diff --git a/REFERENCE.md b/REFERENCE.md
index 3a3e9a8..674ec22 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -1,1150 +1,1198 @@
# Reference
## Table of Contents
### Classes
#### Public Classes
* [`apt`](#apt): Main class, includes all other classes.
* [`apt::backports`](#aptbackports): Manages backports.
#### Private Classes
* `apt::params`: Provides defaults for the Apt module parameters.
* `apt::update`: Updates the list of available packages using apt-get update.
### Defined types
* [`apt::conf`](#aptconf): Specifies a custom Apt configuration file.
* [`apt::key`](#aptkey): Manages the GPG keys that Apt uses to authenticate packages.
* [`apt::mark`](#aptmark): Manages apt-mark settings
* [`apt::pin`](#aptpin): Manages Apt pins. Does not trigger an apt-get update run.
* [`apt::ppa`](#aptppa): Manages PPA repositories using `add-apt-repository`. Not supported on Debian.
* [`apt::setting`](#aptsetting): Manages Apt configuration files.
* [`apt::source`](#aptsource): Manages the Apt sources in /etc/apt/sources.list.d/.
### Resource types
#### Public Resource types
#### Private Resource types
* `apt_key`: This type provides Puppet with the capabilities to manage GPG keys needed
by apt to perform package validation. Apt has it's own GPG keyring that can
be manipulated through the `apt-key` command.
### Data types
* [`Apt::Auth_conf_entry`](#aptauth_conf_entry): Login configuration settings that are recorded in the file `/etc/apt/auth.conf`.
* [`Apt::Proxy`](#aptproxy): Configures Apt to connect to a proxy server.
+* [`Apt::Proxy_Per_Host`](#aptproxy_per_host): Adds per-host overrides to the system default APT proxy configuration
### Tasks
* [`init`](#init): Allows you to perform apt functions
## Classes
### `apt`
Main class, includes all other classes.
* **See also**
* https://docs.puppetlabs.com/references/latest/function.html#createresources
* for the create resource function
#### Parameters
The following parameters are available in the `apt` class:
* [`provider`](#provider)
* [`keyserver`](#keyserver)
* [`key_options`](#key_options)
* [`ppa_options`](#ppa_options)
* [`ppa_package`](#ppa_package)
* [`backports`](#backports)
* [`confs`](#confs)
* [`update`](#update)
* [`purge`](#purge)
* [`proxy`](#proxy)
* [`sources`](#sources)
* [`keys`](#keys)
* [`ppas`](#ppas)
* [`pins`](#pins)
* [`settings`](#settings)
* [`manage_auth_conf`](#manage_auth_conf)
* [`auth_conf_entries`](#auth_conf_entries)
* [`auth_conf_owner`](#auth_conf_owner)
* [`root`](#root)
* [`sources_list`](#sources_list)
* [`sources_list_d`](#sources_list_d)
* [`conf_d`](#conf_d)
* [`preferences`](#preferences)
* [`preferences_d`](#preferences_d)
* [`config_files`](#config_files)
* [`sources_list_force`](#sources_list_force)
* [`update_defaults`](#update_defaults)
* [`purge_defaults`](#purge_defaults)
* [`proxy_defaults`](#proxy_defaults)
* [`include_defaults`](#include_defaults)
* [`apt_conf_d`](#apt_conf_d)
* [`source_key_defaults`](#source_key_defaults)
##### `provider`
Data type: `String`
Specifies the provider that should be used by apt::update.
Default value: `$apt::params::provider`
##### `keyserver`
Data type: `String`
Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, or
hkp://).
Default value: `$apt::params::keyserver`
##### `key_options`
Data type: `Optional[String]`
Specifies the default options for apt::key resources.
Default value: `$apt::params::key_options`
##### `ppa_options`
Data type: `Optional[String]`
Supplies options to be passed to the `add-apt-repository` command.
Default value: `$apt::params::ppa_options`
##### `ppa_package`
Data type: `Optional[String]`
Names the package that provides the `apt-add-repository` command.
Default value: `$apt::params::ppa_package`
##### `backports`
Data type: `Optional[Hash]`
Specifies some of the default parameters used by apt::backports. Valid options: a hash made up from the following keys:
Options:
* **:location** `String`: See apt::backports for documentation.
* **:repos** `String`: See apt::backports for documentation.
* **:key** `String`: See apt::backports for documentation.
Default value: `$apt::params::backports`
##### `confs`
Data type: `Hash`
Creates new `apt::conf` resources. Valid options: a hash to be passed to the create_resources function linked above.
Default value: `$apt::params::confs`
##### `update`
Data type: `Hash`
Configures various update settings. Valid options: a hash made up from the following keys:
Options:
* **:frequency** `String`: Specifies how often to run `apt-get update`. If the exec resource `apt_update` is notified, `apt-get update` runs regardless of this value.
Valid options: 'always' (at every Puppet run); 'daily' (if the value of `apt_update_last_success` is less than current epoch time minus 86400);
'weekly' (if the value of `apt_update_last_success` is less than current epoch time minus 604800); and 'reluctantly' (only if the exec resource
`apt_update` is notified). Default: 'reluctantly'.
* **:loglevel** `Integer`: Specifies the log level of logs outputted to the console. Default: undef.
* **:timeout** `Integer`: Specifies how long to wait for the update to complete before canceling it. Valid options: an integer, in seconds. Default: undef.
* **:tries** `Integer`: Specifies how many times to retry the update after receiving a DNS or HTTP error. Default: undef.
Default value: `$apt::params::update`
##### `purge`
Data type: `Hash`
Specifies whether to purge any existing settings that aren't managed by Puppet. Valid options: a hash made up from the following keys:
Options:
* **:sources.list** `Boolean`: Specifies whether to purge any unmanaged entries from sources.list. Default false.
* **:sources.list.d** `Boolean`: Specifies whether to purge any unmanaged entries from sources.list.d. Default false.
* **:preferences** `Boolean`: Specifies whether to purge any unmanaged entries from preferences. Default false.
* **:preferences.d.** `Boolean`: Specifies whether to purge any unmanaged entries from preferences.d. Default false.
Default value: `$apt::params::purge`
##### `proxy`
Data type: `Apt::Proxy`
Configures Apt to connect to a proxy server. Valid options: a hash matching the locally defined type apt::proxy.
Default value: `$apt::params::proxy`
##### `sources`
Data type: `Hash`
Creates new `apt::source` resources. Valid options: a hash to be passed to the create_resources function linked above.
Default value: `$apt::params::sources`
##### `keys`
Data type: `Hash`
Creates new `apt::key` resources. Valid options: a hash to be passed to the create_resources function linked above.
Default value: `$apt::params::keys`
##### `ppas`
Data type: `Hash`
Creates new `apt::ppa` resources. Valid options: a hash to be passed to the create_resources function linked above.
Default value: `$apt::params::ppas`
##### `pins`
Data type: `Hash`
Creates new `apt::pin` resources. Valid options: a hash to be passed to the create_resources function linked above.
