From 238658f50d4aeb469651cfc44a4ed35ee74f906b Mon Sep 17 00:00:00 2001 From: Scott Brimhall Date: Thu, 27 Jul 2017 10:43:22 -0600 Subject: [PATCH 01/16] Add gpg_home and sign_key parameters --- README.md | 6 ++ lib/puppet/provider/gnupg_key/gnupg.rb | 88 ++++++++++++++++++++++---- lib/puppet/type/gnupg_key.rb | 25 +++++++- 3 files changed, 104 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 3b5242d..fdc616b 100644 --- a/README.md +++ b/README.md @@ -128,6 +128,12 @@ Name of the GnuPG package. Default value determined by $::osfamily/$::operatings **REQUIRED** - System username for who to store the public key. Also define the location of the pubring (default ${HOME}/.gnupg/) +#####`gpg_home` + +The absolute path to use for --homedir with the gpg command. This is required when configuring +GPG keys for hiera-eyaml-gpg on a puppet server. Must be a path that is accessible by the user +defined in the `user` parameter. + #####`key_id` **REQUIRED** - Key ID. Usually the traditional 8-character key ID. Also accepted the diff --git a/lib/puppet/provider/gnupg_key/gnupg.rb b/lib/puppet/provider/gnupg_key/gnupg.rb index 887e549..ea96a59 100644 --- a/lib/puppet/provider/gnupg_key/gnupg.rb +++ b/lib/puppet/provider/gnupg_key/gnupg.rb @@ -25,12 +25,17 @@ def remove_key raise Puppet::Error, "Could not determine fingerprint for #{resource[:key_id]} for user #{resource[:user]}: #{fingerprint}" end + if resource[:gpg_home].nil? + gpg_command = "gpg" + else + gpg_command = "gpg --homedir #{resource[:gpg_home]}" + end if resource[:key_type] == :public - command = "gpg --batch --yes --delete-key #{fingerprint}" + command = "#{gpg_command} --batch --yes --delete-key #{fingerprint}" elsif resource[:key_type] == :private - command = "gpg --batch --yes --delete-secret-key #{fingerprint}" + command = "#{gpg_command} --batch --yes --delete-secret-key #{fingerprint}" elsif resource[:key_type] == :both - command = "gpg --batch --yes --delete-secret-and-public-key #{fingerprint}" + command = "#{gpg_command} --batch --yes --delete-secret-and-public-key #{fingerprint}" end begin @@ -53,16 +58,29 @@ def add_key end def add_key_from_key_server - if resource[:proxy].empty? - command = "gpg --keyserver #{resource[:key_server]} --recv-keys #{resource[:key_id]}" + if resource[:gpg_home].nil? + gpg_command = "gpg" + else + gpg_command = "gpg --homedir #{resource[:gpg_home]}" + end + if resource[:proxy].nil? + command = "#{gpg_command} --keyserver #{resource[:key_server]} --recv-keys #{resource[:key_id]}" else - command = "gpg --keyserver #{resource[:key_server]} --keyserver-options http-proxy=#{resource[:proxy]} --recv-keys #{resource[:key_id]}" + command = "#{gpg_command} --keyserver #{resource[:key_server]} --keyserver-options http-proxy=#{resource[:proxy]} --recv-keys #{resource[:key_id]}" end begin output = Puppet::Util::Execution.execute(command, :uid => user_id, :failonfail => true) rescue Puppet::ExecutionFailure => e raise Puppet::Error, "Key #{resource[:key_id]} does not exist on #{resource[:key_server]}" end + unless resource[:sign_key].nil? or resource[:sign_key] == false + sign_command = "#{gpg_command} --batch --yes --sign-key #{resource[:key_id]}" + begin + sign_output = Puppet::Util::Execution.execute(sign_command, :uid => user_id, :failonfail => true) + rescue Puppet::ExecutionFailure => e + raise Puppet::Error, "Key #{resource[:key_id]} does not exist or could not be signed." + end + end end def add_key_from_key_source @@ -75,43 +93,82 @@ def add_key_from_key_source def add_key_from_key_content path = create_temporary_file(user_id, resource[:key_content]) - command = "gpg --import #{path}" + if resource[:gpg_home].nil? + gpg_command = "gpg" + else + gpg_command = "gpg --homedir #{resource[:gpg_home]}" + end + command = "#{gpg_comamnd} --batch --import #{path}" begin output = Puppet::Util::Execution.execute(command, :uid => user_id, :failonfail => true) rescue Puppet::ExecutionFailure => e raise Puppet::Error, "Error while importing key #{resource[:key_id]} using key content:\n#{output}}" end + unless resource[:sign_key].nil? or resource[:sign_key] == false + sign_command = "#{gpg_command} --batch --yes --sign-key #{resource[:key_id]}" + begin + sign_output = Puppet::Util::Execution.execute(sign_command, :uid => user_id, :failonfail => true) + rescue Puppet::ExecutionFailure => e + raise Puppet::Error, "Key #{resource[:key_id]} does not exist or could not be signed." + end + end end def add_key_at_path if File.file?(resource[:key_source]) - command = "gpg --import #{resource[:key_source]}" + if resource[:gpg_home].nil? + gpg_command = "gpg" + else + gpg_command = "gpg --homedir #{resource[:gpg_home]}" + end + command = "#{gpg_command} --batch --import #{resource[:key_source]}" begin output = Puppet::Util::Execution.execute(command, :uid => user_id, :failonfail => true) rescue Puppet::ExecutionFailure => e raise Puppet::Error, "Error while importing key #{resource[:key_id]} from #{resource[:key_source]}" end + unless resource[:sign_key].nil? or resource[:sign_key] == false + sign_command = "#{gpg_command} --batch --yes --sign-key #{resource[:key_id]}" + begin + sign_output = Puppet::Util::Execution.execute(sign_command, :uid => user_id, :failonfail => true) + rescue Puppet::ExecutionFailure => e + raise Puppet::Error, "Key #{resource[:key_id]} does not exist or could not be signed." + end + end elsif raise Puppet::Error, "Local file #{resource[:key_source]} for #{resource[:key_id]} does not exists" end end def add_key_at_url + if resource[:gpg_home].nil? + gpg_command = "gpg" + else + gpg_command = "gpg --homedir #{resource[:gpg_home]}" + end uri = URI.parse(URI.escape(resource[:key_source])) case uri.scheme when /https/ - command = "wget -O- #{resource[:key_source]} | gpg --import" + command = "wget -O- #{resource[:key_source]} | #{gpg_command} --batch --import" when /http/ - command = "gpg --fetch-keys #{resource[:key_source]}" + command = "#{gpg_command} --fetch-keys #{resource[:key_source]}" when 'puppet' path = create_temporary_file user_id, puppet_content - command = "gpg --import #{path}" + command = "#{gpg_command} --batch --import #{path}" end begin output = Puppet::Util::Execution.execute(command, :uid => user_id, :failonfail => true) rescue Puppet::ExecutionFailure => e raise Puppet::Error, "Error while importing key #{resource[:key_id]} from #{resource[:key_source]}:\n#{output}}" end + unless resource[:sign_key].nil? or resource[:sign_key] == false + sign_command = "#{gpg_command} --batch --yes --sign-key #{resource[:key_id]}" + begin + sign_output = Puppet::Util::Execution.execute(sign_command, :uid => user_id, :failonfail => true) + rescue Puppet::ExecutionFailure => e + raise Puppet::Error, "Key #{resource[:key_id]} does not exist or could not