Convert apt::key to use anchors

Previously, apt::key used a noop exec hack to do exactly what anchors were
intended to be used for. This commit removes the exec hack and achieves the
same end using Anchor resources from the puppetlabs/stdlib module.

manifests/key.pp

@@ -26,21 +26,22 @@ define apt::key (
   # apt::source resources that all reference the same key.
   case $ensure {
     present: {
+
+      anchor { "apt::key/$title":; }
+
       if defined(Exec["apt::key $key absent"]) {
         fail ("Cannot ensure Apt::Key[$key] present; $key already ensured absent")
-      } elsif !defined(Exec["apt::key $key present"]) {
-        # this is a marker to ensure we don't simultaneously define a key
-        # ensure => absent AND ensure => present
-        exec { "apt::key $key present":
-          path   => "/",
-          onlyif => "/bin/false",
-          noop   => true;
-        }
       }
+
+      if !defined(Anchor["apt::key $key present"]) {
+        anchor { "apt::key $key present":; }
+      }
+
       if !defined(Exec[$digest]) {
         exec { $digest:
           path    => "/bin:/usr/bin",
           unless  => "/usr/bin/apt-key list | /bin/grep '${key}'",
+          before  => Anchor["apt::key $key present"],
           command => $method ? {
             "content" => "echo '${key_content}' | /usr/bin/apt-key add -",
             "source"  => "wget -q '${key_source}' -O- | apt-key add -",
@@ -48,11 +49,16 @@ define apt::key (
           };
         }
       }
+
+      Anchor["apt::key $key present"] -> Anchor["apt::key/$title"]
+
     }
     absent: {
-      if defined(Exec["apt::key $key present"]) {
+
+      if defined(Anchor["apt::key $key present"]) {
         fail ("Cannot ensure Apt::Key[$key] absent; $key already ensured present")
       }
+
       exec { "apt::key $key absent":
         path    => "/bin:/usr/bin",
         onlyif  => "apt-key list | grep '$key'",
@@ -61,6 +67,7 @@ define apt::key (
         group   => "root",
       }
     }
+
     default: {
       fail "Invalid 'ensure' value '$ensure' for aptkey"
     }

spec/defines/key_spec.rb

@@ -57,13 +57,13 @@ describe 'apt::key', :type => :define do
       it {
         if [:present, 'present'].include? param_hash[:ensure]
           should_not contain_exec("apt::key #{param_hash[:key]} absent")
-          should contain_exec("apt::key #{param_hash[:key]} present")
+          should contain_anchor("apt::key #{param_hash[:key]} present")
           should contain_exec(digest).with({
             "path"    => "/bin:/usr/bin",
             "unless"  => "/usr/bin/apt-key list | /bin/grep '#{param_hash[:key]}'"
           })
         elsif [:absent, 'absent'].include? param_hash[:ensure]
-          should_not contain_exec("apt::key #{param_hash[:key]} present")
+          should_not contain_anchor("apt::key #{param_hash[:key]} present")
           should contain_exec("apt::key #{param_hash[:key]} absent").with({
             "path"    => "/bin:/usr/bin",
             "onlyif"  => "apt-key list | grep '#{param_hash[:key]}'",
@@ -93,22 +93,29 @@ describe 'apt::key', :type => :define do
       }
 
     end
+  end
 
+  [{ :ensure => 'present' }, { :ensure => 'absent' }].each do |param_set|
     describe "should correctly handle duplicate definitions" do
+
       let :pre_condition do
-        "apt::key { 'duplicate': key => '#{params[:key]}'; }"
+        "apt::key { 'duplicate': key => '#{title}'; }"
       end
 
+      let(:params) { param_set }
+
       it {
-        if [:present, 'present'].include? param_hash[:ensure]
+        if param_set[:ensure] == 'present'
-          should contain_exec("apt::key #{param_hash[:key]} present")
+          should contain_anchor("apt::key #{title} present")
-          should contain_apt__key("duplicate")
           should contain_apt__key(title)
-        elsif [:absent, 'absent'].include? params[:ensure]
+          should contain_apt__key("duplicate")
+        elsif param_set[:ensure] == 'absent'
           expect { should raise_error(Puppet::Error) }
         end
       }
 
     end
   end
+
 end
+