Default value: `$apt::params::pins`
##### `settings`
Data type: `Hash`
Creates new `apt::setting` resources. Valid options: a hash to be passed to the create_resources function linked above.
Default value: `$apt::params::settings`
##### `manage_auth_conf`
Data type: `Boolean`
Specifies whether to manage the /etc/apt/auth.conf file. When true, the file will be overwritten with the entries specified in
the auth_conf_entries parameter. When false, the file will be ignored (note that this does not set the file to absent.
Default value: `$apt::params::manage_auth_conf`
##### `auth_conf_entries`
Data type: `Array[Apt::Auth_conf_entry]`
An optional array of login configuration settings (hashes) that are recorded in the file /etc/apt/auth.conf. This file has a netrc-like
format (similar to what curl uses) and contains the login configuration for APT sources and proxies that require authentication. See
https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for details. If specified each hash must contain the keys machine, login and
password and no others. Specifying manage_auth_conf and not specifying this parameter will set /etc/apt/auth.conf to absent.
Default value: `$apt::params::auth_conf_entries`
##### `auth_conf_owner`
Data type: `String`
The owner of the file /etc/apt/auth.conf. Default: '_apt' or 'root' on old releases.
Default value: `$apt::params::auth_conf_owner`
##### `root`
Data type: `String`
Specifies root directory of Apt executable.
Default value: `$apt::params::root`
##### `sources_list`
Data type: `String`
Specifies the path of the sources_list file to use.
Default value: `$apt::params::sources_list`
##### `sources_list_d`
Data type: `String`
Specifies the path of the sources_list.d file to use.
Default value: `$apt::params::sources_list_d`
##### `conf_d`
Data type: `String`
Specifies the path of the conf.d file to use.
Default value: `$apt::params::conf_d`
##### `preferences`
Data type: `String`
Specifies the path of the preferences file to use.
Default value: `$apt::params::preferences`
##### `preferences_d`
Data type: `String`
Specifies the path of the preferences.d file to use.
Default value: `$apt::params::preferences_d`
##### `config_files`
Data type: `Hash`
A hash made up of the various configuration files used by Apt.
Default value: `$apt::params::config_files`
##### `sources_list_force`
Data type: `Boolean`
Specifies whether to perform force purge or delete. Default false.
Default value: `$apt::params::sources_list_force`
##### `update_defaults`
Data type: `Hash`
Default value: `$apt::params::update_defaults`
##### `purge_defaults`
Data type: `Hash`
Default value: `$apt::params::purge_defaults`
##### `proxy_defaults`
Data type: `Hash`
Default value: `$apt::params::proxy_defaults`
##### `include_defaults`
Data type: `Hash`
Default value: `$apt::params::include_defaults`
##### `apt_conf_d`
Data type: `String`
Default value: `$apt::params::apt_conf_d`
##### `source_key_defaults`
Data type: `Hash`
Default value: `{
'server' => $keyserver,
'options' => undef,
'content' => undef,
'source' => undef,
}`
### `apt::backports`
Manages backports.
#### Examples
##### Set up a backport source for Linux Mint qiana
```puppet
class { 'apt::backports':
location => 'http://us.archive.ubuntu.com/ubuntu',
release => 'trusty-backports',
repos => 'main universe multiverse restricted',
key => {
id => '630239CC130E1A7FD81A27B140976EAF437D05B5',
server => 'keyserver.ubuntu.com',
},
}
```
#### Parameters
The following parameters are available in the `apt::backports` class:
* [`location`](#location)
* [`release`](#release)
* [`repos`](#repos)
* [`key`](#key)
* [`pin`](#pin)
* [`include`](#include)
##### `location`
Data type: `Optional[String]`
Specifies an Apt repository containing the backports to manage. Valid options: a string containing a URL. Default value for Debian and
Ubuntu varies:
- Debian: 'http://deb.debian.org/debian'
- Ubuntu: 'http://archive.ubuntu.com/ubuntu'
Default value: ``undef``
##### `release`
Data type: `Optional[String]`
Specifies a distribution of the Apt repository containing the backports to manage. Used in populating the `source.list` configuration file.
Default: on Debian and Ubuntu, `${facts['os']['distro']['codename']}-backports`. We recommend keeping this default, except on other operating
systems.
Default value: ``undef``
##### `repos`
Data type: `Optional[String]`
Specifies a component of the Apt repository containing the backports to manage. Used in populating the `source.list` configuration file.
Default value for Debian and Ubuntu varies:
- Debian: 'main contrib non-free'
- Ubuntu: 'main universe multiverse restricted'
Default value: ``undef``
##### `key`
Data type: `Optional[Variant[String, Hash]]`
Specifies a key to authenticate the backports. Valid options: a string to be passed to the id parameter of the apt::key defined type, or a
hash of parameter => value pairs to be passed to apt::key's id, server, content, source, and/or options parameters. Default value
for Debian and Ubuntu varies:
- Debian: 'A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553'
- Ubuntu: '630239CC130E1A7FD81A27B140976EAF437D05B5'
Default value: ``undef``
##### `pin`
Data type: `Optional[Variant[Integer, String, Hash]]`
Specifies a pin priority for the backports. Valid options: a number or string to be passed to the `id` parameter of the `apt::pin` defined
type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters.
Default value: `200`
##### `include`
Data type: `Optional[Variant[Hash]]`
Specifies whether to include 'deb' or 'src', or both.
Default value: `{}`
## Defined types
### `apt::conf`
Specifies a custom Apt configuration file.
#### Parameters
The following parameters are available in the `apt::conf` defined type:
* [`content`](#content)
* [`ensure`](#ensure)
* [`priority`](#priority)
* [`notify_update`](#notify_update)
##### `content`
Data type: `Optional[String]`
Required unless `ensure` is set to 'absent'. Directly supplies content for the configuration file.
Default value: ``undef``
##### `ensure`
Data type: `Enum['present', 'absent']`
Specifies whether the configuration file should exist. Valid options: 'present' and 'absent'.
Default value: `present`
##### `priority`
Data type: `Variant[String, Integer]`
Determines the order in which Apt processes the configuration file. Files with lower priority numbers are loaded first.
Valid options: a string containing an integer or an integer.
Default value: `50`
##### `notify_update`
Data type: `Optional[Boolean]`
Specifies whether to trigger an `apt-get update` run.
Default value: ``undef``
### `apt::key`
Manages the GPG keys that Apt uses to authenticate packages.
* **Note** The apt::key defined type makes use of the apt_key type, but includes extra functionality to help prevent duplicate keys.
