(0x)?[0-9a-fA-F]{8}\Z', '\A(0x)?[0-9a-fA-F]{16}\Z', '\A(0x)?[0-9a-fA-F]{40}\Z'])
+ if $key != undef {
+ warning('$key is deprecated and will be removed in the next major release. Please use $id instead.')
+ $_id = $key
+ } else {
+ $_id = $id
+ }
+
+ if $key_content != undef {
+ warning('$key_content is deprecated and will be removed in the next major release. Please use $content instead.')
+ $_content = $key_content
+ } else {
+ $_content = $content
+ }
+
+ if $key_source != undef {
+ warning('$key_source is deprecated and will be removed in the next major release. Please use $source instead.')
+ $_source = $key_source
+ } else {
+ $_source = $source
+ }
+
+ if $key_server != undef {
+ warning('$key_server is deprecated and will be removed in the next major release. Please use $server instead.')
+ $_server = $key_server
+ } else {
+ $_server = $server
+ }
+
+ if $key_options != undef {
+ warning('$key_options is deprecated and will be removed in the next major release. Please use $options instead.')
+ $_options = $key_options
+ } else {
+ $_options = $options
+ }
+
+ validate_re($_id, ['\A(0x)?[0-9a-fA-F]{8}\Z', '\A(0x)?[0-9a-fA-F]{16}\Z', '\A(0x)?[0-9a-fA-F]{40}\Z'])
validate_re($ensure, ['\Aabsent|present\Z',])
- if $content {
- validate_string($content)
+ if $_content {
+ validate_string($_content)
}
- if $source {
- validate_re($source, ['\Ahttps?:\/\/', '\Aftp:\/\/', '\A\/\w+'])
+ if $_source {
+ validate_re($_source, ['\Ahttps?:\/\/', '\Aftp:\/\/', '\A\/\w+'])
}
- if $server {
- validate_re($server,['\A((hkp|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?$'])
+ if $_server {
+ validate_re($_server,['\A((hkp|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?$'])
}
- if $options {
- validate_string($options)
+ if $_options {
+ validate_string($_options)
}
case $ensure {
present: {
- if defined(Anchor["apt_key ${id} absent"]){
- fail("key with id ${id} already ensured as absent")
+ if defined(Anchor["apt_key ${_id} absent"]){
+ fail("key with id ${_id} already ensured as absent")
}
- if !defined(Anchor["apt_key ${id} present"]) {
+ if !defined(Anchor["apt_key ${_id} present"]) {
apt_key { $title:
ensure => $ensure,
- id => $id,
- source => $source,
- content => $content,
- server => $server,
- options => $options,
+ id => $_id,
+ source => $_source,
+ content => $_content,
+ server => $_server,
+ options => $_options,
} ->
- anchor { "apt_key ${id} present": }
+ anchor { "apt_key ${_id} present": }
}
}
absent: {
- if defined(Anchor["apt_key ${id} present"]){
- fail("key with id ${id} already ensured as present")
+ if defined(Anchor["apt_key ${_id} present"]){
+ fail("key with id ${_id} already ensured as present")
}
- if !defined(Anchor["apt_key ${id} absent"]){
+ if !defined(Anchor["apt_key ${_id} absent"]){
apt_key { $title:
ensure => $ensure,
- id => $id,
- source => $source,
- content => $content,
- server => $server,
- options => $options,
+ id => $_id,
+ source => $_source,
+ content => $_content,
+ server => $_server,
+ options => $_options,
} ->
- anchor { "apt_key ${id} absent": }
+ anchor { "apt_key ${_id} absent": }
}
}
--- /dev/null
+require 'spec_helper'
+
+describe 'apt::key', :type => :define do
+ let(:facts) { { :lsbdistid => 'Debian' } }
+ GPG_KEY_ID = '47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30'
+
+ let :title do
+ GPG_KEY_ID
+ end
+
+ describe 'normal operation' do
+ describe 'default options' do
+ it 'contains the apt_key' do
+ should contain_apt_key(title).with({
+ :id => title,
+ :ensure => 'present',
+ :source => nil,
+ :server => nil,
+ :content => nil,
+ :keyserver_options => nil,
+ })
+ end
+ it 'contains the apt_key present anchor' do
+ should contain_anchor("apt_key #{title} present")