be signed." + end + end end def user_id @@ -144,10 +201,15 @@ def exists? # public and both can be grouped since private can't be present without public, # both only applies to delete and delete still has something to do if only # one of the keys is present + if resource[:gpg_home].nil? + gpg_command = "gpg" + else + gpg_command = "gpg --homedir #{resource[:gpg_home]}" + end if resource[:key_type] == :public || resource[:key_type] == :both - command = "gpg --list-keys --with-colons #{resource[:key_id]}" + command = "#{gpg_command} --list-keys --with-colons #{resource[:key_id]}" elsif resource[:key_type] == :private - command = "gpg --list-secret-keys --with-colons #{resource[:key_id]}" + command = "#{gpg_command} --list-secret-keys --with-colons #{resource[:key_id]}" end output = Puppet::Util::Execution.execute(command, :uid => user_id) diff --git a/lib/puppet/type/gnupg_key.rb b/lib/puppet/type/gnupg_key.rb index 1847a92..c2f22fb 100644 --- a/lib/puppet/type/gnupg_key.rb +++ b/lib/puppet/type/gnupg_key.rb @@ -59,8 +59,7 @@ end newparam(:user) do - desc "The user account in which the PGP public key should be installed. - Usually it's stored in HOME/.gnupg/ dir" + desc "The user account in which the PGP public key should be installed." validate do |value| # freebsd/linux username limitation @@ -70,6 +69,28 @@ end end + newparam(:gpg_home) do + desc "The absolute path to the gpg homedir where the keyring is stored." + + validate do |value| + unless value =~ /^\/[a-zA-Z0-9_-]+/ + raise ArgumentError, "Invalid directory path for #{value}" + end + end + end + + newparam(:sign_key) do + desc "Whether to sign the imported key or not. Defaults to false" + + validate do |value| + unless value == true or value == false + raise ArgumentError, "Invalid value for sign_key. Must be true or false." + end + end + + defaultto false + end + newparam(:key_source) do desc <<-'EOT' A source file containing PGP key. Values can be URIs pointing to remote files, From b9a3abfce02d0568b5a7c12955813dfbbefac738 Mon Sep 17 00:00:00 2001 From: Scott Brimhall Date: Thu, 27 Jul 2017 12:37:33 -0600 Subject: [PATCH 02/16] Update metadata.json --- metadata.json | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/metadata.json b/metadata.json index d613579..f5c6f3b 100644 --- a/metadata.json +++ b/metadata.json @@ -1,12 +1,12 @@ { - "name": "golja-gnupg", - "version": "1.2.3", - "author": "Dejan Golja", - "summary": "Manage gnupg package and public keys", + "name": "sbrimhall-gnupg", + "version": "1.2.4", + "author": "Scott Brimhall", + "summary": "Manage gnupg package and public keys. Fork of golja-gnupg with additional parameters for gpg homedir and signing keys.", "license": "Apache-2.0", - "source": "git://github.com/n1tr0g/golja-gnupg.git", - "project_page": "https://github.com/n1tr0g/golja-gnupg", - "issues_url": "https://github.com/n1tr0g/golja-gnupg/issues", + "source": "git://github.com/sbrimhall/puppet-gnupg.git", + "project_page": "https://github.com/sbrimhall/puppet-gnupg", + "issues_url": "https://github.com/sbrimhall/puppet-gnupg/issues", "operatingsystem_support": [ { "operatingsystem": "RedHat", @@ -50,11 +50,11 @@ "requirements": [ { "name": "puppet", - "version_requirement": ">=3.0.0 <4.0.0" + "version_requirement": ">=3.0.0 <6.0.0" }, { "name": "pe", - "version_requirement": ">=3.0.0 <4.0.0" + "version_requirement": ">=3.0.0 <6.0.0" } ], "tags": [ From c85e9a83599bb17da6939d76c8ba2ff7d4b76079 Mon Sep 17 00:00:00 2001 From: Scott Brimhall Date: Thu, 27 Jul 2017 12:39:31 -0600 Subject: [PATCH 03/16] Add Puppet 4 & 5 --- .travis.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 23e9b34..d2ee5f9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,5 +13,9 @@ matrix: env: PUPPET_GEM_VERSION="~> 3.0" - rvm: 2.0.0 env: PUPPET_GEM_VERSION="~> 3.0" + - rvm: 2.1.0 + env: PUPPET_GEM_VERSION="~> 4.0" + - rvm: 2.4.0 + env: PUPPET_GEM_VERSION="~> 5.0" notifications: - email: dejan@golja.org + email: scott@brimh.al From 9568d79f4383982898ffe4d1da5aed28643df57f Mon Sep 17 00:00:00 2001 From: Scott Brimhall Date: Thu, 27 Jul 2017 12:46:34 -0600 Subject: [PATCH 04/16] Drop old release support and add puppet 4 & 5 --- .travis.yml | 8 +++----- metadata.json | 13 ++----------- 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/.travis.yml b/.travis.yml index d2ee5f9..038dcaa 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,13 +6,11 @@ matrix: fast_finish: true include: - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" + env: PUPPET_GEM_VERSION="~> 3.8" FACTER_GEM_VERSION="~> 2.4.6" - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 3.0" + env: PUPPET_GEM_VERSION="~> 3.8" - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 3.0" + env: PUPPET_GEM_VERSION="~> 3.8" - rvm: 2.1.0 env: PUPPET_GEM_VERSION="~> 4.0" - rvm: 2.4.0 diff --git a/metadata.json b/metadata.json index f5c6f3b..e226213 100644 --- a/metadata.json +++ b/metadata.json @@ -11,30 +11,24 @@ { "operatingsystem": "RedHat", "operatingsystemrelease": [ - "5", - "6", "7" ] }, { "operatingsystem": "CentOS", "operatingsystemrelease": [ - "5", - "6", "7" ] }, { "operatingsystem": "Debian", "operatingsystemrelease": [ - "6", "7" ] }, { "operatingsystem": "SLES", "operatingsystemrelease": [ - "11", "12" ] }, @@ -43,7 +37,8 @@ "operatingsystemrelease": [ "10.04", "12.04", - "14.04" + "14.04", + "16.04" ] } ], @@ -51,10 +46,6 @@ { "name": "puppet", "version_requirement": ">=3.0.0 <6.0.0" - }, - { - "name": "pe", - "version_requirement": ">=3.0.0 <6.0.0" } ], "tags": [ From 040ee966a7af256a5afece0988d0aef71795db96 Mon Sep 17 00:00:00 2001 From: Scott Brimhall Date: Thu, 27 Jul 2017 12:56:23 -0600 Subject: [PATCH 05/16] Remove format --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 038dcaa..044e34a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,7 @@ --- language: ruby bundler_args: --without system_tests -script: "bundle exec rake test SPEC_OPTS='--format documentation'" +script: "bundle exec rake test" matrix: fast_finish: true include: From 4d7d25d00012e9e34c2fcb280749065d66dfe536 Mon Sep 17 00:00:00 2001 From: Scott Brimhall Date: Thu, 27 Jul 2017 13:03:07 -0600 Subject: [PATCH 06/16] Remove beaker --- .nodeset.yml | 27 -- Gemfile | 43 +- Rakefile | 31 +- spec/acceptance/class_spec.rb | 28 -- spec/acceptance/gnupg_key_install_spec.rb | 388 ------------------ spec/acceptance/nodesets/centos-59-x64.yml | 10 - spec/acceptance/nodesets/centos-64-x64-pe.yml | 12 - spec/acceptance/nodesets/centos-64-x64.yml | 11 - spec/acceptance/nodesets/centos-65-x64.yml | 10 - spec/acceptance/nodesets/debian-607-x64.yml | 11 - spec/acceptance/nodesets/debian-70rc1-x64.yml | 11 - spec/acceptance/nodesets/debian-73-i386.yml | 11 - spec/acceptance/nodesets/debian-73-x64.yml | 11 - spec/acceptance/nodesets/default.yml | 11 - .../nodesets/ubuntu-server-10044-x64.yml | 10 - .../nodesets/ubuntu-server-12042-x64.yml | 10 - .../nodesets/ubuntu-server-1310-x64.yml | 11 - .../nodesets/ubuntu-server-1404-x64.yml | 11 - spec/spec_helper_acceptance.rb | 48 --- spec/spec_helper_system.rb | 66 --- spec/system/gnupg_key_install_spec.rb | 152 ------- spec/system/install_spec.rb | 16 - 22 files changed, 42 insertions(+), 897 deletions(-) delete mode 100644 .nodeset.yml delete mode 100644 spec/acceptance/class_spec.rb delete mode 100644 spec/acceptance/gnupg_key_install_spec.rb delete mode 100644 spec/acceptance/nodesets/centos-59-x64.yml delete mode 100644 spec/acceptance/nodesets/centos-64-x64-pe.yml delete mode 100644 spec/acceptance/nodesets/centos-64-x64.yml delete mode 100644 spec/acceptance/nodesets/centos-65-x64.yml delete mode 100644 spec/acceptance/nodesets/debian-607-x64.yml delete mode 100644 spec/acceptance/nodesets/debian-70rc1-x64.yml delete mode 100644 spec/acceptance/nodesets/debian-73-i386.yml delete mode 100644 spec/acceptance/nodesets/debian-73-x64.yml delete mode 100644 spec/acceptance/nodesets/default.yml delete mode 100644 spec/acceptance/nodesets/ubuntu-server-10044-x64.yml delete mode 100644 spec/acceptance/nodesets/ubuntu-server-12042-x64.yml delete mode 100644 spec/acceptance/nodesets/ubuntu-server-1310-x64.yml delete mode 100644 spec/acceptance/nodesets/ubuntu-server-1404-x64.yml delete mode 100644 spec/spec_helper_acceptance.rb delete mode 100644 spec/spec_helper_system.rb delete mode 100644 spec/system/gnupg_key_install_spec.rb delete mode 100644 spec/system/install_spec.rb diff --git a/.nodeset.yml b/.nodeset.yml deleted file mode 100644 index c9a6e5a..0000000 --- a/.nodeset.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -default_set: 'centos-64-x64' -sets: - 'centos-59-x64': - nodes: - "main.foo.vm": - prefab: 'centos-59-x64' - 'centos-64-x64': - nodes: - "main.foo.vm": - prefab: 'centos-64-x64' - 'debian-607-x64': - nodes: - "main.foo.vm": - prefab: 'debian-607-x64' - 'debian-70rc1-x64': - nodes: - "main.foo.vm": - prefab: 'debian-70rc1-x64' - 'ubuntu-server-10044-x64': - nodes: - "main.foo.vm": - prefab: 'ubuntu-server-10044-x64' - 'ubuntu-server-12042-x64': - nodes: - "main.foo.vm": - prefab: 'ubuntu-server-12042-x64' diff --git a/Gemfile b/Gemfile index e37a38f..4333d23 100644 --- a/Gemfile +++ b/Gemfile @@ -1,33 +1,18 @@ -source ENV['GEM_SOURCE'] || "https://rubygems.org" +source ENV['GEM_SOURCE'] || 'https://rubygems.org' -group :development, :test do - gem 'rake', :require => false - gem 'rspec-core','~> 3.1.7', :require => false - gem 'rspec-puppet', :require => false - gem 'puppetlabs_spec_helper', :require => false - gem 'puppet-lint', :require => false - gem 'puppet_facts', :require => false - gem 'json', :require => false - gem 'metadata-json-lint', :require => false -end - -group :system_tests do - gem 'beaker', '~> 2.4', :require => false - gem 'beaker-rspec', :require => false - gem 'serverspec', :require => false - gem 'rspec-system-puppet', :require => false -end +puppetversion = ENV.key?('PUPPET_VERSION') ? ENV['PUPPET_VERSION'] : ['>= 3.3'] +gem 'metadata-json-lint' +gem 'puppet', puppetversion +gem 'puppetlabs_spec_helper', '>= 1.2.0' +gem 'puppet-lint', '>= 1.0.0' +gem 'facter', '>= 1.7.0' +gem 'rspec-puppet' -if facterversion = ENV['FACTER_GEM_VERSION'] - gem 'facter', facterversion, :require => false +# rspec must be v2 for ruby 1.8.7 +if RUBY_VERSION >= '1.8.7' && RUBY_VERSION < '1.9' + gem 'rspec', '~> 2.0' + gem 'rake', '~> 10.0' else - gem 'facter', :require => false + # rubocop requires ruby >= 1.9 + gem 'rubocop' end - -if puppetversion = ENV['PUPPET_GEM_VERSION'] - gem 'puppet', puppetversion, :require => false -else - gem 'puppet', :require => false -end - -# vim:ft=ruby diff --git a/Rakefile b/Rakefile index ed6717e..f39c98e 100644 --- a/Rakefile +++ b/Rakefile @@ -1,7 +1,15 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' +require 'metadata-json-lint/rake_task' -PuppetLint.configuration.send('relative') +if RUBY_VERSION >= '1.9' + require 'rubocop/rake_task' + RuboCop::RakeTask.new +end + +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.send +PuppetLint.configuration.relative = true PuppetLint.configuration.send("disable_80chars") PuppetLint.configuration.send('disable_class_parameter_defaults') PuppetLint.configuration.send('disable_class_inherits_from_params_class') @@ -10,7 +18,24 @@ PuppetLint.configuration.log_format = "%{path}:%{linenumber}:%{check}:%{KIND}:%{ PuppetLint.configuration.fail_on_warnings = true PuppetLint.configuration.ignore_paths = ["pkg/**/*", "vendor/**/*", "spec/**/*"] +PuppetLint.configuration.ignore_paths = ['spec/**/*.pp', 'pkg/**/*.pp'] -desc "Run syntax, lint, and beaker tests." -task :test => [:validate, :lint, :spec] +desc 'Validate manifests, templates, and ruby files' +task :validate do + Dir['manifests/**/*.pp'].each do |manifest| + sh "puppet parser validate --noop #{manifest}" + end + Dir['spec/**/*.rb', 'lib/**/*.rb'].each do |ruby_file| + sh "ruby -c #{ruby_file}" unless ruby_file =~ %r{spec/fixtures} + end + Dir['templates/**/*.erb'].each do |template| + sh "erb -P -x -T '-' #{template} | ruby -c" + end +end +desc 'Run lint, validate, and spec tests.' +task :test do + [:lint, :validate, :spec].each do |test| + Rake::Task[test].invoke + end +end diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb deleted file mode 100644 index c0cc09b..0000000 --- a/spec/acceptance/class_spec.rb +++ /dev/null @@ -1,28 +0,0 @@ -require 'spec_helper_acceptance' - -describe 'gnupg class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - case fact('osfamily') - when 'RedHat' - package_name = 'gnupg2' - when 'Debian' - package_name = 'gnupg' - end - - context 'default parameters' do - it 'should work with no errors' do - pp = <<-EOS - class { 'gnupg': } - EOS - - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero - end - - describe package(package_name) do - it { is_expected.to be_installed } - end - - end - -end \ No newline at end of file diff --git a/spec/acceptance/gnupg_key_install_spec.rb b/spec/acceptance/gnupg_key_install_spec.rb deleted file mode 100644 index b514dd1..0000000 --- a/spec/acceptance/gnupg_key_install_spec.rb +++ /dev/null @@ -1,388 +0,0 @@ -require 'spec_helper_acceptance' - -describe 'install gnupg keys' do - before :all do - pp = "class { 'gnupg': }" - apply_manifest(pp, :catch_failures => true) - end - - it 'should install a public key from a http URL address' do - pp = <<-EOS - gnupg_key { 'jenkins_key': - ensure => present, - user => 'root', - key_type => public, - key_source => 'http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key', - key_id => 'D50582E6', - } - EOS - - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) - - # check