From 8f4da7ce253645395e26b6c9dc9a0d7853e71a6f Mon Sep 17 00:00:00 2001
From: Eimhin Laverty <eimhin.laverty@puppet.com>
Date: Thu, 20 Sep 2018 09:29:58 +0100
Subject: [PATCH]  Additional modifications

---
 lib/puppet/provider/apt_key/apt_key.rb   | 56 +++++++++---------------
 spec/acceptance/apt_key_provider_spec.rb | 36 ++++++++-------
 2 files changed, 40 insertions(+), 52 deletions(-)

diff --git a/lib/puppet/provider/apt_key/apt_key.rb b/lib/puppet/provider/apt_key/apt_key.rb
index 5e6b3835a7..3ccc97cf1a 100644
--- a/lib/puppet/provider/apt_key/apt_key.rb
+++ b/lib/puppet/provider/apt_key/apt_key.rb
@@ -53,21 +53,6 @@ def self.instances
 
       if line_hash[:key_expiry]
         expired = Time.now >= line_hash[:key_expiry]
-        # Return without doing anything if expired is false
-        return unless (resource[:refresh] == true && resource[:expired] == true) 
-        # Execute command to update key
-        command = []
-        if resource[:source].nil? && resource[:content].nil?
-          # Breaking up the command like this is needed because it blows up
-          # if --recv-keys isn't the last argument.
-          command.push('adv', '--keyserver', resource[:server])
-          unless resource[:options].nil?
-            command.push('--keyserver-options', resource[:options])
-          end
-          command.push('--recv-keys', resource[:id])
-        else
-          raise(_('an unexpected condition occurred while trying to add the key: %{_resource}') % { _resource: resource[:id] })
-        end
       end
 
       new(
@@ -86,26 +71,7 @@ def self.instances
     end
     key_array.compact!
   end
-
-  # # Update a key if it is expired
-  # def update_expired_key
-  #   # Return without doing anything if expired is false
-  #   return unless (resource[:refresh] == true && resource[:expired] == true) 
-  #   # Execute command to update key
-  #   command = []
-  #   if resource[:source].nil? && resource[:content].nil?
-  #     # Breaking up the command like this is needed because it blows up
-  #     # if --recv-keys isn't the last argument.
-  #     command.push('adv', '--keyserver', resource[:server])
-  #     unless resource[:options].nil?
-  #       command.push('--keyserver-options', resource[:options])
-  #     end
-  #     command.push('--recv-keys', resource[:id])
-  #   else
-  #     raise(_('an unexpected condition occurred while trying to add the key: %{_resource}') % { _resource: resource[:id] })
-  #   end
-  # end
-
+  
   def self.prefetch(resources)
     apt_keys = instances
     resources.each_key do |name|
@@ -213,7 +179,27 @@ def tempfile(content)
     file
   end
 
+  # Update a key if it is expired
+  def update_expired_key
+    # Return without doing anything if expired is false
+    return unless (resource[:refresh] == true && resource[:expired] == true) 
+    # Execute command to update key
+    command = []
+    if resource[:source].nil? && resource[:content].nil?
+      # Breaking up the command like this is needed because it blows up
+      # if --recv-keys isn't the last argument.
+      command.push('adv', '--keyserver', resource[:server])
+      unless resource[:options].nil?
+        command.push('--keyserver-options', resource[:options])
+      end
+      command.push('--recv-keys', resource[:id])
+    else
+      raise(_('an unexpected condition occurred while trying to add the key: %{_resource}') % { _resource: resource[:id] })
+    end
+  end
+
   def exists?
+    update_expired_key()
     # report expired keys as non-existing when refresh => true
     @property_hash[:ensure] == :present  && !(resource[:refresh] && @property_hash[:expired])
   end
diff --git a/spec/acceptance/apt_key_provider_spec.rb b/spec/acceptance/apt_key_provider_spec.rb
index 090d56dd8b..686014e0a9 100644
--- a/spec/acceptance/apt_key_provider_spec.rb
+++ b/spec/acceptance/apt_key_provider_spec.rb
@@ -12,12 +12,12 @@
 CENTOS_GPG_KEY_FILE            = 'RPM-GPG-KEY-CentOS-6'.freeze
 PUPPETLABS_EXP_KEY_SHORT_ID    = '4BD6EC30'
 PUPPETLABS_EXP_KEY_LONG_ID     = "47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30"
-PUPPETLABS_EXP_KEY_DATES       = ":2010-07-10:2017-01-05:"
+PUPPETLABS_EXP_KEY_DATES       = "pub:e:4096:1:1054B7A24BD6EC30:2010-07-10:2017-01-05::-:Puppet Labs Release Key"
 SHOULD_NEVER_EXIST_ID          = 'EF8D349F'.freeze
 KEY_CHECK_COMMAND              = 'apt-key adv --list-keys --with-colons --fingerprint | grep '.freeze
 PUPPETLABS_KEY_CHECK_COMMAND   = "#{KEY_CHECK_COMMAND} #{PUPPETLABS_GPG_KEY_FINGERPRINT}".freeze
 CENTOS_KEY_CHECK_COMMAND       = "#{KEY_CHECK_COMMAND} #{CENTOS_GPG_KEY_FINGERPRINT}".freeze
-PUPPETLABS_EXP_CHECK_COMMAND   = "#{KEY_CHECK_COMMAND} :#{PUPPETLABS_EXP_KEY_LONG_ID}:"
+PUPPETLABS_EXP_CHECK_COMMAND   = "#{KEY_CHECK_COMMAND} '#{PUPPETLABS_EXP_KEY_DATES}'".freeze
 TIMEOUT_ERROR_MATCHER          = /no valid OpenPGP data found/
 
