Merge pull request #1041 from puppetlabs/pr-1029-manage_gpgkey_with_aptkeyring

MODULES-11639: Review PR #1029 for puppetlabs-docker

Author: span786

REFERENCE.md

@@ -177,12 +177,12 @@ The following parameters are available in the `docker` class:
 * [`docker_ce_cli_package_name`](#-docker--docker_ce_cli_package_name)
 * [`docker_ce_source_location`](#-docker--docker_ce_source_location)
 * [`docker_ce_key_source`](#-docker--docker_ce_key_source)
-* [`docker_ce_key_id`](#-docker--docker_ce_key_id)
 * [`docker_ce_release`](#-docker--docker_ce_release)
 * [`docker_package_location`](#-docker--docker_package_location)
 * [`docker_package_key_source`](#-docker--docker_package_key_source)
+* [`docker_package_key_name`](#-docker--docker_package_key_name)
+* [`docker_package_key_path`](#-docker--docker_package_key_path)
 * [`docker_package_key_check_source`](#-docker--docker_package_key_check_source)
-* [`docker_package_key_id`](#-docker--docker_package_key_id)
 * [`docker_package_release`](#-docker--docker_package_release)
 * [`docker_engine_start_command`](#-docker--docker_engine_start_command)
 * [`docker_engine_package_name`](#-docker--docker_engine_package_name)
@@ -191,7 +191,6 @@ The following parameters are available in the `docker` class:
 * [`docker_ee_package_name`](#-docker--docker_ee_package_name)
 * [`docker_ee_source_location`](#-docker--docker_ee_source_location)
 * [`docker_ee_key_source`](#-docker--docker_ee_key_source)
-* [`docker_ee_key_id`](#-docker--docker_ee_key_id)
 * [`docker_ee_repos`](#-docker--docker_ee_repos)
 * [`docker_ee_release`](#-docker--docker_ee_release)
 * [`package_release`](#-docker--package_release)
@@ -955,14 +954,6 @@ Data type: `Optional[String]`
 
 Default value: `$docker::params::package_ce_key_source`
 
-##### <a name="-docker--docker_ce_key_id"></a>`docker_ce_key_id`
-
-Data type: `Optional[String]`
-
-
-
-Default value: `$docker::params::package_ce_key_id`
-
 ##### <a name="-docker--docker_ce_release"></a>`docker_ce_release`
 
 Data type: `Optional[String]`
@@ -987,21 +978,29 @@ Data type: `Optional[String]`
 
 Default value: `$docker::params::package_key_source`
 
-##### <a name="-docker--docker_package_key_check_source"></a>`docker_package_key_check_source`
+##### <a name="-docker--docker_package_key_name"></a>`docker_package_key_name`
 
-Data type: `Optional[Boolean]`
+Data type: `Optional[String]`
 
 
 
-Default value: `$docker::params::package_key_check_source`
+Default value: `$docker::params::package_key_name`
 
-##### <a name="-docker--docker_package_key_id"></a>`docker_package_key_id`
+##### <a name="-docker--docker_package_key_path"></a>`docker_package_key_path`
+
+Data type: `Optional[Stdlib::Absolutepath]`
 
-Data type: `Optional[String]`
 
 
+Default value: `$docker::params::package_key_path`
 
-Default value: `$docker::params::package_key_id`
+##### <a name="-docker--docker_package_key_check_source"></a>`docker_package_key_check_source`
+
+Data type: `Optional[Boolean]`
+
+
+
+Default value: `$docker::params::package_key_check_source`
 
 ##### <a name="-docker--docker_package_release"></a>`docker_package_release`
 
@@ -1067,14 +1066,6 @@ Data type: `Optional[String]`
 
 Default value: `$docker::params::package_ee_key_source`
 
-##### <a name="-docker--docker_ee_key_id"></a>`docker_ee_key_id`
-
-Data type: `Optional[String]`
-
-
-
-Default value: `$docker::params::package_ee_key_id`
-
 ##### <a name="-docker--docker_ee_repos"></a>`docker_ee_repos`
 