+ end
+ end
+
+ describe 'title and key =>' do
+ let :title do
+ 'puppetlabs'
+ end
+
+ let :params do {
+ :key => GPG_KEY_ID,
+ } end
+
+ it 'contains the apt_key' do
+ should contain_apt_key(title).with({
+ :id => GPG_KEY_ID,
+ :ensure => 'present',
+ :source => nil,
+ :server => nil,
+ :content => nil,
+ :keyserver_options => nil,
+ })
+ end
+ it 'contains the apt_key present anchor' do
+ should contain_anchor("apt_key #{GPG_KEY_ID} present")
+ end
+ end
+
+ describe 'ensure => absent' do
+ let :params do {
+ :ensure => 'absent',
+ } end
+
+ it 'contains the apt_key' do
+ should contain_apt_key(title).with({
+ :id => title,
+ :ensure => 'absent',
+ :source => nil,
+ :server => nil,
+ :content => nil,
+ :keyserver_options => nil,
+ })
+ end
+ it 'contains the apt_key absent anchor' do
+ should contain_anchor("apt_key #{title} absent")
+ end
+ end
+
+ describe 'set a bunch of things!' do
+ let :params do {
+ :key_content => 'GPG key content',
+ :key_source => 'http://apt.puppetlabs.com/pubkey.gpg',
+ :key_server => 'pgp.mit.edu',
+ :key_options => 'debug',
+ } end
+
+ it 'contains the apt_key' do
+ should contain_apt_key(title).with({
+ :id => title,
+ :ensure => 'present',
+ :source => 'http://apt.puppetlabs.com/pubkey.gpg',
+ :server => 'pgp.mit.edu',
+ :content => params[:key_content],
+ :options => 'debug',
+ })
+ end
+ it 'contains the apt_key present anchor' do
+ should contain_anchor("apt_key #{title} present")
+ end
+ end
+
+ context "domain with dash" do
+ let(:params) do{
+ :key_server => 'p-gp.m-it.edu',
+ } end
+ it 'contains the apt_key' do
+ should contain_apt_key(title).with({
+ :id => title,
+ :server => 'p-gp.m-it.edu',
+ })
+ end
+ end
+
+ context "url" do
+ let :params do
+ {
+ :key_server => 'hkp://pgp.mit.edu',
+ }
+ end
+ it 'contains the apt_key' do
+ should contain_apt_key(title).with({
+ :id => title,
+ :server => 'hkp://pgp.mit.edu',
+ })
+ end
+ end
+ context "url with port number" do
+ let :params do
+ {
+ :key_server => 'hkp://pgp.mit.edu:80',
+ }
+ end
+ it 'contains the apt_key' do
+ should contain_apt_key(title).with({
+ :id => title,
+ :server => 'hkp://pgp.mit.edu:80',
+ })
+ end
+ end
+ end
+
+ describe 'validation' do
+ context "domain begin with dash" do
+ let(:params) do{
+ :key_server => '-pgp.mit.edu',
+ } end
+ it 'fails' do
+ expect { subject.call } .to raise_error(/does not match/)
+ end
+ end
+
+ context "domain begin with dot" do
+ let(:params) do{
+ :key_server => '.pgp.mit.edu',
+ } end
+ it 'fails' do
+ expect { subject.call } .to raise_error(/does not match/)
+ end
+ end
+
+ context "domain end with dot" do
+ let(:params) do{
+ :key_server => "pgp.mit.edu.",
+ } end
+ it 'fails' do
+ expect { subject.call } .to raise_error(/does not match/)
+ end
+ end
+ context "exceed character url" do
+ let :params do
+ {
+ :key_server => 'hkp://pgpiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii.mit.edu'
+ }
+ end
+ it 'fails' do
+ expect { subject.call }.to raise_error(/does not match/)
+ end
+ end
+ context "incorrect port number url" do
+ let :params do
+ {
+ :key_server => 'hkp://pgp.mit.edu:8008080'
+ }
+ end
+ it 'fails' do
+ expect { subject.call }.to raise_error(/does not match/)
+ end
+ end
+ context "incorrect protocol for url" do
+ let :params do
+ {
+ :key_server => 'abc://pgp.mit.edu:80'
+ }
+ end
+ it 'fails' do
+ expect { subject.call }.to raise_error(/does not match/)
+ end
+ end
+ context "missing port number url" do
+ let :params do
+ {
+ :key_server => 'hkp://pgp.mit.edu:'
+ }
+ end
+ it 'fails' do
+ expect { subject.call }.to raise_error(/does not match/)
+ end
+ end
+ context "url ending with a dot" do
+ let :params do
+ {
+ :key_server => 'hkp://pgp.mit.edu.'
