From 9a15c71df0bab0c633008a4b09eef1792f8e7904 Mon Sep 17 00:00:00 2001
From: Eimhin Laverty <eimhin.laverty@puppet.com>
Date: Thu, 6 Dec 2018 16:31:40 +0000
Subject: [PATCH] (MODULES-8321) - Add manage_auth_conf parameter

---
 manifests/init.pp        | 33 ++++++++++++++++++++-------------
 manifests/params.pp      |  1 +
 spec/classes/apt_spec.rb | 34 +++++++++++++++++++++++++---------
 3 files changed, 46 insertions(+), 22 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index f3472ac..b23acc7 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -81,11 +81,15 @@
 # @param settings
 #   Creates new `apt::setting` resources. Valid options: a hash to be passed to the create_resources function linked above.
 #
+# @param manage_auth_conf
+#   Specifies whether to manage the /etc/apt/auth.conf file. When true, the file will be overwritten with the entries specified in
+#   the auth_conf_entries parameter. When false, the file will be ignored (note that this does not set the file to absent.
+#
 # @param auth_conf_entries
 #   An optional array of login configuration settings (hashes) that are recorded in the file /etc/apt/auth.conf. This file has a netrc-like 
 #   format (similar to what curl uses) and contains the login configuration for APT sources and proxies that require authentication. See 
 #   https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for details. If specified each hash must contain the keys machine, login and 
-#   password and no others.
+#   password and no others. Specifying manage_auth_conf and not specifying this parameter will set /etc/apt/auth.conf to absent.
 #
 # @param root
 #   Specifies root directory of Apt executable.
@@ -127,6 +131,7 @@ class apt (
   Hash $ppas                    = $apt::params::ppas,
   Hash $pins                    = $apt::params::pins,
   Hash $settings                = $apt::params::settings,
+  Boolean $manage_auth_conf     = $apt::params::manage_auth_conf,
   Array[Apt::Auth_conf_entry]
     $auth_conf_entries          = $apt::params::auth_conf_entries,
   String $root                  = $apt::params::root,
@@ -269,20 +274,22 @@ class apt (
     create_resources('apt::setting', $settings)
   }
 
-  $auth_conf_ensure = $auth_conf_entries ? {
-    []      => 'absent',
-    default => 'present',
-  }
+  if $manage_auth_conf {
+    $auth_conf_ensure = $auth_conf_entries ? {
+      []      => 'absent',
+      default => 'present',
+    }
 
-  $auth_conf_tmp = epp('apt/auth_conf.epp')
+    $auth_conf_tmp = epp('apt/auth_conf.epp')
 
-  file { '/etc/apt/auth.conf':
-    ensure  => $auth_conf_ensure,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0600',
-    content => "${confheadertmp}${auth_conf_tmp}",
-    notify  => Class['apt::update'],
+    file { '/etc/apt/auth.conf':
+      ensure  => $auth_conf_ensure,
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0600',
+      content => "${confheadertmp}${auth_conf_tmp}",
+      notify  => Class['apt::update'],
+    }
   }
 
   # manage pins if present
diff --git a/manifests/params.pp b/manifests/params.pp
index ae26a7d..52b9bca 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -26,6 +26,7 @@ class apt::params {
   $ppas           = {}
   $pins           = {}
   $settings       = {}
+  $manage_auth_conf = true
   $auth_conf_entries = []
 
   $config_files = {
diff --git a/spec/classes/apt_spec.rb b/spec/classes/apt_spec.rb
index f93770e..69cbb8c 100644
--- a/spec/classes/apt_spec.rb
+++ b/spec/classes/apt_spec.rb
@@ -202,19 +202,35 @@ describe 'apt' do
       }
     end
 
-    auth_conf_content = "// This file is managed by Puppet. DO NOT EDIT.
+    context 'with manage_auth_conf => true' do
+      let(:params) do
+        super().merge(manage_auth_conf: true)
+      end
+
+      auth_conf_content = "// This file is managed by Puppet. DO NOT EDIT.
 machine deb.example.net login foologin password secret
 machine apt.example.com login aptlogin password supersecret
 "
 
-    it {
-      is_expected.to contain_file('/etc/apt/auth.conf').with(ensure: 'present',
-                                                             owner: 'root',
-                                                             group: 'root',
-                                                             mode: '0600',
-                                                             notify: 'Class[Apt::Update]',
-                                                             content: auth_conf_content)
-    }
+      it {
+        is_expected.to contain_file('/etc/apt/auth.conf').with(ensure: 'present',
+                                                               owner: 'root',
+                                                               group: 'root',
+                                                               mode: '0600',
+                                                               notify: 'Class[Apt::Update]',
+                                                               content: auth_conf_content)
+      }
+    end
+
+    context 'with manage_auth_conf => false' do
+      let(:params) do
+        super().merge(manage_auth_conf: false)
+      end
+
+      it {
+        is_expected.not_to contain_file('/etc/apt/auth.conf')
+      }
+    end
   end
 
   context 'with improperly specified entries for /etc/apt/auth.conf' do
-- 
2.32.3