 Data type: `Optional[String]`

manifests/init.pp

@@ -315,6 +315,8 @@
 # @param docker_ce_release
 # @param docker_package_location
 # @param docker_package_key_source
+# @param docker_package_key_name
+# @param docker_package_key_path
 # @param docker_package_key_check_source
 # @param docker_package_release
 # @param docker_engine_start_command
@@ -359,6 +361,8 @@
   Optional[String]                        $docker_ce_release                 = $docker::params::package_ce_release,
   Optional[String]                        $docker_package_location           = $docker::params::package_source_location,
   Optional[String]                        $docker_package_key_source         = $docker::params::package_key_source,
+  Optional[String]                        $docker_package_key_name           = $docker::params::package_key_name,
+  Optional[Stdlib::Absolutepath]          $docker_package_key_path           = $docker::params::package_key_path,
   Optional[Boolean]                       $docker_package_key_check_source   = $docker::params::package_key_check_source,
   Optional[String]                        $docker_package_release            = $docker::params::package_release,
   String                                  $docker_engine_start_command       = $docker::params::docker_engine_start_command,
@@ -544,6 +548,8 @@
       $package_location         = $docker::docker_ee_source_location
       $package_key_source       = $docker::docker_ee_key_source
       $package_key_check_source = $docker_package_key_check_source
+      $package_key_name         = $docker_package_key_name
+      $package_key_path         = $docker_package_key_path
       $package_repos            = $docker::docker_ee_repos
       $release                  = $docker::docker_ee_release
       $docker_start_command     = $docker::docker_ee_start_command
@@ -553,6 +559,8 @@
         'Debian' : {
           $package_location   = $docker_ce_source_location
           $package_key_source = $docker_ce_key_source
+          $package_key_name   = $docker_package_key_name
+          $package_key_path   = $docker_package_key_path
           $package_repos      = $docker_ce_channel
           $release            = $docker_ce_release
         }
@@ -580,6 +588,8 @@
         $package_location         = $docker_package_location
         $package_key_source       = $docker_package_key_source
         $package_key_check_source = $docker_package_key_check_source
+        $package_key_name         = $docker_package_key_name
+        $package_key_path         = $docker_package_key_path
         $package_repos            = 'main'
         $release                  = $docker_package_release
       }

manifests/params.pp

@@ -169,6 +169,8 @@
       }
       $package_source_location       = 'http://apt.dockerproject.org/repo'
       $package_key_source            = 'https://apt.dockerproject.org/gpg'
+      $package_key_name              = 'docker.asc'
+      $package_key_path              = '/usr/share/keyrings'
       $package_key_check_source      = undef
       $package_ee_source_location    = $docker_ee_source_location
       $package_ee_key_source         = $docker_ee_key_source
@@ -212,6 +214,8 @@
       $package_ee_source_location  = $docker_ee_source_location
       $package_key_check_source    = true
       $package_key_source          = 'https://yum.dockerproject.org/gpg'
+      $package_key_name            = undef
+      $package_key_path            = undef
       $package_release             = undef
       $package_source_location     = "https://yum.dockerproject.org/repo/main/centos/${facts['os']['release']['major']}"
       $pin_upstream_package_source = undef
@@ -241,6 +245,8 @@
       $package_source_location             = undef
       $package_key_source                  = undef
       $package_key_check_source            = undef
+      $package_key_name                    = undef
+      $package_key_path                    = undef
       $package_ee_source_location          = undef
       $package_ee_package_name             = $docker_ee_package_name
       $package_ee_key_source               = undef
@@ -268,6 +274,8 @@
       $socket_group                        = $socket_group_default
       $package_key_source                  = undef
       $package_key_check_source            = undef
+      $package_key_name                    = undef
+      $package_key_path                    = undef
       $package_source_location             = undef
       $package_repos                       = undef
       $package_release                     = undef
@@ -305,6 +313,8 @@
       $socket_group                        = $socket_group_default
       $package_key_source                  = undef
       $package_key_check_source            = undef
+      $package_key_name                    = undef
+      $package_key_path                    = undef
       $package_source_location             = undef
       $package_repos                       = undef
       $package_release                     = undef