+ }
+ end
+ it 'fails' do
+ expect { subject.call }.to raise_error(/does not match/)
+ end
+ end
+ context "url begin with a dash" do
+ let(:params) do{
+ :key_server => "hkp://-pgp.mit.edu",
+ } end
+ it 'fails' do
+ expect { subject.call }.to raise_error(/does not match/)
+ end
+ end
+ context 'invalid key' do
+ let :title do
+ 'Out of rum. Why? Why are we out of rum?'
+ end
+ it 'fails' do
+ expect { subject.call }.to raise_error(/does not match/)
+ end
+ end
+
+ context 'invalid source' do
+ let :params do {
+ :key_source => 'afp://puppetlabs.com/key.gpg',
+ } end
+ it 'fails' do
+ expect { subject.call }.to raise_error(/does not match/)
+ end
+ end
+
+ context 'invalid content' do
+ let :params do {
+ :key_content => [],
+ } end
+ it 'fails' do
+ expect { subject.call }.to raise_error(/is not a string/)
+ end
+ end
+
+ context 'invalid server' do
+ let :params do {
+ :key_server => 'two bottles of rum',
+ } end
+ it 'fails' do
+ expect { subject.call }.to raise_error(/does not match/)
+ end
+ end
+
+ context 'invalid keyserver_options' do
+ let :params do {
+ :key_options => {},
+ } end
+ it 'fails' do
+ expect { subject.call }.to raise_error(/is not a string/)
+ end
+ end
+
+ context 'invalid ensure' do
+ let :params do
+ {
+ :ensure => 'foo',
+ }
+ end
+ it 'fails' do
+ expect { subject.call }.to raise_error(/does not match/)
+ end
+ end
+
+ describe 'duplication' do
+ context 'two apt::key resources for same key, different titles' do
+ let :pre_condition do
+ "apt::key { 'duplicate': key => '#{title}', }"
+ end
+
+ it 'contains two apt::key resources' do
+ should contain_apt__key('duplicate').with({
+ :key => title,
+ :ensure => 'present',
+ })
+ should contain_apt__key(title).with({
+ :id => title,
+ :ensure => 'present',
+ })
+ end
+
+ it 'contains only a single apt_key' do
+ should contain_apt_key('duplicate').with({
+ :id => title,
+ :ensure => 'present',
+ :source => nil,
+ :server => nil,
+ :content => nil,
+ :keyserver_options => nil,
+ })
+ should_not contain_apt_key(title)
+ end
+ end
+
+ context 'two apt::key resources, different ensure' do
+ let :pre_condition do
+ "apt::key { 'duplicate': key => '#{title}', ensure => 'absent', }"
+ end
+ it 'informs the user of the impossibility' do
+ expect { subject.call }.to raise_error(/already ensured as absent/)
+ end
+ end
+ end
+ end
+end