 def populate_default_options_pp(value)
@@ -66,7 +66,7 @@ def apply_manifest_twice(manifest_pp)
   MANIFEST
 
 refresh_pp = <<-MANIFEST
-        apt_key { 'puppetlabs':
+        apt_key { '#{PUPPETLABS_EXP_KEY_LONG_ID}':
           id      => '#{PUPPETLABS_EXP_KEY_LONG_ID}',
           ensure  => 'present',
           content => '-----BEGIN PGP PUBLIC KEY BLOCK-----
@@ -632,7 +632,7 @@ def apply_manifest_twice(manifest_pp)
   MANIFEST
 
 refresh_true_pp = <<-MANIFEST
-        apt_key { 'puppetlabs':
+        apt_key { '#{PUPPETLABS_EXP_KEY_LONG_ID}':
           id      => '#{PUPPETLABS_EXP_KEY_LONG_ID}',
           ensure  => 'present',
           refresh => true,
@@ -640,13 +640,19 @@ def apply_manifest_twice(manifest_pp)
   MANIFEST
 
 refresh_false_pp = <<-MANIFEST
-        apt_key { 'puppetlabs':
+        apt_key { '#{PUPPETLABS_EXP_KEY_LONG_ID}':
           id      => '#{PUPPETLABS_EXP_KEY_LONG_ID}',
           ensure  => 'present',
           refresh => false,
         }
 MANIFEST
 
+refresh_del_key_pp = <<-MANIFEST
+        apt_key { '#{PUPPETLABS_EXP_KEY_LONG_ID}':       
+          ensure  => 'absent',        
+        }
+MANIFEST
+
 describe 'apt_key' do
   before(:each) do
     # Delete twice to make sure everything is cleaned
@@ -930,30 +936,26 @@ def apply_manifest_twice(manifest_pp)
       end
     end
   end
-
+  
   describe 'refresh' do
     before(:each) do
       # delete the Puppet Labs Release Key
       # and install an expired version of the key
-      shell("apt-key del #{PUPPETLABS_EXP_KEY_SHORT_ID}",
-          :acceptable_exit_codes => [0,1,2])
+      apply_manifest(refresh_del_key_pp)
       apply_manifest(refresh_pp, :catch_failures => true)
-      shell("#{PUPPETLABS_EXP_CHECK_COMMAND}")
     end
     context 'when refresh => true' do
       it 'updates an expired key' do
-          apply_manifest_twice(refresh_true_pp)
-          # Key is present
-          shell("#{PUPPETLABS_EXP_CHECK_COMMAND}")
-          # And has been updated by a new version
-          shell("#{PUPPETLABS_EXP_CHECK_COMMAND} | grep #{PUPPETLABS_EXP_KEY_DATES}", :acceptable_exit_codes => [1])
+        apply_manifest(refresh_true_pp)
+        # Check key has been updated to new version
+        shell("#{PUPPETLABS_EXP_CHECK_COMMAND} | grep \"#{PUPPETLABS_EXP_KEY_DATES}\"", :acceptable_exit_codes => [0])
       end
     end
     context 'when refresh => false' do
       it 'does not replace an expired key' do
-          apply_manifest_twice(refresh_false_pp)
-          # Expired key is present and has not been updated by the new version
-          shell("#{PUPPETLABS_EXP_CHECK_COMMAND} | grep #{PUPPETLABS_EXP_KEY_DATES}")
+        apply_manifest(refresh_false_pp)
+        # Expired key is present and has not been updated by the new version
+        shell("#{PUPPETLABS_EXP_CHECK_COMMAND} | grep \"#{PUPPETLABS_EXP_KEY_DATES}\"", :acceptable_exit_codes => [1])
       end
     end
   end