Add parameters to apt::source to avoid requiring an internet connexion

Signed-off-by: Cedric Couralet <cedric.couralet@insee.fr>
voxpupuli · Feb 22, 2021 · 9e717f3 · 9e717f3
1 parent 0868ca0
commit 9e717f3
Show file tree

Hide file tree

Showing 4 changed files with 100 additions and 22 deletions.
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -167,6 +167,33 @@ Data type: `Optional[Stdlib::Fqdn]`
 
 The keyserver which should be used to get the repository key.
 
+Default value: `undef`
+
+##### `repo_keycontent`
+
+Data type: `Optional[String]`
+
+The key content to use, useful when internet connexion is not available.
+
+Default value: `undef`
+
+##### `repo_keysource`
+
+Data type: `Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]`
+
+The key source to use, useful when internet connexion is not available and you want to use 
+an internal source.
+
+Default value: `undef`
+
+##### `repo_keyweak_ssl`
+
+Data type: `Boolean`
+
+Specifies whether strict SSL verification on a https URL should be disabled when fetching the key. 
+Valid options: true or false.
+
+
 Default value: `undef`
 
 ##### `config_path`

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -43,27 +43,37 @@
 #   The base repository url.
 # @param repo_keyserver
 #   The keyserver which should be used to get the repository key.
+# @param repo_keycontent
+#   Supplies the entire GPG key. Useful in case the key can't be fetched from a remote location and using a file resource is inconvenient.
+# @param repo_keysource
+#   Specifies the location of an existing GPG key file to copy. Valid options: a string containing a URL (ftp://, http://, or https://) or 
+#   an absolute path.
+# @param repo_keyweak_ssl
+#    Specifies whether strict SSL verification on a https URL should be disabled. Valid options: true or false.
 # @param config_path
 #   The path to the config file of Gitlab runner.
 #
 class gitlab_ci_runner (
-  String                     $xz_package_name, # Defaults in module hieradata
-  Hash                       $runners                  = {},
-  Hash                       $runner_defaults          = {},
-  Optional[Integer]          $concurrent               = undef,
-  Optional[Integer]          $check_interval           = undef,
-  Optional[String]           $builds_dir               = undef,
-  Optional[String]           $cache_dir                = undef,
-  Optional[Pattern[/.*:.+/]] $metrics_server           = undef,
-  Optional[Pattern[/.*:.+/]] $listen_address           = undef,
-  Optional[String]           $sentry_dsn               = undef,
-  Boolean                    $manage_docker            = false,
-  Boolean                    $manage_repo              = true,
-  String                     $package_ensure           = installed,
-  String                     $package_name             = 'gitlab-runner',
-  Stdlib::HTTPUrl            $repo_base_url            = 'https://packages.gitlab.com',
-  Optional[Stdlib::Fqdn]     $repo_keyserver           = undef,
-  String                     $config_path              = '/etc/gitlab-runner/config.toml',
+  String                                                      $xz_package_name, # Defaults in module hieradata
+  Hash                                                        $runners                  = {},
+  Hash                                                        $runner_defaults          = {},
+  Optional[Integer]                                           $concurrent               = undef,
+  Optional[Integer]                                           $check_interval           = undef,
+  Optional[String]                                            $builds_dir               = undef,
+  Optional[String]                                            $cache_dir                = undef,
+  Optional[Pattern[/.*:.+/]]                                  $metrics_server           = undef,
+  Optional[Pattern[/.*:.+/]]                                  $listen_address           = undef,
+  Optional[String]                                            $sentry_dsn               = undef,
+  Boolean                                                     $manage_docker            = false,
+  Boolean                                                     $manage_repo              = true,
+  String                                                      $package_ensure           = installed,
+  String                                                      $package_name             = 'gitlab-runner',
+  Stdlib::HTTPUrl                                             $repo_base_url            = 'https://packages.gitlab.com',
+  Optional[Stdlib::Fqdn]                                      $repo_keyserver           = undef,
+  Optional[String]                                            $repo_keycontent          = undef,
+  Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $repo_keysource           = undef,
+  Boolean                                                     $repo_keyweak_ssl         = false,
+  String                                                      $config_path              = '/etc/gitlab-runner/config.toml',
 ) {
   if $manage_docker {
     # workaround for cirunner issue #1617

diff --git a/manifests/repo.pp b/manifests/repo.pp
@@ -3,9 +3,13 @@
 # @api private
 #
 class gitlab_ci_runner::repo (
-  $repo_base_url  = $gitlab_ci_runner::repo_base_url,
-  $repo_keyserver = $gitlab_ci_runner::repo_keyserver,
-  $package_name   = $gitlab_ci_runner::package_name,
+  $repo_base_url        = $gitlab_ci_runner::repo_base_url,
+  $repo_keyserver       = $gitlab_ci_runner::repo_keyserver,
+  $repo_keyid           = $gitlab_ci_runner::repo_keyid,
+  $repo_keycontent      = $gitlab_ci_runner::repo_keycontent,
+  $repo_keysource       = $gitlab_ci_runner::repo_keysource,
+  $repo_keyweak_ssl     = $gitlab_ci_runner::repo_keyweak_ssl,
+  $package_name         = $gitlab_ci_runner::package_name,
 ) {
   assert_private()
   case $facts['os']['family'] {
@@ -15,8 +19,11 @@
         location => "${repo_base_url}/runner/${package_name}/${facts['os']['distro']['id'].downcase}/",
         repos    => 'main',
         key      => {
-          'id'     => 'F6403F6544A38863DAA0B6E03F01618A51312F3F',
-          'server' => $repo_keyserver,
+          'id'       => 'F6403F6544A38863DAA0B6E03F01618A51312F3F',
+          'server'   => $repo_keyserver,
+          'content'  => $repo_keycontent,
+          'source'   => $repo_keysource,
+          'weak_ssl' => $repo_keyweak_ssl,
         },
         include  => {
           'src' => false,

diff --git a/spec/classes/gitlab_ci_runner_spec.rb b/spec/classes/gitlab_ci_runner_spec.rb
@@ -298,6 +298,40 @@
           end
         end
       end
+      if facts[:os]['family'] == 'Debian'
+        context 'with manage_repo => true and repo_keysource => http://path.to/gpg.key' do
+          let(:params) do
+            super().merge(
+              manage_repo: true,
+              repo_keysource: 'http://path.to/gpg.key'
+            )
+          end
+
+          it { is_expected.to compile }
+          it { is_expected.to contain_class('gitlab_ci_runner::repo') }
+
+          it do
+            is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', 'source' => 'http://path.to/gpg.key')
+          end
+        end
+      end
+      if facts[:os]['family'] == 'Debian'
+        context 'with manage_repo => true and repo_keycontent => "somebase64encodedContent"' do
+          let(:params) do
+            super().merge(
+              manage_repo: true,
+              repo_keycontent: 'somebase64encodedContent'
+            )
+          end
+
+          it { is_expected.to compile }
+          it { is_expected.to contain_class('gitlab_ci_runner::repo') }
+
+          it do
+            is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', 'content' => 'somebase64encodedContent')
+          end
+        end
+      end
     end
   end
 end