Merge pull request #407 from mkrakowitzer/f3792625/trusted_param

Add support for parameter trusted MODULES-1658
2015-01-20 16:05:44 -05:00 · 2015-01-20 16:05:44 -05:00 · 646b407027
commit 646b407027
parent 6b23f3cb78 4f0ebaced7
4 changed files with 81 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -287,6 +287,24 @@ apt::sources:
 * `autoclean`: How often, in days, to run `apt-get autoclean`.
 * `randomsleep`: How long, in seconds, to randomly wait before applying upgrades.

+####apt::source
+
+* `comment`: Add a comment to the apt source file.
+* `ensure`: Allows you to remove the apt source file. Can be 'present' or 'absent'.
+* `location`: The URL of the apt repository.
+* `release`: The distribution of the apt repository. Defaults to fact 'lsbdistcodename'.
+* `repos`: The component of the apt repository. This defaults to 'main'.
+* `include_deb`: References a Debian distribution's binary package.
+* `include_src`: Enable the deb-src type, references a Debian distribution's source code in the same form as the include_deb type. A deb-src line is required to fetch source indexes.
+* `required_packages`: todo
+* `key`: See apt::key
+* `key_server`: See apt::key
+* `key_content`: See apt::key
+* `key_source`: See apt::key
+* `pin`: See apt::pin
+* `architecture`: can be used to specify for which architectures information should be downloaded. If this option is not set all architectures defined by the APT::Architectures option will be downloaded. Defaults to 'undef' which means all. Example values can be 'i386' or 'i386,alpha,powerpc'
+* `trusted` can be set to indicate that packages from this source are always authenticated even if the Release file is not signed or the signature can't be checked. Defaults to false. Can be 'true' or 'false'.
+
 ### Testing

 The apt module is mostly a collection of defined resource types, which provide reusable logic for managing Apt. It provides smoke tests for testing functionality on a target system, as well as spec tests for checking a compiled catalog against an expected set of resources.
--- a/manifests/source.pp
+++ b/manifests/source.pp
@ -15,12 +15,16 @@ define apt::source(
  $key_content       = undef,
  $key_source        = undef,
  $pin               = false,
-  $architecture      = undef
+  $architecture      = undef,
+  $trusted           = false,
 ) {

  include apt::params
  include apt::update

+  validate_string($architecture)
+  validate_bool($trusted)
+
  $sources_list_d = $apt::params::sources_list_d
  $provider       = $apt::params::provider

--- a/spec/defines/source_spec.rb
+++ b/spec/defines/source_spec.rb
@ -55,6 +55,7 @@ describe 'apt::source', :type => :define do
        'key_source'        => 'http://apt.puppetlabs.com/pubkey.gpg',
        'pin'               => '10',
        'architecture'      => 'x86_64',
+        'trusted'           => true,
      }
    end

@ -64,7 +65,7 @@ describe 'apt::source', :type => :define do
      'owner'  => 'root',
      'group'  => 'root',
      'mode'   => '0644',
-    }).with_content(/#file generated by puppet\n# foo\ndeb \[arch=x86_64\] http:\/\/debian\.mirror\.iweb\.ca\/debian\/ sid testing\n/).without_content(/deb-src/)
+    }).with_content(/#file generated by puppet\n# foo\ndeb \[arch=x86_64 trusted=yes\] http:\/\/debian\.mirror\.iweb\.ca\/debian\/ sid testing\n/).without_content(/deb-src/)
    }

    it { is_expected.to contain_apt__pin('my_source').that_comes_before('File[my_source.list]').with({
@ -93,6 +94,56 @@ describe 'apt::source', :type => :define do
    }
  end

+  context 'trusted true' do
+    let :facts do
+      {
+        :lsbdistid       => 'Debian',
+        :lsbdistcodename => 'wheezy',
+        :osfamily        => 'Debian'
+      }
+    end
+    let :params do
+      {
+        'include_src' => false,
+        'trusted'     => true,
+      }
+    end
+
+    it { is_expected.to contain_file('my_source.list').that_notifies('Exec[apt_update]').with({
+      'ensure' => 'present',
+      'path'   => '/etc/apt/sources.list.d/my_source.list',
+      'owner'  => 'root',
+      'group'  => 'root',
+      'mode'   => '0644',
+    }).with_content(/#file generated by puppet\n# my_source\ndeb \[trusted=yes\]  wheezy main\n/)
+    }
+  end
+
+  context 'architecture equals x86_64' do
+    let :facts do
+      {
+        :lsbdistid       => 'Debian',
+        :lsbdistcodename => 'wheezy',
+        :osfamily        => 'Debian'
+      }
+    end
+    let :params do
+      {
+        'include_deb'  => false,
+        'architecture' => 'x86_64',
+      }
+    end
+
+    it { is_expected.to contain_file('my_source.list').that_notifies('Exec[apt_update]').with({
+      'ensure' => 'present',
+      'path'   => '/etc/apt/sources.list.d/my_source.list',
+      'owner'  => 'root',
+      'group'  => 'root',
+      'mode'   => '0644',
+    }).with_content(/#file generated by puppet\n# my_source\ndeb-src \[arch=x86_64 \]  wheezy main\n/)
+    }
+  end
+ 
  context 'ensure => absent' do
    let :facts do
      {
--- a/templates/source.list.erb
+++ b/templates/source.list.erb
@ -1,8 +1,12 @@
 #file generated by puppet
 # <%= @comment %>
 <%- if @include_deb then -%>
-deb <% if @architecture %>[arch=<%= @architecture %>] <% end %><%= @location %> <%= @release_real %> <%= @repos %>
+deb <%- if @architecture or @trusted -%>
+[<%- if @architecture %>arch=<%= @architecture %> <% end %><% if @trusted %>trusted=yes<% end -%>
+] <%- end %><%= @location %> <%= @release_real %> <%= @repos %>
 <%- end -%>
 <%- if @include_src then -%>
-deb-src <% if @architecture %>[arch=<%= @architecture %>] <% end %><%= @location %> <%= @release_real %> <%= @repos %>
+deb-src <%- if @architecture or @trusted -%>
+[<%- if @architecture %>arch=<%= @architecture %> <% end %><% if @trusted %>trusted=yes<% end -%>
+] <%- end %><%= @location %> <%= @release_real %> <%= @repos %>
 <%- end -%>