that gnupg installed the key - gpg("--list-keys D50582E6") do |r| - expect(r.stdout).to match(/D50582E6/) - expect(r.exit_code).to eq(0) - end - - # clean up - gpg("--batch --delete-key 150FDE3F7787E7D11EF4E12A9B7D32F2D50582E6") {} - end - - it 'should install a public key from a https URL address' do - pp = <<-EOS - gnupg_key { 'newrelic_key': - ensure => present, - user => 'root', - key_type => public, - key_source => 'https://download.newrelic.com/548C16BF.gpg', - key_id => '548C16BF', - } - EOS - - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) - - # check that gnupg installed the key - gpg("--list-keys 548C16BF") do |r| - expect(r.stdout).to match(/548C16BF/) - expect(r.exit_code).to eq(0) - end - - # clean up - gpg("--batch --delete-key B60A3EC9BC013B9C23790EC8B31B29E5548C16BF") {} - end - - it 'should install a public key from a key server' do - pp = <<-EOS - gnupg_key { 'root_key_foo': - ensure => present, - user => 'root', - key_type => public, - key_server => 'hkp://pgp.mit.edu/', - key_id => '20BC0A86', - } - EOS - - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) - - # check that gnupg installed the key - gpg("--list-keys 20BC0A86") do |r| - expect(r.stdout).to match(/20BC0A86/) - expect(r.exit_code).to eq(0) - end - - # clean up - gpg("--batch --delete-key 58AA73E230EB06B2A2DE8A873CCE8BC520BC0A86") {} - end - - - it 'should delete a public key' do - scp_to master, 'files/random.public.key', '/tmp/random.public.key' - gpg("--import /tmp/random.public.key") {} - - pp = <<-EOS - gnupg_key { 'bye_bye_key': - ensure => absent, - user => root, - key_type => public, - key_id => 926FA9B9, - } - EOS - - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) - - # check that gnupg deleted the key - gpg("--list-keys 926FA9B9", :acceptable_exit_codes => [0, 2]) do |r| - expect(r.stdout).to_not match(/926FA9B9/) - end - end - - it 'should install public key from the puppet fileserver/module repository' do - pp = <<-EOS - gnupg_key { 'add_key_by_remote_source': - ensure => present, - user => root, - key_type => public, - key_id => 926FA9B9, - key_source => "puppet:///modules/gnupg/random.public.key", - } - EOS - - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) - - # check that gnupg installed the key - gpg("--list-keys 926FA9B9") do |r| - expect(r.stdout).to match(/926FA9B9/) - expect(r.exit_code).to eq(0) - end - - # clean up - gpg("--batch --delete-key 7F2A6D3944CDFE31A47ECC2A60135C26926FA9B9") {} - end - - it 'should install public key from a local file path' do - scp_to master, 'files/random.public.key', '/tmp/random.public.key' - - pp = <<-EOS - gnupg_key { 'add_key_by_local_file_path': - ensure => present, - user => root, - key_type => public, - key_id => 926FA9B9, - key_source => "/tmp/random.public.key", - } - EOS - - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) - - # check that gnupg installed the key - gpg("--list-keys 926FA9B9") do |r| - expect(r.stdout).to match(/926FA9B9/) - expect(r.exit_code).to eq(0) - end - - # clean up - gpg("--batch --delete-key 7F2A6D3944CDFE31A47ECC2A60135C26926FA9B9") {} - end - - it 'should install public key from a local file URL address' do - scp_to master, 'files/random.public.key', '/tmp/random.public.key' - - pp = <<-EOS - gnupg_key { 'add_key_by_local_file_url': - ensure => present, - user => root, - key_type => public, - key_id => 926FA9B9, - key_source => "file:///tmp/random.public.key", - } - EOS - - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) - - # check that gnupg installed the key - gpg("--list-keys 926FA9B9") do |r| - expect(r.stdout).to match(/926FA9B9/) - expect(r.exit_code).to eq(0) - end - - # clean up - gpg("--batch --delete-key 7F2A6D3944CDFE31A47ECC2A60135C26926FA9B9") {} - end - - it 'should install public key using string key content' do - key = File.read('files/random.public.key') - - pp = <<-EOS - gnupg_key { 'public_key_from_string_content': - ensure => present, - user => root, - key_id => 926FA9B9, - key_type => public, - key_content => "#{key}" - } - EOS - - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) - - # check that gnupg installed the key - gpg("--list-keys 926FA9B9") do |r| - expect(r.stdout).to match(/926FA9B9/) - expect(r.exit_code).to eq(0) - end - - # clean up - gpg("--batch --delete-key 7F2A6D3944CDFE31A47ECC2A60135C26926FA9B9") {} - end - - - it 'should not install public key using string because key content is invalid' do - key = File.read('files/broken.public.key') - - pp = <<-EOS - gnupg_key { 'public_key_from_invalid_string_content': - ensure => present, - user => root, - key_id => 926FA9B9, - key_type => public, - key_content => "#{key}" - } - EOS - - apply_manifest(pp, :expect_failures => true) - end - - it 'should not install a key, because local resource does not exists' do - pp = <<-EOS - gnupg_key { 'jenkins_key': - ensure => present, - user => 'root', - key_type => public, - key_source => '/santa/claus/does/not/exists/org/sorry/kids.key', - key_id => '40404040', - } - EOS - - apply_manifest(pp, :expect_failures => true) - end - - it 'should fail to install a public key, because there is no content at the supplied URL address' do - pp = <<-EOS - gnupg_key { 'jenkins_key': - ensure => present, - user => 'root', - key_type => public, - key_source => 'http://foo.com/key-not-there.key', - key_id => '40404040', - } - EOS - - apply_manifest(pp, :expect_failures => true) - end - - it 'should install private key from a local file path' do - scp_to master, 'files/random.private.key', '/tmp/random.private.key' - - pp = <<-EOS - gnupg_key { 'add_private_key_by_local_file_path': - ensure => present, - user => root, - key_id => 926FA9B9, - key_type => private, - key_source => '/tmp/random.private.key' - } - EOS - - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) - - # check that gnupg installed the key - gpg("--list-secret-keys 926FA9B9") do |r| - expect(r.stdout).to match(/926FA9B9/) - expect(r.exit_code).to eq(0) - end - - # clean up - gpg("--batch --delete-secret-and-public-key 7F2A6D3944CDFE31A47ECC2A60135C26926FA9B9") - end - - it 'should install private key from a local file URL address' do - scp_to master, 'files/random.private.key', '/tmp/random.private.key' - - pp = <<-EOS - gnupg_key { 'add_private_key_by_local_file_path': - ensure => present, - user => root, - key_id => 926FA9B9, - key_type => private, - key_source => 'file:///tmp/random.private.key' - } - EOS - - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) - - # check that gnupg installed the key - gpg("--list-secret-keys 926FA9B9") do |r| - expect(r.stdout).to match(/926FA9B9/) - expect(r.exit_code).to eq(0) - end - - # clean up - gpg("--batch --delete-secret-and-public-key 7F2A6D3944CDFE31A47ECC2A60135C26926FA9B9") - end - - it 