manifests/repos.pp

@@ -20,20 +20,27 @@
     'Debian': {
       $release       = $docker::release
       $package_repos = $docker::package_repos
+      $key_name      = $docker::package_key_name
+      $key_path      = $docker::package_key_path
 
       if ($docker::use_upstream_package_source) {
+        apt::keyring { $key_name:
+          ensure => present,
+          source => $key_source,
+          dir    => $key_path,
+        }
+
         apt::source { 'docker':
+          ensure       => present,
           location     => $location,
           architecture => $architecture,
           release      => $release,
           repos        => $package_repos,
-          key          => {
-            name   => 'docker.asc',
-            source => $key_source,
-          },
           include      => {
             src => false,
           },
+          keyring      => "${key_path}/${key_name}",
+          require      => Apt::Keyring[$key_name],
         }
 
         $url_split  = split($location, '/')

spec/classes/init_spec.rb

@@ -105,6 +105,8 @@
             'docker_package_key_check_source' => defaults['package_key_check_source'],
             'docker_package_key_source' => defaults['package_key_source'],
             'docker_package_location' => defaults['package_source_location'],
+            'docker_package_key_name' => defaults['package_key_name'],
+            'docker_package_key_path' => defaults['package_key_path'],
             'docker_package_release' => defaults['package_release'],
             'docker_users' => [],
             'ensure' => defaults['package_ensure'],

spec/helper/get_defaults.rb

@@ -28,7 +28,6 @@ def get_defaults(_facts)
   docker_ce_start_command           = 'dockerd'
   docker_command                    = 'docker'
   docker_ee                         = false
-  docker_ee_key_id                  = :undef
   docker_ee_key_source              = :undef
   docker_ee_repos                   = 'stable'
   docker_ee_source_location         = :undef
@@ -130,19 +129,18 @@ def get_defaults(_facts)
     storage_setup_file            = :undef
     use_upstream_package_source   = true
 
-    package_ce_key_id             = '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
     package_ce_key_source         = "https://download.docker.com/linux/#{os_lc}/gpg"
     package_ce_release            = _facts[:os]['distro']['codename']
     package_ce_source_location    = "https://download.docker.com/linux/#{os_lc}"
-    package_ee_key_id             = docker_ee_key_id
     package_ee_key_source         = docker_ee_key_source
     package_ee_package_name       = docker_ee_package_name
     package_ee_release            = _facts[:os]['distro']['codename']
     package_ee_repos              = docker_ee_repos
     package_ee_source_location    = docker_ee_source_location
     package_key_check_source      = :undef
-    package_key_id                = '58118E89F3A912897C070ADBF76221572C52609D'
     package_key_source            = 'https://apt.dockerproject.org/gpg'
+    package_key_name              = 'docker.asc'
+    package_key_path              = '/usr/share/keyrings'
     package_source_location       = 'http://apt.dockerproject.org/repo'
 
     detach_service_in_init = service_provider != 'systemd'
@@ -162,19 +160,18 @@ def get_defaults(_facts)
 
