diff --git a/REFERENCE.md b/REFERENCE.md
index 8ee46d0..c99b025 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -220,6 +220,34 @@ The keyserver which should be used to get the repository key.
Default value: ``undef``
+##### `repo_keycontent`
+
+Data type: `Optional[String]`
+
+The key content to use, useful when internet connexion is not available.
+
+Default value: `undef`
+
+##### `repo_keysource`
+
+Data type: `Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]`
+
+The key source to use, useful when internet connexion is not available and you want to use
+an internal source.
+
+Default value: `undef`
+
+##### `repo_keyweak_ssl`
+
+Data type: `Boolean`
+
+Specifies whether strict SSL verification on a https URL should be disabled when fetching the key.
+Valid options: true or false.
+
+
+Default value: `undef`
+
+
##### `config_path`
Data type: `String`
diff --git a/manifests/init.pp b/manifests/init.pp
index a9d8955..7bff4fb 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -43,6 +43,13 @@
# The base repository url.
# @param repo_keyserver
# The keyserver which should be used to get the repository key.
+# @param repo_keycontent
+# Supplies the entire GPG key. Useful in case the key can't be fetched from a remote location and using a file resource is inconvenient.
+# @param repo_keysource
+# Specifies the location of an existing GPG key file to copy. Valid options: a string containing a URL (ftp://, http://, or https://) or
+# an absolute path.
+# @param repo_keyweak_ssl
+# Specifies whether strict SSL verification on a https URL should be disabled. Valid options: true or false.
# @param config_path
# The path to the config file of Gitlab runner.
# @param config_owner
@@ -74,30 +81,33 @@
# Using the CA file solves https://github.com/voxpupuli/puppet-gitlab_ci_runner/issues/124.
#
class gitlab_ci_runner (
- String $xz_package_name, # Defaults in module hieradata
- Hash $runners = {},
- Hash $runner_defaults = {},
- Optional[Integer] $concurrent = undef,
- Optional[Gitlab_ci_runner::Log_level] $log_level = undef,
- Optional[Gitlab_ci_runner::Log_format] $log_format = undef,
- Optional[Integer] $check_interval = undef,
- Optional[String] $sentry_dsn = undef,
- Optional[Pattern[/.*:.+/]] $listen_address = undef,
- Optional[Gitlab_ci_runner::Session_server] $session_server = undef,
- Boolean $manage_docker = false,
- Boolean $manage_repo = true,
- String $package_ensure = installed,
- String $package_name = 'gitlab-runner',
- Stdlib::HTTPUrl $repo_base_url = 'https://packages.gitlab.com',
- Optional[Gitlab_ci_runner::Keyserver] $repo_keyserver = undef,
- String $config_path = '/etc/gitlab-runner/config.toml',
- String[1] $config_owner = 'root',
- String[1] $config_group = 'root',
- Stdlib::Filemode $config_mode = '0444',
- Boolean $manage_config_dir = false,
- Optional[Stdlib::Filemode] $config_dir_mode = undef,
- Optional[Stdlib::HTTPUrl] $http_proxy = undef,
- Optional[Stdlib::Unixpath] $ca_file = undef,
+ String $xz_package_name, # Defaults in module hieradata
+ Hash $runners = {},
+ Hash $runner_defaults = {},
+ Optional[Integer] $concurrent = undef,
+ Optional[Integer] $check_interval = undef,
+ Optional[String] $builds_dir = undef,
+ Optional[String] $cache_dir = undef,
+ Optional[Pattern[/.*:.+/]] $metrics_server = undef,
+ Optional[Pattern[/.*:.+/]] $listen_address = undef,
+ Optional[String] $sentry_dsn = undef,
+ Boolean $manage_docker = false,
+ Boolean $manage_repo = true,
+ String $package_ensure = installed,
+ String $package_name = 'gitlab-runner',
+ Stdlib::HTTPUrl $repo_base_url = 'https://packages.gitlab.com',
+ Optional[Stdlib::Fqdn] $repo_keyserver = undef,
+ Optional[String] $repo_keycontent = undef,
+ Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $repo_keysource = undef,
+ Boolean $repo_keyweak_ssl = false,
+ String $config_path = '/etc/gitlab-runner/config.toml',
+ String[1] $config_owner = 'root',
+ String[1] $config_group = 'root',
+ Stdlib::Filemode $config_mode = '0444',
+ Boolean $manage_config_dir = false,
+ Optional[Stdlib::Filemode] $config_dir_mode = undef,
+ Optional[Stdlib::HTTPUrl] $http_proxy = undef,
+ Optional[Stdlib::Unixpath] $ca_file = undef,
) {
if $manage_docker {
# workaround for cirunner issue #1617
diff --git a/manifests/repo.pp b/manifests/repo.pp
index 6ac58bd..6d59c51 100644
--- a/manifests/repo.pp
+++ b/manifests/repo.pp
@@ -3,9 +3,12 @@
# @api private
#
class gitlab_ci_runner::repo (
- $repo_base_url = $gitlab_ci_runner::repo_base_url,
- $repo_keyserver = $gitlab_ci_runner::repo_keyserver,
- $package_name = $gitlab_ci_runner::package_name,
+ $repo_base_url = $gitlab_ci_runner::repo_base_url,
+ $repo_keyserver = $gitlab_ci_runner::repo_keyserver,
+ $repo_keycontent = $gitlab_ci_runner::repo_keycontent,
+ $repo_keysource = $gitlab_ci_runner::repo_keysource,
+ $repo_keyweak_ssl = $gitlab_ci_runner::repo_keyweak_ssl,
+ $package_name = $gitlab_ci_runner::package_name,
) {
assert_private()
case $facts['os']['family'] {
@@ -15,8 +18,11 @@
location => "${repo_base_url}/runner/${package_name}/${facts['os']['distro']['id'].downcase}/",
repos => 'main',
key => {
- 'id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F',
- 'server' => $repo_keyserver,
+ 'id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F',
+ 'server' => $repo_keyserver,
+ 'content' => $repo_keycontent,
+ 'source' => $repo_keysource,
+ 'weak_ssl' => $repo_keyweak_ssl,
},
include => {
'src' => false,
diff --git a/spec/classes/gitlab_ci_runner_spec.rb b/spec/classes/gitlab_ci_runner_spec.rb
index a2a47fc..5d875f7 100644
--- a/spec/classes/gitlab_ci_runner_spec.rb
+++ b/spec/classes/gitlab_ci_runner_spec.rb
@@ -353,7 +353,10 @@
repos: 'main',
key: {
'id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F',
- 'server' => undef_value
+ 'server' => undef_value,
+ 'content' => undef_value,
+ 'source' => undef_value,
+ 'weak_ssl' => false
},
include: {
'src' => false,
@@ -418,7 +421,41 @@
it { is_expected.to contain_class('gitlab_ci_runner::repo') }
it do
- is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', 'server' => 'keys.gnupg.net')
+ is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', 'server' => 'keys.gnupg.net', 'content' => undef_value, 'source' => undef_value, 'weak_ssl' => false)
+ end
+ end
+ end
+ if facts[:os]['family'] == 'Debian'
+ context 'with manage_repo => true and repo_keysource => http://path.to/gpg.key' do
+ let(:params) do
+ super().merge(
+ manage_repo: true,
+ repo_keysource: 'http://path.to/gpg.key'
+ )
+ end
+
+ it { is_expected.to compile }
+ it { is_expected.to contain_class('gitlab_ci_runner::repo') }
+
+ it do
+ is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', 'server' => undef_value, 'content' => undef_value, 'source' => 'http://path.to/gpg.key', 'weak_ssl' => false)
+ end
+ end
+ end
+ if facts[:os]['family'] == 'Debian'
+ context 'with manage_repo => true and repo_keycontent => "somebase64encodedContent"' do
+ let(:params) do
+ super().merge(
+ manage_repo: true,
+ repo_keycontent: 'somebase64encodedContent'
+ )
+ end
+
+ it { is_expected.to compile }
+ it { is_expected.to contain_class('gitlab_ci_runner::repo') }
+
+ it do
+ is_expected.to contain_apt__source('apt_gitlabci').with_key('id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F', 'server' => undef_value, 'content' => 'somebase64encodedContent', 'source' => undef_value, 'weak_ssl' => false)
end
end