#### Examples
##### Declare Apt key for apt.puppetlabs.com source
```puppet
apt::key { 'puppetlabs':
id => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
server => 'keyserver.ubuntu.com',
options => 'http-proxy="http://proxyuser:proxypass@example.org:3128"',
}
```
#### Parameters
The following parameters are available in the `apt::key` defined type:
* [`id`](#id)
* [`ensure`](#ensure)
* [`content`](#content)
* [`source`](#source)
* [`server`](#server)
* [`weak_ssl`](#weak_ssl)
* [`options`](#options)
##### `id`
Data type: `Pattern[/\A(0x)?[0-9a-fA-F]{8}\Z/, /\A(0x)?[0-9a-fA-F]{16}\Z/, /\A(0x)?[0-9a-fA-F]{40}\Z/]`
Specifies a GPG key to authenticate Apt package signatures. Valid options: a string containing a key ID (8 or 16 hexadecimal
characters, optionally prefixed with "0x") or a full key fingerprint (40 hexadecimal characters).
Default value: `$title`
##### `ensure`
Data type: `Enum['present', 'absent', 'refreshed']`
Specifies whether the key should exist. Valid options: 'present', 'absent' or 'refreshed'. Using 'refreshed' will make keys auto
update when they have expired (assuming a new key exists on the key server).
Default value: `present`
##### `content`
Data type: `Optional[String]`
Supplies the entire GPG key. Useful in case the key can't be fetched from a remote location and using a file resource is inconvenient.
Default value: ``undef``
##### `source`
Data type: `Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]]`
Specifies the location of an existing GPG key file to copy. Valid options: a string containing a URL (ftp://, http://, or https://) or
an absolute path.
Default value: ``undef``
##### `server`
Data type: `Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?(\/[a-zA-Z\d\-_.]+)*\/?$/]`
Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://,
hkp:// or hkps://). The hkps:// protocol is currently only supported on Ubuntu 18.04.
Default value: `$::apt::keyserver`
##### `weak_ssl`
Data type: `Boolean`
Specifies whether strict SSL verification on a https URL should be disabled. Valid options: true or false.
Default value: ``false``
##### `options`
Data type: `Optional[String]`
Passes additional options to `apt-key adv --keyserver-options`.
Default value: `$::apt::key_options`
### `apt::mark`
Manages apt-mark settings
#### Parameters
The following parameters are available in the `apt::mark` defined type:
* [`setting`](#setting)
##### `setting`
Data type: `Enum['auto','manual','hold','unhold']`
auto, manual, hold, unhold
specifies the behavior of apt in case of no more dependencies installed
https://manpages.debian.org/stable/apt/apt-mark.8.en.html
### `apt::pin`
Manages Apt pins. Does not trigger an apt-get update run.
* **See also**
* http://linux.die.net/man/5/apt_preferences
* for context on these parameters
#### Parameters
The following parameters are available in the `apt::pin` defined type:
* [`ensure`](#ensure)
* [`explanation`](#explanation)
* [`order`](#order)
* [`packages`](#packages)
* [`priority`](#priority)
* [`release`](#release)
* [`release_version`](#release_version)
* [`component`](#component)
* [`originator`](#originator)
* [`label`](#label)
* [`origin`](#origin)
* [`version`](#version)
* [`codename`](#codename)
##### `ensure`
Data type: `Optional[Enum['file', 'present', 'absent']]`
Specifies whether the pin should exist. Valid options: 'file', 'present', and 'absent'.
Default value: `present`
##### `explanation`
Data type: `Optional[String]`
Supplies a comment to explain the pin. Default: "${caller_module_name}: ${name}".
Default value: ``undef``
##### `order`
Data type: `Variant[Integer]`
Determines the order in which Apt processes the pin file. Files with lower order numbers are loaded first.
Default value: `50`
##### `packages`
Data type: `Variant[String, Array]`
Specifies which package(s) to pin.
Default value: `'*'`
##### `priority`
Data type: `Variant[Numeric, String]`
Sets the priority of the package. If multiple versions of a given package are available, `apt-get` installs the one with the highest
priority number (subject to dependency constraints). Valid options: an integer.
Default value: `0`
##### `release`
Data type: `Optional[String]`
Tells APT to prefer packages that support the specified release. Typical values include 'stable', 'testing', and 'unstable'.
Default value: `''`
##### `release_version`
Data type: `Optional[String]`
Tells APT to prefer packages that support the specified operating system release version (such as Debian release version 7).
Default value: `''`
##### `component`
Data type: `Optional[String]`
Names the licensing component associated with the packages in the directory tree of the Release file.
Default value: `''`
##### `originator`
Data type: `Optional[String]`
Names the originator of the packages in the directory tree of the Release file.
Default value: `''`
##### `label`
Data type: `Optional[String]`
Names the label of the packages in the directory tree of the Release file.
Default value: `''`
##### `origin`
Data type: `Optional[String]`
Default value: `''`
##### `version`
Data type: `Optional[String]`
Default value: `''`
##### `codename`
Data type: `Optional[String]`
Default value: `''`
### `apt::ppa`
Manages PPA repositories using `add-apt-repository`. Not supported on Debian.
#### Examples
##### Example declaration of an Apt PPA
```puppet
apt::ppa{ 'ppa:openstack-ppa/bleeding-edge': }
```
#### Parameters
The following parameters are available in the `apt::ppa` defined type:
* [`ensure`](#ensure)
* [`options`](#options)
* [`release`](#release)
* [`dist`](#dist)
* [`package_name`](#package_name)
* [`package_manage`](#package_manage)
##### `ensure`
Data type: `String`
Specifies whether the PPA should exist. Valid options: 'present' and 'absent'.
Default value: `'present'`
##### `options`
Data type: `Optional[String]`
Supplies options to be passed to the `add-apt-repository` command. Default: '-y'.
Default value: `$::apt::ppa_options`
##### `release`
Data type: `Optional[String]`
Specifies the operating system of your node. Valid options: a string containing a valid LSB distribution codename.
Optional if `puppet facts show os.distro.codename` returns your correct distribution release codename.
Default value: `$facts['os']['distro']['codename']`
##### `dist`
Data type: `Optional[String]`
Specifies the distribution of your node. Valid options: a string containing a valid distribution codename.
Optional if `puppet facts show os.name` returns your correct distribution name.
Default value: `$facts['os']['name']`
##### `package_name`
Data type: `Optional[String]`
Names the package that provides the `apt-add-repository` command. Default: 'software-properties-common'.
Default value: `$::apt::ppa_package`
##### `package_manage`
Data type: `Boolean`
Specifies whether Puppet should manage the package that provides `apt-add-repository`.
Default value: ``false``
### `apt::setting`
Manages Apt configuration files.
* **See also**
* https://docs.puppetlabs.com/references/latest/type.html#file-attributes
* for more information on source and content parameters
#### Parameters
The following parameters are available in the `apt::setting` defined type:
* [`priority`](#priority)
* [`ensure`](#ensure)
* [`source`](#source)
* [`content`](#content)
* [`notify_update`](#notify_update)
##### `priority`
Data type: `Variant[String, Integer, Array]`
Determines the order in which Apt processes the configuration file. Files with higher priority numbers are loaded first.