     apt_source_pin_level        = :undef
     detach_service_in_init      = false
-    package_ce_key_id           = :undef
     package_ce_key_source       = 'https://download.docker.com/linux/centos/gpg'
     package_ce_release          = :undef
     package_ce_source_location  = "https://download.docker.com/linux/centos/#{_facts[:os]['release']['major']}/#{_facts[:os]['architecture']}/#{docker_ce_channel}"
-    package_ee_key_id           = docker_ee_key_id
     package_ee_key_source       = docker_ee_key_source
     package_ee_package_name     = docker_ee_package_name
     package_ee_release          = :undef
     package_ee_repos            = docker_ee_repos
     package_ee_source_location  = docker_ee_source_location
     package_key_check_source    = true
-    package_key_id              = :undef
     package_key_source          = 'https://yum.dockerproject.org/gpg'
+    package_key_name            = :undef
+    package_key_path            = :undef
     package_release             = :undef
     package_source_location     = "https://yum.dockerproject.org/repo/main/centos/#{_facts[:os]['release']['major']}"
     pin_upstream_package_source = :undef
@@ -203,18 +200,17 @@ def get_defaults(_facts)
     docker_group                        = 'docker'
     package_ce_source_location          = :undef
     package_ce_key_source               = :undef
-    package_ce_key_id                   = :undef
     package_ce_repos                    = :undef
     package_ce_release                  = :undef
-    package_key_id                      = :undef
     package_release                     = :undef
     package_source_location             = :undef
     package_key_source                  = :undef
     package_key_check_source            = :undef
+    package_key_name                    = :undef
+    package_key_path                    = :undef
     package_ee_source_location          = :undef
     package_ee_package_name             = docker_ee_package_name
     package_ee_key_source               = :undef
-    package_ee_key_id                   = :undef
     package_ee_repos                    = :undef
     package_ee_release                  = :undef
     use_upstream_package_source         = :undef
@@ -238,18 +234,17 @@ def get_defaults(_facts)
     socket_group                        = socket_group_default
     package_key_source                  = :undef
     package_key_check_source            = :undef
+    package_key_name                    = :undef
+    package_key_path                    = :undef
     package_source_location             = :undef
-    package_key_id                      = :undef
     package_repos                       = :undef
     package_release                     = :undef
     package_ce_key_source               = :undef
     package_ce_source_location          = :undef
-    package_ce_key_id                   = :undef
     package_ce_repos                    = :undef
     package_ce_release                  = :undef
     package_ee_source_location          = :undef
     package_ee_key_source               = :undef
-    package_ee_key_id                   = :undef
     package_ee_release                  = :undef
     package_ee_repos                    = :undef
     package_ee_package_name             = :undef
@@ -277,18 +272,17 @@ def get_defaults(_facts)
     socket_group                        = socket_group_default
     package_key_source                  = :undef
     package_key_check_source            = :undef
+    package_key_name                    = :undef
+    package_key_path                    = :undef
     package_source_location             = :undef
-    package_key_id                      = :undef
     package_repos                       = :undef
     package_release                     = :undef
     package_ce_key_source               = :undef
     package_ce_source_location          = :undef
-    package_ce_key_id                   = :undef
     package_ce_repos                    = :undef
     package_ce_release                  = :undef
     package_ee_source_location          = :undef
     package_ee_key_source               = :undef
-    package_ee_key_id                   = :undef
     package_ee_release                  = :undef
     package_ee_repos                    = :undef
     package_ee_package_name             = :undef
@@ -363,7 +357,6 @@ def get_defaults(_facts)
     'docker_ce_start_command' => docker_ce_start_command,
     'docker_command' => docker_command,
     'docker_ee' => docker_ee,
-    'docker_ee_key_id' => docker_ee_key_id,
     'docker_ee_key_source' => docker_ee_key_source,
     'docker_ee_package_name' => docker_ee_package_name,
     'docker_ee_repos' => docker_ee_repos,
@@ -399,21 +392,20 @@ def get_defaults(_facts)
     'nuget_package_provider_version' => nuget_package_provider_version,
     'os_lc' => os_lc,
     'overlay2_override_kernel_check' => overlay2_override_kernel_check,
-    'package_ce_key_id' => package_ce_key_id,
     'package_ce_key_source' => package_ce_key_source,
     'package_ce_release' => package_ce_release,
     'package_ce_repos' => package_ce_repos,
     'package_ce_source_location' => package_ce_source_location,
-    'package_ee_key_id' => package_ee_key_id,
     'package_ee_key_source' => package_ee_key_source,
     'package_ee_package_name' => package_ee_package_name,
     'package_ee_release' => package_ee_release,
     'package_ee_repos' => package_ee_repos,
     'package_ee_source_location' => package_ee_source_location,
     'package_ensure' => package_ensure,
     'package_key_check_source' => package_key_check_source,
-    'package_key_id' => package_key_id,
     'package_key_source' => package_key_source,
+    'package_key_name' => package_key_name,
+    'package_key_path' => package_key_path,
     'package_name' => package_name,
     'package_release' => package_release,
     'package_repos' => package_repos,