Skip to content

Puppet module for managing GnuPG package and public keys

License

Notifications You must be signed in to change notification settings

flepoutre/golja-gnupg

 
 

Repository files navigation

#GnuPG puppet module

####Table of Contents

  1. Overview
  2. Installation
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module
  7. License

##Overview

Install GnuPG on Ubuntu/Debian/RedHat/CentOS/Amazon AMI and manage users public keys.

Tested with Tavis CI

NOTE: For puppet 2.7.x supported module please use version 0.X.X

Build Status Puppet Forge

##Installation

 $ puppet module install golja/gnupg

##Usage

####Install GnuPG package

include '::gnupg'

####Add public key 20BC0A86 from PGP server from hkp://pgp.mit.edu/ to user root

gnupg_key { 'hkp_server_20BC0A86':
  ensure     => present,
  key_id     => '20BC0A86',
  user       => 'root',
  key_server => 'hkp://pgp.mit.edu/',
  key_type   => public,
}

####Add public key D50582E6 from standard http URI to user foo

gnupg_key { 'jenkins_foo_key':
  ensure     => present,
  key_id     => 'D50582E6',
  user       => 'foo',
  key_source => 'http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key',
  key_type   => public,
}

####Add public key D50582E6 from puppet fileserver to user foo

gnupg_key { 'jenkins_foo_key':
  ensure     => present,
  key_id     => 'D50582E6',
  user       => 'foo',
  key_source => 'puppet:///modules/gnupg/D50582E6.key',
  key_type   => public,
}

####Add public key D50582E6 from puppet fileserver to user bar via a string value

gnupg_key { 'jenkins_foo_key':
  ensure      => present,
  key_id      => 'D50582E6',
  user        => 'bar',
  key_content => '-----BEGIN BROKEN PUBLIC KEY BLOCK-----...',
  key_type    => public,
}

Note: You should use hiera lookup to get the key content

####Remove public key 20BC0A86 from user root

gnupg_key {'root_remove':
  ensure   => absent,
  key_id   => '20BC0A86',
  user     => 'root',
  key_type => public,
}

###Remove both private and public key 20BC0A66

gnupg_key {'root_remove':
  ensure   => absent,
  key_id   => '20BC0A66',
  user     => 'root',
  key_type => both,
}

##Reference

###Classes

####gnupg

#####package_ensure

Valid value present/absent. In most cases you should never uninstall this package, because most of the modern Linux distros rely on gnupg for package verification, etc Default: present

#####package_name

Name of the GnuPG package. Default value determined by $::osfamily/$::operatingsystem facts

####gnupg_key

#####ensure

REQUIRED - Valid value present/absent

#####user

REQUIRED - System username for who to store the public key. Also define the location of the pubring (default ${HOME}/.gnupg/)

#####key_id

REQUIRED - Key ID. Usually the traditional 8-character key ID. Also accepted the long more accurate (but less convenient) 16-character key ID. Accept only hexadecimal values.

#####key_source

REQUIRED if key_server or key_content is not defined and ensure is present. A source file containing PGP key. Values can be URIs pointing to remote files, or fully qualified paths to files available on the local system.

The available URI schemes are puppet, https, http and file. Puppet URIs will retrieve files from Puppet's built-in file server, and are usually formatted as:

puppet:///modules/name_of_module/filename

#####key_server

REQUIRED if key_source or key_content is not defined and ensure is present.

PGP key server from where to retrieve the public key. Valid URI schemes are http, https, ldap and hkp.

#####key_content

REQUIRED if key_server or key_source is not defined and ensure is present.

Provide the content of the key as a string. This is useful when the key is stored as a hiera property and the consumer doesn't want to have to write that content to a file before the gnupg_key resource executes.

#####key_type

OPTIONAL - key type. Valid values (public|private|both). Default: public

#####proxy

OPTIONAL - use a http proxy url to access the keyserver, for example: http://proxy.corp.domain:80. Default: undef

Tests

There are two types of tests distributed with the module. Unit tests with rspec-puppet and system tests using rspec-system or beaker.

For unit testing, make sure you have:

  • rake
  • bundler

Install the necessary gems:

bundle install --path=vendor

And then run the unit tests:

bundle exec rake spec

If you want to run the system tests, make sure you also have:

  • vagrant > 1.3.x
  • Virtualbox > 4.2.10

Then run the tests using:

bundle exec rake spec:system

To run the tests on different operating systems, see the sets available in .nodeset.yml and run the specific set with the following syntax:

RSPEC_SET=debian-607-x64 bundle exec rake spec:system

Alernatively you can run beaker tests using:

bundle exec rake beaker

##Limitations

This module has been tested on:

  • Debian 6/7
  • Ubuntu 12+
  • RedHat 5/6/7
  • CentOS 5/6/7
  • Amazon AMI

##Development

Please see CONTRIBUTING.md

License

See LICENSE file

About

Puppet module for managing GnuPG package and public keys

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 96.5%
  • Puppet 3.5%