Default value: `50`
##### `ensure`
Data type: `Optional[Enum['file', 'present', 'absent']]`
Specifies whether the file should exist. Valid options: 'present', 'absent', and 'file'.
Default value: `file`
##### `source`
Data type: `Optional[String]`
Required, unless `content` is set. Specifies a source file to supply the content of the configuration file. Cannot be used in combination
with `content`. Valid options: see link above for Puppet's native file type source attribute.
Default value: ``undef``
##### `content`
Data type: `Optional[String]`
Required, unless `source` is set. Directly supplies content for the configuration file. Cannot be used in combination with `source`. Valid
options: see link above for Puppet's native file type content attribute.
Default value: ``undef``
##### `notify_update`
Data type: `Boolean`
Specifies whether to trigger an `apt-get update` run.
Default value: ``true``
### `apt::source`
Manages the Apt sources in /etc/apt/sources.list.d/.
#### Examples
##### Install the puppetlabs apt source
```puppet
apt::source { 'puppetlabs':
location => 'http://apt.puppetlabs.com',
repos => 'main',
key => {
id => '6F6B15509CF8E59E6E469F327F438280EF8D349F',
server => 'keyserver.ubuntu.com',
},
}
```
#### Parameters
The following parameters are available in the `apt::source` defined type:
* [`location`](#location)
* [`comment`](#comment)
* [`ensure`](#ensure)
* [`release`](#release)
* [`repos`](#repos)
* [`include`](#include)
* [`key`](#key)
* [`keyring`](#keyring)
* [`pin`](#pin)
* [`architecture`](#architecture)
* [`allow_unsigned`](#allow_unsigned)
* [`notify_update`](#notify_update)
##### `location`
Data type: `Optional[String]`
Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL.
Default value: ``undef``
##### `comment`
Data type: `String`
Supplies a comment for adding to the Apt source file.
Default value: `$name`
##### `ensure`
Data type: `String`
Specifies whether the Apt source file should exist. Valid options: 'present' and 'absent'.
Default value: `present`
##### `release`
Data type: `Optional[String]`
Specifies a distribution of the Apt repository.
Default value: ``undef``
##### `repos`
Data type: `String`
Specifies a component of the Apt repository.
Default value: `'main'`
##### `include`
Data type: `Optional[Variant[Hash]]`
Configures include options. Valid options: a hash of available keys.
Options:
* **:deb** `Boolean`: Specifies whether to request the distribution's compiled binaries. Default true.
* **:src** `Boolean`: Specifies whether to request the distribution's uncompiled source code. Default false.
Default value: `{}`
##### `key`
Data type: `Optional[Variant[String, Hash]]`
Creates a declaration of the apt::key defined type. Valid options: a string to be passed to the `id` parameter of the `apt::key`
defined type, or a hash of `parameter => value` pairs to be passed to `apt::key`'s `id`, `server`, `content`, `source`, `weak_ssl`,
and/or `options` parameters.
Default value: ``undef``
##### `keyring`
Data type: `Optional[Stdlib::AbsolutePath]`
Absolute path to a file containing the PGP keyring used to sign this repository. Value is used to set signed-by on the source entry.
See https://wiki.debian.org/DebianRepository/UseThirdParty for details.
Default value: ``undef``
##### `pin`
Data type: `Optional[Variant[Hash, Numeric, String]]`
Creates a declaration of the apt::pin defined type. Valid options: a number or string to be passed to the `id` parameter of the
`apt::pin` defined type, or a hash of `parameter => value` pairs to be passed to `apt::pin`'s corresponding parameters.
Default value: ``undef``
##### `architecture`
Data type: `Optional[String]`
Tells Apt to only download information for specified architectures. Valid options: a string containing one or more architecture names,
separated by commas (e.g., 'i386' or 'i386,alpha,powerpc'). Default: undef (if unspecified, Apt downloads information for all architectures
defined in the Apt::Architectures option).
Default value: ``undef``
##### `allow_unsigned`
Data type: `Boolean`
Specifies whether to authenticate packages from this release, even if the Release file is not signed or the signature can't be checked.
Default value: ``false``
##### `notify_update`
Data type: `Boolean`
Specifies whether to trigger an `apt-get update` run.
Default value: ``true``
## Resource types
## Data types
### `Apt::Auth_conf_entry`
Login configuration settings that are recorded in the file `/etc/apt/auth.conf`.
* **See also**
* https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html
* for more information
Alias of
```puppet
Struct[{
machine => String[1],
login => String,
password => String
}]
```
#### Parameters
The following parameters are available in the `Apt::Auth_conf_entry` data type:
* [`machine`](#machine)
* [`login`](#login)
* [`password`](#password)
##### `machine`
Hostname of machine to connect to.
##### `login`
Specifies the username to connect with.
##### `password`
Specifies the password to connect with.
### `Apt::Proxy`
Configures Apt to connect to a proxy server.
Alias of
```puppet
Struct[{
ensure => Optional[Enum['file', 'present', 'absent']],
host => Optional[String],
port => Optional[Integer[0, 65535]],
https => Optional[Boolean],
https_acng => Optional[Boolean],
direct => Optional[Boolean],
+ perhost => Optional[Array[Apt::Proxy_Per_Host]],
}]
```
#### Parameters
The following parameters are available in the `Apt::Proxy` data type:
* [`ensure`](#ensure)
* [`host`](#host)
* [`port`](#port)
* [`https`](#https)
* [`direct`](#direct)
##### `ensure`
Specifies whether the proxy should exist. Valid options: 'file', 'present', and 'absent'. Prefer 'file' over 'present'.
##### `host`
Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname.
##### `port`
Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number.
##### `https`
Specifies whether to enable https proxies.
##### `direct`
Specifies whether or not to use a `DIRECT` https proxy if http proxy is used but https is not.
+### `Apt::Proxy_Per_Host`
+
+Adds per-host overrides to the system default APT proxy configuration
+
+Alias of
+
+```puppet
+Struct[{
+ scope => String,
+ host => Optional[String],
+ port => Optional[Integer[1, 65535]],
+ https => Optional[Boolean],
+ direct => Optional[Boolean],
+ }]
+```
+
+#### Parameters
+
+The following parameters are available in the `Apt::Proxy_Per_Host` data type:
+
+* [`scope`](#scope)
+* [`host`](#host)
+* [`port`](#port)
+* [`https`](#https)
+* [`direct`](#direct)
+
+##### `scope`
+
+Specifies the scope of the override. Valid options: a string containing a hostname.
+
+##### `host`
+
+Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname.
+
+##### `port`
+
+Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number.
+
+##### `https`
+
+Specifies whether to enable https for this override.
+
+##### `direct`
+
+Specifies whether or not to use a `DIRECT` target to bypass the system default proxy.