'should install private key using string key content' do - key = File.read('files/random.private.key') - - pp = <<-EOS - gnupg_key { 'private_key_from_string_content': - ensure => present, - user => root, - key_id => 926FA9B9, - key_type => private, - key_content => "#{key}" - } - EOS - - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) - - # check that gnupg installed the key - gpg("--list-secret-keys 926FA9B9") do |r| - expect(r.stdout).to match(/926FA9B9/) - expect(r.exit_code).to eq(0) - end - - # clean up - gpg("--batch --delete-secret-and-public-key 7F2A6D3944CDFE31A47ECC2A60135C26926FA9B9") {} - end - - it 'should delete a private key' do - # importing a private key imports the public key as well - scp_to master, 'files/random.private.key', '/tmp/random.private.key' - gpg("--import /tmp/random.private.key") {} - - pp = <<-EOS - gnupg_key { 'bye_bye_key': - ensure => absent, - user => root, - key_id => 926FA9B9, - key_type => private - } - EOS - - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) - - # check that gnupg deleted the public key - gpg("--list-secret-keys 926FA9B9", :acceptable_exit_codes => [0, 2]) do |r| - expect(r.stdout).to_not match(/926FA9B9/) - end - - # check that gnupg left the public key - gpg("--list-keys 926FA9B9") do |r| - expect(r.stdout).to match(/926FA9B9/) - expect(r.exit_code).to eq(0) - end - - # clean up - gpg("--batch --delete-key 7F2A6D3944CDFE31A47ECC2A60135C26926FA9B9") - end - - it 'should delete both public and private key for key_id' do - # importing a private key imports the public key as well - scp_to master, 'files/random.private.key', '/tmp/random.private.key' - gpg("--import /tmp/random.private.key") {} - - pp = <<-EOS - gnupg_key { 'bye_bye_key': - ensure => absent, - user => root, - key_id => 926FA9B9, - key_type => both - } - EOS - - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) - - # check that gnupg deleted the public key - gpg("--list-secret-keys 926FA9B9", :acceptable_exit_codes => [0, 2]) do |r| - expect(r.stdout).to_not match(/926FA9B9/) - end - - # check that gnupg left the public key - gpg("--list-keys 926FA9B9", :acceptable_exit_codes => [0, 2]) do |r| - expect(r.stdout).to_not match(/926FA9B9/) - end - end -end diff --git a/spec/acceptance/nodesets/centos-59-x64.yml b/spec/acceptance/nodesets/centos-59-x64.yml deleted file mode 100644 index 2ad90b8..0000000 --- a/spec/acceptance/nodesets/centos-59-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - centos-59-x64: - roles: - - master - platform: el-5-x86_64 - box : centos-59-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - type: git diff --git a/spec/acceptance/nodesets/centos-64-x64-pe.yml b/spec/acceptance/nodesets/centos-64-x64-pe.yml deleted file mode 100644 index 7d9242f..0000000 --- a/spec/acceptance/nodesets/centos-64-x64-pe.yml +++ /dev/null @@ -1,12 +0,0 @@ -HOSTS: - centos-64-x64: - roles: - - master - - database - - dashboard - platform: el-6-x86_64 - box : centos-64-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - type: pe diff --git a/spec/acceptance/nodesets/centos-64-x64.yml b/spec/acceptance/nodesets/centos-64-x64.yml deleted file mode 100644 index ce47212..0000000 --- a/spec/acceptance/nodesets/centos-64-x64.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - centos-64-x64: - roles: - - master - platform: el-6-x86_64 - box : centos-64-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - log_level: debug - type: git diff --git a/spec/acceptance/nodesets/centos-65-x64.yml b/spec/acceptance/nodesets/centos-65-x64.yml deleted file mode 100644 index 4e2cb80..0000000 --- a/spec/acceptance/nodesets/centos-65-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - centos-65-x64: - roles: - - master - platform: el-6-x86_64 - box : centos-65-x64-vbox436-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-nocm.box - hypervisor : vagrant -CONFIG: - type: foss diff --git a/spec/acceptance/nodesets/debian-607-x64.yml b/spec/acceptance/nodesets/debian-607-x64.yml deleted file mode 100644 index e642e09..0000000 --- a/spec/acceptance/nodesets/debian-607-x64.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - debian-607-x64: - roles: - - master - platform: debian-6-amd64 - box : debian-607-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-607-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - log_level: debug - type: git diff --git a/spec/acceptance/nodesets/debian-70rc1-x64.yml b/spec/acceptance/nodesets/debian-70rc1-x64.yml deleted file mode 100644 index cbbbfb2..0000000 --- a/spec/acceptance/nodesets/debian-70rc1-x64.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - debian-70rc1-x64: - roles: - - master - platform: debian-7-amd64 - box : debian-70rc1-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-70rc1-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - log_level: debug - type: git diff --git a/spec/acceptance/nodesets/debian-73-i386.yml b/spec/acceptance/nodesets/debian-73-i386.yml deleted file mode 100644 index a38902d..0000000 --- a/spec/acceptance/nodesets/debian-73-i386.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - debian-73-i386: - roles: - - master - platform: debian-7-i386 - box : debian-73-i386-virtualbox-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-73-i386-virtualbox-nocm.box - hypervisor : vagrant -CONFIG: - log_level: debug - type: git diff --git a/spec/acceptance/nodesets/debian-73-x64.yml b/spec/acceptance/nodesets/debian-73-x64.yml deleted file mode 100644 index f9cf0c9..0000000 --- a/spec/acceptance/nodesets/debian-73-x64.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - debian-73-x64: - roles: - - master - platform: debian-7-amd64 - box : debian-73-x64-virtualbox-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-73-x64-virtualbox-nocm.box - hypervisor : vagrant -CONFIG: - log_level: debug - type: git diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml deleted file mode 100644 index ce47212..0000000 --- a/spec/acceptance/nodesets/default.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - centos-64-x64: - roles: - - master - platform: el-6-x86_64 - box : centos-64-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - log_level: debug - type: git diff --git a/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml b/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml deleted file mode 100644 index 5ca1514..0000000 --- a/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - ubuntu-server-10044-x64: - roles: - - master - platform: ubuntu-10.04-amd64 - box : ubuntu-server-10044-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-10044-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - type: foss diff --git a/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml b/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml deleted file mode 100644 index d065b30..0000000 --- a/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - ubuntu-server-12042-x64: - roles: - - master - platform: ubuntu-12.04-amd64 - box : ubuntu-server-12042-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - type: foss diff --git a/spec/acceptance/nodesets/ubuntu-server-1310-x64.yml b/spec/acceptance/nodesets/ubuntu-server-1310-x64.yml deleted file mode 100644 index f4b2366..0000000 --- a/spec/acceptance/nodesets/ubuntu-server-1310-x64.