diff --git a/manifests/redhat.pp b/manifests/redhat.pp index 8a6272fe..97624b9a 100644 --- a/manifests/redhat.pp +++ b/manifests/redhat.pp @@ -12,18 +12,24 @@ if $manage_repo { + $keys = [ + 'https://yum.datadoghq.com/DATADOG_RPM_KEY.public', + 'https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', + 'https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public', + ] + case $agent_major_version { 5 : { $defaulturl = "https://yum.datadoghq.com/rpm/${::architecture}/" - $gpgkey = 'https://yum.datadoghq.com/DATADOG_RPM_KEY.public' + $gpgkeys = $keys } 6 : { $defaulturl = "https://yum.datadoghq.com/stable/6/${::architecture}/" - $gpgkey = 'https://yum.datadoghq.com/DATADOG_RPM_KEY.public' + $gpgkeys = $keys } 7 : { $defaulturl = "https://yum.datadoghq.com/stable/7/${::architecture}/" - $gpgkey = 'https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public' + $gpgkeys = $keys[1,2] } default: { fail('invalid agent_major_version') } } @@ -34,23 +40,6 @@ $baseurl = $defaulturl } - $public_key_local = '/etc/pki/rpm-gpg/DATADOG_RPM_KEY.public' - - file { 'DATADOG_RPM_KEY_E09422B3.public': - owner => root, - group => root, - mode => '0600', - path => $public_key_local, - source => 'https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public' - } - - exec { 'install-gpg-key': - command => "/bin/rpm --import ${public_key_local}", - onlyif => "/usr/bin/gpg --dry-run --quiet --with-fingerprint -n ${public_key_local} | grep 'A4C0 B90D 7443 CF6E 4E8A A341 F106 8E14 E094 22B3' || gpg --dry-run --import --import-options import-show ${public_key_local} | grep 'A4C0B90D7443CF6E4E8AA341F1068E14E09422B3'", - unless => '/bin/rpm -q gpg-pubkey-e09422b3', - require => File['DATADOG_RPM_KEY_E09422B3.public'], - } - yumrepo { 'datadog-beta': ensure => absent, } @@ -66,10 +55,9 @@ yumrepo {'datadog': enabled => 1, gpgcheck => 1, - gpgkey => $gpgkey, + gpgkey => join($gpgkeys, "\n "), descr => 'Datadog, Inc.', baseurl => $baseurl, - require => Exec['install-gpg-key'], } package { $datadog_agent::params::package_name: diff --git a/manifests/ubuntu.pp b/manifests/ubuntu.pp index 8adf6dd3..2c05e29f 100644 --- a/manifests/ubuntu.pp +++ b/manifests/ubuntu.pp @@ -5,12 +5,12 @@ class datadog_agent::ubuntu( Integer $agent_major_version = $datadog_agent::params::default_agent_major_version, - String $apt_key = 'A2923DFF56EDA6E76E55E492D3A80E30382E94DE', + Array[String] $apt_keys = ['A2923DFF56EDA6E76E55E492D3A80E30382E94DE', 'D75CEA17048B9ACBF186794B32637D44F14F620E'], String $agent_version = $datadog_agent::params::agent_version, Optional[String] $agent_repo_uri = undef, String $release = $datadog_agent::params::apt_default_release, Boolean $skip_apt_key_trusting = false, - Optional[String] $apt_keyserver = undef, + String $apt_keyserver = $datadog_agent::params::apt_keyserver, ) inherits datadog_agent::params { if $agent_version =~ /^[0-9]+\.[0-9]+\.[0-9]+((?:~|-)[^0-9\s-]+[^-\s]*)?$/ { @@ -28,12 +28,12 @@ } if !$skip_apt_key_trusting { - $key = { - 'id' => $apt_key, - 'server' => $apt_keyserver, + $apt_keys.each |String $apt_key| { + apt::key { $apt_key: + id => $apt_key, + server => $apt_keyserver, + } } - } else { - $key = {} } if ($agent_repo_uri != undef) { @@ -59,7 +59,6 @@ location => $location, release => $release, repos => $repos, - key => $key, } package { 'datadog-agent-base': @@ -72,5 +71,4 @@ require => [Apt::Source['datadog'], Class['apt::update']], } - } diff --git a/spec/classes/datadog_agent_redhat_spec.rb b/spec/classes/datadog_agent_redhat_spec.rb index b8336292..6d7ec966 100644 --- a/spec/classes/datadog_agent_redhat_spec.rb +++ b/spec/classes/datadog_agent_redhat_spec.rb @@ -27,7 +27,9 @@ is_expected.to contain_yumrepo('datadog') .with_enabled(1)\ .with_gpgcheck(1)\ - .with_gpgkey('https://yum.datadoghq.com/DATADOG_RPM_KEY.public')\ + .with_gpgkey('https://yum.datadoghq.com/DATADOG_RPM_KEY.public + https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public + https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public')\ .with_baseurl('https://yum.datadoghq.com/rpm/x86_64/') end end @@ -72,7 +74,9 @@ is_expected.to contain_yumrepo('datadog') .with_enabled(1)\ .with_gpgcheck(1)\ - .with_gpgkey('https://yum.datadoghq.com/DATADOG_RPM_KEY.public')\ + .with_gpgkey('https://yum.datadoghq.com/DATADOG_RPM_KEY.public + https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public + https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public')\ .with_baseurl('https://yum.datadoghq.com/stable/6/x86_64/') end end @@ -118,7 +122,8 @@ is_expected.to contain_yumrepo('datadog') .with_enabled(1)\ .with_gpgcheck(1)\ - .with_gpgkey('https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public')\ + .with_gpgkey('https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public + https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public')\ .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/') end end diff --git a/spec/classes/datadog_agent_ubuntu_spec.rb b/spec/classes/datadog_agent_ubuntu_spec.rb index fcaea830..3676ba25 100644 --- a/spec/classes/datadog_agent_ubuntu_spec.rb +++ b/spec/classes/datadog_agent_ubuntu_spec.rb @@ -27,10 +27,12 @@ end # it should install the mirror - it { is_expected.not_to contain_apt__key('Add key: 935F5A436A5A6E8788F0765B226AE980C7A7DA52 from Apt::Source datadog') } + it { is_expected.not_to contain_apt__key('935F5A436A5A6E8788F0765B226AE980C7A7DA52') } it do - is_expected.to contain_apt__key('Add key: A2923DFF56EDA6E76E55E492D3A80E30382E94DE from Apt::Source datadog') + is_expected.to contain_apt__key('A2923DFF56EDA6E76E55E492D3A80E30382E94DE') + is_expected.to contain_apt__key('D75CEA17048B9ACBF186794B32637D44F14F620E') end + context 'overriding keyserver' do let(:params) do { @@ -39,7 +41,9 @@ end it do - is_expected.to contain_apt__key('Add key: A2923DFF56EDA6E76E55E492D3A80E30382E94DE from Apt::Source datadog')\ + is_expected.to contain_apt__key('A2923DFF56EDA6E76E55E492D3A80E30382E94DE')\ + .with_server('hkp://pool.sks-keyservers.net:80') + is_expected.to contain_apt__key('D75CEA17048B9ACBF186794B32637D44F14F620E')\ .with_server('hkp://pool.sks-keyservers.net:80') end end @@ -87,8 +91,11 @@ end # it should install the mirror - it { is_expected.not_to contain_apt__key('Add key: 935F5A436A5A6E8788F0765B226AE980C7A7DA52 from Apt::Source datadog') } - it { is_expected.to contain_apt__key('Add key: A2923DFF56EDA6E76E55E492D3A80E30382E94DE from Apt::Source datadog') } + it { is_expected.not_to contain_apt__key('935F5A436A5A6E8788F0765B226AE980C7A7DA52') } + it do + is_expected.to contain_apt__key('A2923DFF56EDA6E76E55E492D3A80E30382E94DE') + is_expected.to contain_apt__key('D75CEA17048B9ACBF186794B32637D44F14F620E') + end it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog6.list')\ @@ -133,8 +140,8 @@ end # it should install the mirror - it { is_expected.not_to contain_apt__key('Add key: 935F5A436A5A6E8788F0765B226AE980C7A7DA52 from Apt::Source datadog') } - it { is_expected.to contain_apt__key('Add key: A2923DFF56EDA6E76E55E492D3A80E30382E94DE from Apt::Source datadog') } + it { is_expected.not_to contain_apt__key('935F5A436A5A6E8788F0765B226AE980C7A7DA52') } + it { is_expected.to contain_apt__key('A2923DFF56EDA6E76E55E492D3A80E30382E94DE') } it do is_expected.to contain_file('/etc/apt/sources.list.d/datadog6.list')\