+
## Tasks
### `init`
Allows you to perform apt functions
**Supports noop?** false
#### Parameters
##### `action`
Data type: `Enum[update, upgrade, dist-upgrade, autoremove]`
Action to perform
diff --git a/manifests/init.pp b/manifests/init.pp
index fdfd600..49f9309 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,351 +1,373 @@
# @summary Main class, includes all other classes.
#
# @see https://docs.puppetlabs.com/references/latest/function.html#createresources for the create resource function
#
# @param provider
# Specifies the provider that should be used by apt::update.
#
# @param keyserver
# Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://, or
# hkp://).
#
# @param key_options
# Specifies the default options for apt::key resources.
#
# @param ppa_options
# Supplies options to be passed to the `add-apt-repository` command.
#
# @param ppa_package
# Names the package that provides the `apt-add-repository` command.
#
# @param backports
# Specifies some of the default parameters used by apt::backports. Valid options: a hash made up from the following keys:
#
# @option backports [String] :location
# See apt::backports for documentation.
#
# @option backports [String] :repos
# See apt::backports for documentation.
#
# @option backports [String] :key
# See apt::backports for documentation.
#
# @param confs
# Creates new `apt::conf` resources. Valid options: a hash to be passed to the create_resources function linked above.
#
# @param update
# Configures various update settings. Valid options: a hash made up from the following keys:
#
# @option update [String] :frequency
# Specifies how often to run `apt-get update`. If the exec resource `apt_update` is notified, `apt-get update` runs regardless of this value.
# Valid options: 'always' (at every Puppet run); 'daily' (if the value of `apt_update_last_success` is less than current epoch time minus 86400);
# 'weekly' (if the value of `apt_update_last_success` is less than current epoch time minus 604800); and 'reluctantly' (only if the exec resource
# `apt_update` is notified). Default: 'reluctantly'.
#
# @option update [Integer] :loglevel
# Specifies the log level of logs outputted to the console. Default: undef.
#
# @option update [Integer] :timeout
# Specifies how long to wait for the update to complete before canceling it. Valid options: an integer, in seconds. Default: undef.
#
# @option update [Integer] :tries
# Specifies how many times to retry the update after receiving a DNS or HTTP error. Default: undef.
#
# @param purge
# Specifies whether to purge any existing settings that aren't managed by Puppet. Valid options: a hash made up from the following keys:
#
# @option purge [Boolean] :sources.list
# Specifies whether to purge any unmanaged entries from sources.list. Default false.
#
# @option purge [Boolean] :sources.list.d
# Specifies whether to purge any unmanaged entries from sources.list.d. Default false.
#
# @option purge [Boolean] :preferences
# Specifies whether to purge any unmanaged entries from preferences. Default false.
#
# @option purge [Boolean] :preferences.d.
# Specifies whether to purge any unmanaged entries from preferences.d. Default false.
#
# @param proxy
# Configures Apt to connect to a proxy server. Valid options: a hash matching the locally defined type apt::proxy.
#
# @param sources
# Creates new `apt::source` resources. Valid options: a hash to be passed to the create_resources function linked above.
#
# @param keys
# Creates new `apt::key` resources. Valid options: a hash to be passed to the create_resources function linked above.
#
# @param ppas
# Creates new `apt::ppa` resources. Valid options: a hash to be passed to the create_resources function linked above.
#
# @param pins
# Creates new `apt::pin` resources. Valid options: a hash to be passed to the create_resources function linked above.
#
# @param settings
# Creates new `apt::setting` resources. Valid options: a hash to be passed to the create_resources function linked above.
#
# @param manage_auth_conf
# Specifies whether to manage the /etc/apt/auth.conf file. When true, the file will be overwritten with the entries specified in
# the auth_conf_entries parameter. When false, the file will be ignored (note that this does not set the file to absent.
#
# @param auth_conf_entries
# An optional array of login configuration settings (hashes) that are recorded in the file /etc/apt/auth.conf. This file has a netrc-like
# format (similar to what curl uses) and contains the login configuration for APT sources and proxies that require authentication. See
# https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html for details. If specified each hash must contain the keys machine, login and
# password and no others. Specifying manage_auth_conf and not specifying this parameter will set /etc/apt/auth.conf to absent.
#
# @param auth_conf_owner
# The owner of the file /etc/apt/auth.conf. Default: '_apt' or 'root' on old releases.
#
# @param root
# Specifies root directory of Apt executable.
#
# @param sources_list
# Specifies the path of the sources_list file to use.
#
# @param sources_list_d
# Specifies the path of the sources_list.d file to use.
#
# @param conf_d
# Specifies the path of the conf.d file to use.
#
# @param preferences
# Specifies the path of the preferences file to use.
#
# @param preferences_d
# Specifies the path of the preferences.d file to use.
#
# @param config_files
# A hash made up of the various configuration files used by Apt.
#
# @param sources_list_force
# Specifies whether to perform force purge or delete. Default false.
#
class apt (
Hash $update_defaults = $apt::params::update_defaults,
Hash $purge_defaults = $apt::params::purge_defaults,
Hash $proxy_defaults = $apt::params::proxy_defaults,
Hash $include_defaults = $apt::params::include_defaults,
String $provider = $apt::params::provider,
String $keyserver = $apt::params::keyserver,
Optional[String] $key_options = $apt::params::key_options,
Optional[String] $ppa_options = $apt::params::ppa_options,
Optional[String] $ppa_package = $apt::params::ppa_package,
Optional[Hash] $backports = $apt::params::backports,
Hash $confs = $apt::params::confs,