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - ubuntu-server-1310-x64: - roles: - - master - platform: ubuntu-13.10-amd64 - box : ubuntu-server-1310-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-1310-x64-virtualbox-nocm.box - hypervisor : vagrant -CONFIG: - log_level : debug - type: git diff --git a/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml deleted file mode 100644 index cba1cd0..0000000 --- a/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - ubuntu-server-1404-x64: - roles: - - master - platform: ubuntu-14.04-amd64 - box : puppetlabs/ubuntu-14.04-64-nocm - box_url : https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm - hypervisor : vagrant -CONFIG: - log_level : debug - type: git diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb deleted file mode 100644 index a3c593d..0000000 --- a/spec/spec_helper_acceptance.rb +++ /dev/null @@ -1,48 +0,0 @@ -require 'beaker-rspec/spec_helper' -require 'beaker-rspec/helpers/serverspec' - - -unless ENV['RS_PROVISION'] == 'no' - # This will install the latest available package on el and deb based - # systems fail on windows and osx, and install via gem on other *nixes - foss_opts = { :default_action => 'gem_install' } - if default.is_pe?; then install_pe; else install_puppet( foss_opts ); end - - hosts.each do |host| - if host['platform'] =~ /debian/ - on host, 'echo \'export PATH=/var/lib/gems/1.8/bin/:${PATH}\' >> ~/.bashrc' - end - - on host, "mkdir -p #{host['distmoduledir']}" - end -end - -UNSUPPORTED_PLATFORMS = ['Suse','windows','AIX','Solaris'] - -module LocalHelpers - def gpg(gpg_cmd, options = {:user => 'root', :acceptable_exit_codes => [0]}, &block) - user = options.delete(:user) - gpg = "gpg #{gpg_cmd}" - shell("su #{user} -c \"#{gpg}\"", options, &block) - end -end - -RSpec.configure do |c| - # Project root - proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) - - # Readable test descriptions - c.formatter = :documentation - - # Include in our local helpers, because some puppet images run - # as diffrent users - c.include ::LocalHelpers - - # Configure all nodes in nodeset - c.before :suite do - # Install module and dependencies - hosts.each do |host| - copy_module_to(host, :source => proj_root, :module_name => 'gnupg') - end - end -end diff --git a/spec/spec_helper_system.rb b/spec/spec_helper_system.rb deleted file mode 100644 index e37e880..0000000 --- a/spec/spec_helper_system.rb +++ /dev/null @@ -1,66 +0,0 @@ -require 'rspec-system/spec_helper' -require 'rspec-system-puppet/helpers' -require 'rspec-system-serverspec/helpers' -require 'tempfile' - -include Serverspec::Helper::RSpecSystem -include Serverspec::Helper::DetectOS -include RSpecSystemPuppet::Helpers - -class String - # Provide ability to remove indentation from strings, for the purpose of - # left justifying heredoc blocks. - def unindent - gsub(/^#{scan(/^\s*/).min_by{|l|l.length}}/, "") - end -end - -module LocalHelpers - include RSpecSystem::Util - - def gpg(gpg_cmd, user = 'root', &block) - gpg = "gpg #{gpg_cmd}" - shell("su #{shellescape(user)} -c #{shellescape(gpg)}", &block) - end -end - -RSpec.configure do |c| - # Project root - proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) - - # Enable colour - c.tty = true - - # Include in our local helpers, because some puppet images run - # as diffrent users - c.include ::LocalHelpers - - # Puppet helpers - c.include RSpecSystemPuppet::Helpers - c.extend RSpecSystemPuppet::Helpers - - # This is where we 'setup' the nodes before running our tests - c.before :suite do - # Install puppet - puppet_install - - # Install my module from the current working copy - puppet_module_install(:source => proj_root, :module_name => 'gnupg') - shell 'whoami' - shell 'puppet module list' - - # disable hiera warnings - file = Tempfile.new('foo') - begin - file.write(<<-EOS) ---- -:logger: noop - EOS - file.close - rcp(:sp => file.path, :dp => '/etc/puppet/hiera.yaml') - ensure - file.unlink - end - end -end - diff --git a/spec/system/gnupg_key_install_spec.rb b/spec/system/gnupg_key_install_spec.rb deleted file mode 100644 index 775a08d..0000000 --- a/spec/system/gnupg_key_install_spec.rb +++ /dev/null @@ -1,152 +0,0 @@ -require 'spec_helper_system' - -describe 'gnupg_key install' do - - before :all do - puppet_apply("class {'gnupg': } ") do |r| - r.exit_code.should == 0 - end - end - - it 'should install a public key from a HTTP URL address' do - pp = <<-EOS.unindent - gnupg_key { 'jenkins_key': - ensure => present, - user => 'root', - key_source => 'http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key', - key_id => 'D50582E6', - } - EOS - - puppet_apply(pp) do |r| - r.exit_code.should == 2 - r.refresh - r.exit_code.should == 0 - end - - # check that gnupg installed the key - gpg("--list-keys D50582E6") do |r| - r.stdout.should =~ /D50582E6/ - r.stderr.should == '' - r.exit_code == 0 - end - end - - it 'should install a public key from a HTTPS URL address' do - pp = <<-EOS.unindent - gnupg_key { 'newrelic_key': - ensure => present, - user => 'root', - key_source => 'https://download.newrelic.com/548C16BF.gpg', - key_id => '548C16BF', - } - EOS - - puppet_apply(pp) do |r| - r.exit_code.should == 2 - r.refresh - r.exit_code.should == 0 - end - - # check that gnupg installed the key - gpg("--list-keys 548C16BF") do |r| - r.stdout.should =~ /548C16BF/ - r.stderr.should == '' - r.exit_code == 0 - end - end - - it 'should install a public key from a key server' do - pp = <<-EOS.unindent - gnupg_key { 'root_key_foo': - ensure => present, - user => 'root', - key_server => 'hkp://pgp.mit.edu/', - key_id => '20BC0A86', - } - EOS - - puppet_apply(pp) do |r| - r.exit_code.should == 2 - r.refresh - r.exit_code.should == 0 - end - - # check that gnupg installed the key - gpg("--list-keys 20BC0A86") do |r| - r.stdout.should =~ /20BC0A86/ - r.stderr.should == '' - r.exit_code == 0 - end - end - - it 'should remove public key 20BC0A86' do - pp = <<-EOS.unindent - gnupg_key { 'bye_bye_key': - ensure => absent, - key_id => 20BC0A86, - user => root, - } - EOS - - puppet_apply(pp) do |r| - r.exit_code.should == 2 - r.refresh - r.exit_code.should == 0 - end - end - - it 'should install public key from the puppet fileserver/module repository' do - pp = <<-EOS.unindent - gnupg_key {'add_key_by_remote_source': - ensure => present, - key_id => 20BC0A86, - user => root, - key_source => "puppet:///modules/gnupg/random.key", - } - EOS - - puppet_apply(pp) do |r| - r.exit_code.should == 2 - r.refresh - r.exit_code.should == 0 - end - - # check that gnupg installed the key - gpg("--list-keys 20BC0A86") do |r| - r.stdout.should =~ /20BC0A86/ - r.stderr.should == '' - r.exit_code == 0 - end - end - - it 'should not install a public key, because local resource does not exists' do - pp = <<-EOS.unindent - gnupg_key { 'jenkins_key': - ensure => present, - user => 'root', - key_source => '/santa/claus/does/not/exists/org/sorry/kids.key', - key_id => '40404040', - } - EOS - - puppet_apply(pp) do |r| - r.exit_code.should == 4 - end - end - - it 'should fail to install a public key, because there is no content at the supplied URL address' do - pp = <<-EOS.unindent - gnupg_key { 'jenkins_key': - ensure => present, - user => 'root', - key_source => 'http://foo.com/key-not-there.key', - key_id => '40404040', - } - EOS - - puppet_apply(pp) do |r| - r.exit_code.should == 4 - end - end -end diff --git a/spec/system/install_spec.rb b/spec/system/install_spec.rb deleted file mode 100644 index 1a4e906..0000000 --- a/spec/system/install_spec.rb +++ /dev/null @@ -1,16 +0,0 @@ -require 'spec_helper_system' - -describe 'install gnupg:' do - - it 'test loading class with no arguments' do - pp = <<-EOS.unindent - class {'gnupg':} - EOS - - puppet_apply(pp) do |r| - r.exit_code.should == 0 - r.refresh - r.exit_code.should == 0 - end - end -end From debe9ecf3cf61e4b9e6cac9f1697775749707b28 Mon Sep 17 00:00:00 2001 From: Scott Brimhall Date: Thu, 27 Jul 2017 13:10:26 -0600 Subject: [PATCH 07/16] Update Rakefile --- .travis.yml | 4 ++-- Gemfile | 2 +- Rakefile | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 044e34a..74062a6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,9 +11,9 @@ matrix: env: PUPPET_GEM_VERSION="~> 3.8" - rvm: 2.0.0 env: PUPPET_GEM_VERSION="~> 3.8" - - rvm: 2.1.0 + - rvm: 2.1.10 env: PUPPET_GEM_VERSION="~> 4.0" - - rvm: 2.4.0 + - rvm: 2.4.1 env: PUPPET_GEM_VERSION="~> 5.0" notifications: email: scott@brimh.al diff --git a/Gemfile b/Gemfile index 4333d23..3f5260d 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source ENV['GEM_SOURCE'] || 'https://rubygems.org' -puppetversion = ENV.key?('PUPPET_VERSION') ? ENV['PUPPET_VERSION'] : ['>= 3.3'] +puppetversion = ENV.key?('PUPPET_GEM_VERSION') ? ENV['PUPPET_GEM_VERSION'] : ['>= 3.8.7'] gem 'metadata-json-lint' gem 'puppet', puppetversion gem 'puppetlabs_spec_helper', '>= 1.2.0' diff --git a/Rakefile b/Rakefile index f39c98e..61829c5 100644 --- a/Rakefile +++ b/Rakefile @@ -1,3 +1,4 @@ +require 'rake' require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' require 'metadata-json-lint/rake_task' @@ -8,7 +9,6 @@ if RUBY_VERSION >= '1.9' end PuppetLint.configuration.send('disable_80chars') -PuppetLint.configuration.send PuppetLint.configuration.relative = true PuppetLint.configuration.send("disable_80chars") PuppetLint.configuration.send('disable_class_parameter_defaults') From 41d06af9a8d25d70d415256f9ee6efed4dee7a64 Mon Sep 17 00:00:00 2001 From: Scott Brimhall Date: Thu, 27 Jul 2017 13:33:24 -0600 Subject: [PATCH 08/16] Add CI support for Ruby 1.9.3, 2.1.10, & 2.4.1 --- .travis.yml | 2 +- Gemfile | 15 +++++++++++++-- Rakefile | 7 +++++-- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index 74062a6..54b5c28 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,7 +8,7 @@ matrix: - rvm: 1.8.7 env: PUPPET_GEM_VERSION="~> 3.8" FACTER_GEM_VERSION="~> 2.4.6" - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 3.8" + env: PUPPET_GEM_VERSION="~> 3.8" FACTER_GEM_VERSION="~> 2.4.6" - rvm: 2.0.0 env: PUPPET_GEM_VERSION="~> 3.8" - rvm: 2.1.10 diff --git a/Gemfile b/Gemfile index 3f5260d..d62e01f 100644 --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,6 @@ source ENV['GEM_SOURCE'] || 'https://rubygems.org' puppetversion = ENV.key?('PUPPET_GEM_VERSION') ? ENV['PUPPET_GEM_VERSION'] : ['>= 3.8.7'] -gem 'metadata-json-lint' gem 'puppet', puppetversion gem 'puppetlabs_spec_helper', '>= 1.2.0' gem 'puppet-lint', '>= 1.0.0' @@ -12,7 +11,19 @@ gem 'rspec-puppet' if RUBY_VERSION >= '1.8.7' && RUBY_VERSION < '1.9' gem 'rspec', '~> 2.0' gem 'rake', '~> 10.0' -else +elsif RUBY_VERSION >= '1.9.3' && RUBY_VERSION < '2.0' + gem 'public_suffix', '~> 1.4.6' + # rubocop requires ruby >= 1.9 + gem 'rubocop' +elsif RUBY_VERSION >= '2.0' + # metadata-json-lint requires >= 2.0 + gem 'metadata-json-lint' # rubocop requires ruby >= 1.9 gem 'rubocop' +else + gem 'rubocop' +end + +if puppetversion >= '3.0' && puppetversion < '5.0' + gem 'semantic_puppet' end diff --git a/Rakefile b/Rakefile index 61829c5..06c3e99 100644 --- a/Rakefile +++ b/Rakefile @@ -1,13 +1,16 @@ require 'rake' require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' -require 'metadata-json-lint/rake_task' -if RUBY_VERSION >= '1.9' +if RUBY_VERSION > '1.9.3' require 'rubocop/rake_task' RuboCop::RakeTask.new end +if RUBY_VERSION >= '2.0' + require 'metadata-json-lint/rake_task' +end + PuppetLint.configuration.send('disable_80chars') PuppetLint.configuration.relative = true PuppetLint.configuration.send("disable_80chars") From 691b5cfecd4e4d0eb42bf4b147c47e8382352057 Mon Sep 17 00:00:00 2001 From: Scott Brimhall Date: Thu, 27 Jul 2017 13:36:30 -0600 Subject: [PATCH 09/16] Pin rubocop version for ruby 1.9.3 --- Gemfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index d62e01f..f41a5f3 100644 --- a/Gemfile +++ b/Gemfile @@ -13,8 +13,8 @@ if RUBY_VERSION >= '1.8.7' && RUBY_VERSION < '1.9' gem 'rake', '~> 10.0' elsif RUBY_VERSION >= '1.9.3' && RUBY_VERSION < '2.0' gem 'public_suffix', '~> 1.4.6' - # rubocop requires ruby >= 1.9 - gem 'rubocop' + # rubocop requires ruby >= 2.0 as of 0.42 + gem 'rubocop', '~> 0.41' elsif RUBY_VERSION >= '2.0' # metadata-json-lint requires >= 2.0 gem 'metadata-json-lint' From 4f36b9c0f02e2ca47163c9f9b539986824287de1 Mon Sep 17 00:00:00 2001 From: Scott Brimhall Date: Thu, 27 Jul 2017 13:38:37 -0600 Subject: [PATCH 10/16] Use semantic_puppet if not puppet 5 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index f41a5f3..ce44b07 100644 --- a/Gemfile +++ b/Gemfile @@ -24,6 +24,6 @@ else gem 'rubocop' end -if puppetversion >= '3.0' && puppetversion < '5.0' +unless puppetversion >= '5.0' gem 'semantic_puppet' end From 2c8cdc0bd916f5a69345a82646f98b75aadc9302 Mon Sep 17 00:00:00 2001 From: Scott Brimhall Date: Thu, 27 Jul 2017 13:43:34 -0600 Subject: [PATCH 11/16] Remove rubocop for ruby 1.9.3 --- Gemfile | 8 ++------ Rakefile | 7 ++----- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/Gemfile b/Gemfile index ce44b07..5870664 100644 --- a/Gemfile +++ b/Gemfile @@ -13,14 +13,10 @@ if RUBY_VERSION >= '1.8.7' && RUBY_VERSION < '1.9' gem 'rake', '~> 10.0' elsif RUBY_VERSION >= '1.9.3' && RUBY_VERSION < '2.0' gem 'public_suffix', '~> 1.4.6' - # rubocop requires ruby >= 2.0 as of 0.42 - gem 'rubocop', '~> 0.41' -elsif RUBY_VERSION >= '2.0' +elsif RUBY_VERSION >= '2.0' && RUBY_VERSION < '3.0' # metadata-json-lint requires >= 2.0 gem 'metadata-json-lint' - # rubocop requires ruby >= 1.9 - gem 'rubocop' -else + # rubocop requires ruby >= 2.0 gem 'rubocop' end diff --git a/Rakefile b/Rakefile index 06c3e99..5b5691a 100644 --- a/Rakefile +++ b/Rakefile @@ -2,13 +2,10 @@ require 'rake' require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' -if RUBY_VERSION > '1.9.3' - require 'rubocop/rake_task' - RuboCop::RakeTask.new -end - if RUBY_VERSION >= '2.0' require 'metadata-json-lint/rake_task' + require 'rubocop/rake_task' + RuboCop::RakeTask.new end PuppetLint.configuration.send('disable_80chars') From a02841ca9d779f99ec539cb95a59140c72529cca Mon Sep 17 00:00:00 2001 From: Scott Brimhall Date: Thu, 27 Jul 2017 13:50:09 -0600 Subject: [PATCH 12/16] Dump ruby 1.8.7 and 2.0 --- .travis.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 54b5c28..00d3e25 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,12 +5,8 @@ script: "bundle exec rake test" matrix: fast_finish: true include: - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 3.8" FACTER_GEM_VERSION="~> 2.4.6" - rvm: 1.9.3 env: PUPPET_GEM_VERSION="~> 3.8" FACTER_GEM_VERSION="~> 2.4.6" - - rvm: 2.0.0 - env: PUPPET_GEM_VERSION="~> 3.8" - rvm: 2.1.10 env: PUPPET_GEM_VERSION="~> 4.0" - rvm: 2.4.1 From abce7009df173b7fabd93f01739b84d3249378ec Mon Sep 17 00:00:00 2001 From: Scott Brimhall Date: Thu, 27 Jul 2017 13:51:28 -0600 Subject: [PATCH 13/16] Remove ruby 1.8.7 logic --- Gemfile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Gemfile b/Gemfile index 5870664..c7d69ce 100644 --- a/Gemfile +++ b/Gemfile @@ -7,10 +7,6 @@ gem 'puppet-lint', '>= 1.0.0' gem 'facter', '>= 1.7.0' gem 'rspec-puppet' -# rspec must be v2 for ruby 1.8.7 -if RUBY_VERSION >= '1.8.7' && RUBY_VERSION < '1.9' - gem 'rspec', '~> 2.0' - gem 'rake', '~> 10.0' elsif RUBY_VERSION >= '1.9.3' && RUBY_VERSION < '2.0' gem 'public_suffix', '~> 1.4.6' elsif RUBY_VERSION >= '2.0' && RUBY_VERSION < '3.0' From b7465375639b9730fe59ef516dcd6aedb0b9c8ac Mon Sep 17 00:00:00 2001 From: Scott Brimhall Date: Thu, 27 Jul 2017 14:02:05 -0600 Subject: [PATCH 14/16] Fix syntax error in Gemfile --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index c7d69ce..2b2836c 100644 --- a/Gemfile +++ b/Gemfile @@ -7,7 +7,7 @@ gem 'puppet-lint', '>= 1.0.0' gem 'facter', '>= 1.7.0' gem 'rspec-puppet' -elsif RUBY_VERSION >= '1.9.3' && RUBY_VERSION < '2.0' +if RUBY_VERSION >= '1.9.3' && RUBY_VERSION < '2.0' gem 'public_suffix', '~> 1.4.6' elsif RUBY_VERSION >= '2.0' && RUBY_VERSION < '3.0' # metadata-json-lint requires >= 2.0 From b15350b66ae0a814b32729de6653ce7075af7abe Mon Sep 17 00:00:00 2001 From: Scott Brimhall Date: Thu, 27 Jul 2017 14:18:06 -0600 Subject: [PATCH 15/16] Update documentation --- CHANGELOG | 3 +++ README.md | 18 ++++++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index d4a9771..1a479a8 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +2017-07-27 - Scott Brimhall - 1.2.4 +* Fork golja/gnupg and add gpg_home and sign_key parameters + 2016-01-22 - Dejan Golja - 1.2.3 * Another retry to rebuild repack the module to fix the PaxHeaders bsd tar bug diff --git a/README.md b/README.md index fdc616b..4403344 100644 --- a/README.md +++ b/README.md @@ -18,11 +18,11 @@ Tested with Tavis CI NOTE: For puppet 2.7.x supported module please use version 0.X.X -[![Build Status](https://travis-ci.org/n1tr0g/golja-gnupg.png)](https://travis-ci.org/n1tr0g/golja-gnupg) [![Puppet Forge](http://img.shields.io/puppetforge/v/golja/gnupg.svg)](https://forge.puppetlabs.com/golja/gnupg) +[![Build Status](https://travis-ci.org/sbrimhall/puppet-gnupg.png)](https://travis-ci.org/sbrimhall/puppet-gnupg) [![Puppet Forge](http://img.shields.io/puppetforge/v/sbrimhall/gnupg.svg)](https://forge.puppetlabs.com/sbrimhall/gnupg) ##Installation - $ puppet module install golja/gnupg + $ puppet module install sbrimhall/gnupg ##Usage @@ -37,6 +37,8 @@ gnupg_key { 'hkp_server_20BC0A86': ensure => present, key_id => '20BC0A86', user => 'root', + gpg_home => '/root/.gnupg', + sign_key => true, key_server => 'hkp://pgp.mit.edu/', key_type => public, } @@ -49,6 +51,8 @@ gnupg_key { 'jenkins_foo_key': ensure => present, key_id => 'D50582E6', user => 'foo', + gpg_home => '/home/foo/custom_gpg_dir', + sign_key => true, key_source => 'http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key', key_type => public, } @@ -61,6 +65,8 @@ gnupg_key { 'jenkins_foo_key': ensure => present, key_id => 'D50582E6', user => 'foo', + gpg_home => '/home/foo/.gnupg', + sign_key => true, key_source => 'puppet:///modules/gnupg/D50582E6.key', key_type => public, } @@ -73,6 +79,8 @@ gnupg_key { 'jenkins_foo_key': ensure => present, key_id => 'D50582E6', user => 'bar', + gpg_home => '/home/bar/.gnupg', + sign_key => true, key_content => '-----BEGIN BROKEN PUBLIC KEY BLOCK-----...', key_type => public, } @@ -86,6 +94,7 @@ gnupg_key {'root_remove': ensure => absent, key_id => '20BC0A86', user => 'root', + gpg_home => '/root/.gnupg', key_type => public, } ``` @@ -97,6 +106,7 @@ gnupg_key {'root_remove': ensure => absent, key_id => '20BC0A66', user => 'root', + gpg_home => '/root/.gnupg', key_type => both, } ``` @@ -134,6 +144,10 @@ The absolute path to use for --homedir with the gpg command. This is required w GPG keys for hiera-eyaml-gpg on a puppet server. Must be a path that is accessible by the user defined in the `user` parameter. +#####`sign_key` + +Boolean - Whether to sign an imported key or not + #####`key_id` **REQUIRED** - Key ID. Usually the traditional 8-character key ID. Also accepted the From 09784fd257019f6cfeee2c9928be2ede7889a8fd Mon Sep 17 00:00:00 2001 From: Scott Brimhall Date: Thu, 27 Jul 2017 14:22:18 -0600 Subject: [PATCH 16/16] Bump version to 1.2.5 --- CHANGELOG | 3 +++ metadata.json | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 1a479a8..6a8b771 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +2017-07-27 - Scott Brimhall - 1.2.5 +* Update documentation + 2017-07-27 - Scott Brimhall - 1.2.4 * Fork golja/gnupg and add gpg_home and sign_key parameters diff --git a/metadata.json b/metadata.json index e226213..5bf1a08 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "sbrimhall-gnupg", - "version": "1.2.4", + "version": "1.2.5", "author": "Scott Brimhall", "summary": "Manage gnupg package and public keys. Fork of golja-gnupg with additional parameters for gpg homedir and signing keys.", "license": "Apache-2.0",