Hash $update = $apt::params::update,
Hash $purge = $apt::params::purge,
Apt::Proxy $proxy = $apt::params::proxy,
Hash $sources = $apt::params::sources,
Hash $keys = $apt::params::keys,
Hash $ppas = $apt::params::ppas,
Hash $pins = $apt::params::pins,
Hash $settings = $apt::params::settings,
Boolean $manage_auth_conf = $apt::params::manage_auth_conf,
Array[Apt::Auth_conf_entry]
$auth_conf_entries = $apt::params::auth_conf_entries,
String $auth_conf_owner = $apt::params::auth_conf_owner,
String $root = $apt::params::root,
String $sources_list = $apt::params::sources_list,
String $sources_list_d = $apt::params::sources_list_d,
String $conf_d = $apt::params::conf_d,
String $preferences = $apt::params::preferences,
String $preferences_d = $apt::params::preferences_d,
String $apt_conf_d = $apt::params::apt_conf_d,
Hash $config_files = $apt::params::config_files,
Boolean $sources_list_force = $apt::params::sources_list_force,
Hash $source_key_defaults = {
'server' => $keyserver,
'options' => undef,
'content' => undef,
'source' => undef,
}
) inherits apt::params {
if $facts['os']['family'] != 'Debian' {
fail('This module only works on Debian or derivatives like Ubuntu')
}
if $update['frequency'] {
assert_type(
Enum['always','daily','weekly','reluctantly'],
$update['frequency'],
)
}
if $update['timeout'] {
assert_type(Integer, $update['timeout'])
}
if $update['tries'] {
assert_type(Integer, $update['tries'])
}
$_update = merge($::apt::update_defaults, $update)
include ::apt::update
if $purge['sources.list'] {
assert_type(Boolean, $purge['sources.list'])
}
if $purge['sources.list.d'] {
assert_type(Boolean, $purge['sources.list.d'])
}
if $purge['preferences'] {
assert_type(Boolean, $purge['preferences'])
}
if $purge['preferences.d'] {
assert_type(Boolean, $purge['preferences.d'])
}
if $sources_list_force {
assert_type(Boolean, $sources_list_force)
}
if $purge['apt.conf.d'] {
assert_type(Boolean, $purge['apt.conf.d'])
}
$_purge = merge($::apt::purge_defaults, $purge)
- $_proxy = merge($apt::proxy_defaults, $proxy)
+
+ if $proxy['perhost'] {
+ $_perhost = $proxy['perhost'].map |$item| {
+ $_item = merge($apt::proxy_defaults, $item)
+ $_scheme = $_item['https'] ? {
+ true => 'https',
+ default => 'http' }
+ $_port = $_item['port'] ? {
+ Integer => ":${_item['port']}",
+ default => ''
+ }
+ $_target = $_item['direct'] ? {
+ true => 'DIRECT',
+ default => "${_scheme}://${_item['host']}${_port}/" }
+ merge($item, {
+ 'scheme' => $_scheme,
+ 'target' => $_target })
+ }
+ } else {
+ $_perhost = {}
+ }
+
+ $_proxy = merge($apt::proxy_defaults, $proxy, { 'perhost' => $_perhost } )
$confheadertmp = epp('apt/_conf_header.epp')
$proxytmp = epp('apt/proxy.epp', {'proxies' => $_proxy})
$updatestamptmp = epp('apt/15update-stamp.epp')
if $_proxy['ensure'] == 'absent' or $_proxy['host'] {
apt::setting { 'conf-proxy':
ensure => $_proxy['ensure'],
priority => '01',
content => "${confheadertmp}${proxytmp}",
}
}
if $sources_list_force {
$sources_list_ensure = $_purge['sources.list'] ? {
true => absent,
default => file,
}
$sources_list_content = $_purge['sources.list'] ? {
true => nil,
default => undef,
}
}
else
{
$sources_list_ensure = $_purge['sources.list'] ? {
true => file,
default => file,
}
$sources_list_content = $_purge['sources.list'] ? {
true => "# Repos managed by puppet.\n",
default => undef,
}
}
$preferences_ensure = $_purge['preferences'] ? {
true => absent,
default => file,
}
if $_update['frequency'] == 'always' {
Exec <| title=='apt_update' |> {
refreshonly => false,
}
}
apt::setting { 'conf-update-stamp':
priority => 15,
content => "${confheadertmp}${updatestamptmp}",
}
file { 'sources.list':
ensure => $sources_list_ensure,
path => $::apt::sources_list,
owner => root,
group => root,
content => $sources_list_content,
notify => Class['apt::update'],
}
file { 'sources.list.d':
ensure => directory,
path => $::apt::sources_list_d,
owner => root,
group => root,
purge => $_purge['sources.list.d'],
recurse => $_purge['sources.list.d'],
notify => Class['apt::update'],
}
file { 'preferences':
ensure => $preferences_ensure,
path => $::apt::preferences,
owner => root,
group => root,
notify => Class['apt::update'],
}
file { 'preferences.d':
ensure => directory,
path => $::apt::preferences_d,
owner => root,
group => root,
purge => $_purge['preferences.d'],
recurse => $_purge['preferences.d'],
notify => Class['apt::update'],
}
file { 'apt.conf.d':
ensure => directory,
path => $::apt::apt_conf_d,
owner => root,
group => root,
purge => $_purge['apt.conf.d'],
recurse => $_purge['apt.conf.d'],
notify => Class['apt::update'],
}
if $confs {
create_resources('apt::conf', $confs)
}
# manage sources if present
if $sources {
create_resources('apt::source', $sources)
}
# manage keys if present
if $keys {
create_resources('apt::key', $keys)
}
# manage ppas if present
if $ppas {
create_resources('apt::ppa', $ppas)
}
# manage settings if present
if $settings {
create_resources('apt::setting', $settings)
}
if $manage_auth_conf {
$auth_conf_ensure = $auth_conf_entries ? {
[] => 'absent',
default => 'present',
}
$auth_conf_tmp = epp('apt/auth_conf.epp')
file { '/etc/apt/auth.conf':
ensure => $auth_conf_ensure,
owner => $auth_conf_owner,
group => 'root',
mode => '0600',
content => Sensitive("${confheadertmp}${auth_conf_tmp}"),
notify => Class['apt::update'],
}
}
# manage pins if present
if $pins {
create_resources('apt::pin', $pins)
}
# required for adding GPG keys on Debian 9 (and derivatives)
ensure_packages(['gnupg'])
}
diff --git a/spec/classes/apt_spec.rb b/spec/classes/apt_spec.rb
index ca23563..03b638c 100644
--- a/spec/classes/apt_spec.rb
+++ b/spec/classes/apt_spec.rb
@@ -1,717 +1,779 @@
# frozen_string_literal: true
require 'spec_helper'
sources_list = { ensure: 'file',
path: '/etc/apt/sources.list',
owner: 'root',
group: 'root',
notify: 'Class[Apt::Update]' }
sources_list_d = { ensure: 'directory',
path: '/etc/apt/sources.list.d',
owner: 'root',
group: 'root',
purge: false,
recurse: false,
notify: 'Class[Apt::Update]' }
preferences = { ensure: 'file',
path: '/etc/apt/preferences',
owner: 'root',
group: 'root',
notify: 'Class[Apt::Update]' }
preferences_d = { ensure: 'directory',
path: '/etc/apt/preferences.d',
owner: 'root',
group: 'root',
purge: false,
recurse: false,
notify: 'Class[Apt::Update]' }
apt_conf_d = { ensure: 'directory',
path: '/etc/apt/apt.conf.d',
owner: 'root',
group: 'root',
purge: false,
recurse: false,
notify: 'Class[Apt::Update]' }
describe 'apt' do
let(:facts) do
{
os: {
family: 'Debian',
name: 'Debian',
release: {
major: '8',
full: '8.0',
},
distro: {
codename: 'jessie',
id: 'Debian',
},
},
}
end
context 'with defaults' do
it {
is_expected.to contain_file('sources.list').that_notifies('Class[Apt::Update]').only_with(sources_list)
}
it {
is_expected.to contain_file('sources.list.d').that_notifies('Class[Apt::Update]').only_with(sources_list_d)
}
it {
is_expected.to contain_file('preferences').that_notifies('Class[Apt::Update]').only_with(preferences)
}
it {
is_expected.to contain_file('preferences.d').that_notifies('Class[Apt::Update]').only_with(preferences_d)
}
it {
is_expected.to contain_file('apt.conf.d').that_notifies('Class[Apt::Update]').only_with(apt_conf_d)
}
it { is_expected.to contain_file('/etc/apt/auth.conf').with_ensure('absent') }
it 'lays down /etc/apt/apt.conf.d/15update-stamp' do
is_expected.to contain_file('/etc/apt/apt.conf.d/15update-stamp').with(group: 'root',
owner: 'root').with_content(
%r{APT::Update::Post-Invoke-Success {"touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";};},
)
end
it {
is_expected.to contain_exec('apt_update').with(refreshonly: 'true')
}
it { is_expected.not_to contain_apt__setting('conf-proxy') }
end
describe 'proxy=' do
context 'when host=localhost' do
let(:params) { { proxy: { 'host' => 'localhost' } } }
it {
is_expected.to contain_apt__setting('conf-proxy').with(priority: '01').with_content(
%r{Acquire::http::proxy "http://localhost:8080/";},
).without_content(
- %r{Acquire::https::proxy},
+ %r{Acquire::https::proxy },
+ )
+ }
+ end
+
+ context 'when host=localhost and per-host[proxyscope]=proxyhost' do
+ let(:params) { { proxy: { 'host' => 'localhost', 'perhost' => [{ 'scope' => 'proxyscope', 'host' => 'proxyhost' }] } } }
+
+ it {
+ is_expected.to contain_apt__setting('conf-proxy').with(priority: '01').with_content(
+ %r{Acquire::http::proxy::proxyscope "http://proxyhost:8080/";},
+ )
+ }
+ end
+
+ context 'when host=localhost and per-host[proxyscope]=proxyhost:8081' do
+ let(:params) { { proxy: { 'host' => 'localhost', 'perhost' => [{ 'scope' => 'proxyscope', 'host' => 'proxyhost', 'port' => 8081 }] } } }
+
+ it {
+ is_expected.to contain_apt__setting('conf-proxy').with(priority: '01').with_content(
+ %r{Acquire::http::proxy::proxyscope "http://proxyhost:8081/";},
+ )
+ }
+ end
+
+ context 'when host=localhost and per-host[proxyscope]=[https]proxyhost' do
+ let(:params) { { proxy: { 'host' => 'localhost', 'perhost' => [{ 'scope' => 'proxyscope', 'host' => 'proxyhost', 'https' => true }] } } }
+
+ it {
+ is_expected.to contain_apt__setting('conf-proxy').with(priority: '01').with_content(
+ %r{Acquire::https::proxy::proxyscope "https://proxyhost:8080/";},
+ )
+ }
+ end
+
+ context 'when host=localhost and per-host[proxyscope]=[direct]' do
+ let(:params) { { proxy: { 'host' => 'localhost', 'perhost' => [{ 'scope' => 'proxyscope', 'direct' => true }] } } }
+
+ it {
+ is_expected.to contain_apt__setting('conf-proxy').with(priority: '01').with_content(
+ %r{Acquire::http::proxy::proxyscope "DIRECT";},
+ )
+ }
+ end
+
+ context 'when host=localhost and per-host[proxyscope]=[https][direct]' do
+ let(:params) { { proxy: { 'host' => 'localhost', 'perhost' => [{ 'scope' => 'proxyscope', 'https' => true, 'direct' => true }] } } }
+
+ it {
+ is_expected.to contain_apt__setting('conf-proxy').with(priority: '01').with_content(
+ %r{Acquire::https::proxy::proxyscope "DIRECT";},
+ )
+ }
+ end
+
+ context 'when host=localhost and per-host[proxyscope]=proxyhost and per-host[proxyscope2]=proxyhost2' do
+ let(:params) { { proxy: { 'host' => 'localhost', 'perhost' => [{ 'scope' => 'proxyscope', 'host' => 'proxyhost' }, { 'scope' => 'proxyscope2', 'host' => 'proxyhost2' }] } } }
+
+ it {
+ is_expected.to contain_apt__setting('conf-proxy').with(priority: '01').with_content(
+ %r{Acquire::http::proxy::proxyscope "http://proxyhost:8080/";},
+ ).with_content(
+ %r{Acquire::http::proxy::proxyscope2 "http://proxyhost2:8080/";},
)
}
end
context 'when host=localhost and port=8180' do
let(:params) { { proxy: { 'host' => 'localhost', 'port' => 8180 } } }
it {
is_expected.to contain_apt__setting('conf-proxy').with(priority: '01').with_content(
%r{Acquire::http::proxy "http://localhost:8180/";},
).without_content(
- %r{Acquire::https::proxy},
+ %r{Acquire::https::proxy },
)
}
end
context 'when host=localhost and https=true' do
let(:params) { { proxy: { 'host' => 'localhost', 'https' => true } } }
it {
is_expected.to contain_apt__setting('conf-proxy').with(priority: '01').with_content(
%r{Acquire::http::proxy "http://localhost:8080/";},
).with_content(
%r{Acquire::https::proxy "https://localhost:8080/";},
)
}
end
context 'when host=localhost and direct=true' do
let(:params) { { proxy: { 'host' => 'localhost', 'direct' => true } } }
it {
is_expected.to contain_apt__setting('conf-proxy').with(priority: '01').with_content(
%r{Acquire::http::proxy "http://localhost:8080/";},
).with_content(
%r{Acquire::https::proxy "DIRECT";},
)
}
end
context 'when host=localhost and https=true and direct=true' do
let(:params) { { proxy: { 'host' => 'localhost', 'https' => true, 'direct' => true } } }
it {
is_expected.to contain_apt__setting('conf-proxy').with(priority: '01').with_content(
%r{Acquire::http::proxy "http://localhost:8080/";},
).with_content(
%r{Acquire::https::proxy "https://localhost:8080/";},
)
}
it {
is_expected.to contain_apt__setting('conf-proxy').with(priority: '01').with_content(
%r{Acquire::http::proxy "http://localhost:8080/";},
).without_content(
%r{Acquire::https::proxy "DIRECT";},
)
}
end
context 'when ensure=absent' do
let(:params) { { proxy: { 'ensure' => 'absent' } } }
it {
is_expected.to contain_apt__setting('conf-proxy').with(ensure: 'absent',
priority: '01')
}
end
end
context 'with lots of non-defaults' do
let :params do
{
update: { 'frequency' => 'always', 'timeout' => 1, 'tries' => 3 },
purge: { 'sources.list' => false, 'sources.list.d' => false,
'preferences' => false, 'preferences.d' => false,
'apt.conf.d' => false },
}
end
it {
is_expected.to contain_file('sources.list').with(content: nil)
}
it {
is_expected.to contain_file('sources.list.d').with(purge: false,
recurse: false)
}
it {
is_expected.to contain_file('preferences').with(ensure: 'file')
}
it {
is_expected.to contain_file('preferences.d').with(purge: false,
recurse: false)
}
it {
is_expected.to contain_file('apt.conf.d').with(purge: false,
recurse: false)
}
it {
is_expected.to contain_exec('apt_update').with(refreshonly: false,
timeout: 1,
tries: 3)
}
end
context 'with lots of non-defaults' do
let :params do
{
update: { 'frequency' => 'always', 'timeout' => 1, 'tries' => 3 },
purge: { 'sources.list' => true, 'sources.list.d' => true,
'preferences' => true, 'preferences.d' => true,
'apt.conf.d' => true },
}
end
it {
is_expected.to contain_file('sources.list').with(content: "# Repos managed by puppet.\n")
}
it {
is_expected.to contain_file('sources.list.d').with(purge: true,
recurse: true)
}
it {
is_expected.to contain_file('preferences').with(ensure: 'absent')
}
it {
is_expected.to contain_file('preferences.d').with(purge: true,
recurse: true)
}
it {
is_expected.to contain_file('apt.conf.d').with(purge: true,
recurse: true)
}
it {
is_expected.to contain_exec('apt_update').with(refreshonly: false,
timeout: 1,
tries: 3)
}
end
context 'with defaults for sources_list_force' do
let :params do
{
update: { 'frequency' => 'always', 'timeout' => 1, 'tries' => 3 },
purge: { 'sources.list' => true },
sources_list_force: false,
}
end
it {
is_expected.to contain_file('sources.list').with(content: "# Repos managed by puppet.\n")
}
end
context 'with non defaults for sources_list_force' do
let :params do
{
update: { 'frequency' => 'always', 'timeout' => 1, 'tries' => 3 },
purge: { 'sources.list' => true },
sources_list_force: true,
}
end
it {
is_expected.to contain_file('sources.list').with(ensure: 'absent')
}
end
context 'with entries for /etc/apt/auth.conf' do
facts_hash = {
'Ubuntu 14.04' => {
os: {
family: 'Debian',
name: 'Ubuntu',
release: {
major: '14',
full: '14.04',
},
distro: {
codename: 'trusty',
id: 'Ubuntu',
},
},
},
'Ubuntu 16.04' => {
os: {
family: 'Debian',
name: 'Ubuntu',
release: {
major: '16',
full: '16.04',
},
distro: {
codename: 'xenial',
id: 'Ubuntu',
},
},
},
'Ubuntu 18.04' => {
os: {
family: 'Debian',
name: 'Ubuntu',
release: {
major: '18',
full: '18.04',
},
distro: {
codename: 'bionic',
id: 'Ubuntu',
},
},
},
'Debian 7.0' => {
os: {
family: 'Debian',
name: 'Debian',
release: {
major: '7',
full: '7.0',
},
distro: {
codename: 'wheezy',
id: 'Debian',
},
},
},
'Debian 8.0' => {
os: {
family: 'Debian',
name: 'Debian',
release: {
major: '8',
full: '8.0',
},
distro: {
codename: 'jessie',
id: 'Debian',
},
},
},
'Debian 9.0' => {
os: {
family: 'Debian',
name: 'Debian',
release: {
major: '9',
full: '9.0',
},
distro: {
codename: 'stretch',
id: 'Debian',
},
},
},
'Debian 10.0' => {
os: {
family: 'Debian',
name: 'Debian',
release: {
major: '10',
full: '10.0',
},
distro: {
codename: 'buster',
id: 'Debian',
},
},
},
}
facts_hash.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts
end
let(:params) do
{
auth_conf_entries: [
{
machine: 'deb.example.net',
login: 'foologin',
password: 'secret',
},
{
machine: 'apt.example.com',
login: 'aptlogin',
password: 'supersecret',
},
],
}
end
context 'with manage_auth_conf => true' do
let(:params) do
super().merge(manage_auth_conf: true)
end
# Going forward starting with Ubuntu 16.04 and Debian 9.0
# /etc/apt/auth.conf is owned by _apt. In previous versions it is
# root.
auth_conf_owner = case os
when 'Ubuntu 14.04', 'Debian 7.0', 'Debian 8.0'
'root'
else
'_apt'
end
auth_conf_content = "// This file is managed by Puppet. DO NOT EDIT.
machine deb.example.net login foologin password secret
machine apt.example.com login aptlogin password supersecret
"
it {
is_expected.to contain_file('/etc/apt/auth.conf').with(ensure: 'present',
owner: auth_conf_owner,
group: 'root',
mode: '0600',
notify: 'Class[Apt::Update]',
content: sensitive(auth_conf_content))
}
end
context 'with manage_auth_conf => false' do
let(:params) do
super().merge(manage_auth_conf: false)
end
it {
is_expected.not_to contain_file('/etc/apt/auth.conf')
}
end
end
context 'with improperly specified entries for /etc/apt/auth.conf' do
let(:params) do
{
auth_conf_entries: [
{
machinn: 'deb.example.net',
username: 'foologin',
password: 'secret',
},
{
machine: 'apt.example.com',
login: 'aptlogin',
password: 'supersecret',
},
],
}
end
it { is_expected.to raise_error(Puppet::Error) }
end
end
end
context 'with sources defined on valid os.family' do
let :facts do
{
os: {
family: 'Debian',
name: 'Ubuntu',
release: {
major: '16',
full: '16.04',
},
distro: {
codename: 'xenial',
id: 'Ubuntu',
},
},
}
end
let(:params) do
{ sources: {
'debian_unstable' => {
'location' => 'http://debian.mirror.iweb.ca/debian/',
'release' => 'unstable',
'repos' => 'main contrib non-free',
'key' => { 'id' => '150C8614919D8446E01E83AF9AA38DCD55BE302B', 'server' => 'subkeys.pgp.net' },
'pin' => '-10',
'include' => { 'src' => true },
},
'puppetlabs' => {
'location' => 'http://apt.puppetlabs.com',
'repos' => 'main',
'key' => { 'id' => '6F6B15509CF8E59E6E469F327F438280EF8D349F', 'server' => 'pgp.mit.edu' },
},
} }
end
it {
is_expected.to contain_apt__setting('list-debian_unstable').with(ensure: 'present')
}
it { is_expected.to contain_file('/etc/apt/sources.list.d/debian_unstable.list').with_content(%r{^deb http://debian.mirror.iweb.ca/debian/ unstable main contrib non-free$}) }
it { is_expected.to contain_file('/etc/apt/sources.list.d/debian_unstable.list').with_content(%r{^deb-src http://debian.mirror.iweb.ca/debian/ unstable main contrib non-free$}) }
it {
is_expected.to contain_apt__setting('list-puppetlabs').with(ensure: 'present')
}
it { is_expected.to contain_file('/etc/apt/sources.list.d/puppetlabs.list').with_content(%r{^deb http://apt.puppetlabs.com xenial main$}) }
end
context 'with confs defined on valid os.family' do
let :facts do
{
os: {
family: 'Debian',
name: 'Ubuntu',
release: {
major: '16',
full: '16.04',
},
distro: {
codename: 'xenial',
id: 'Ubuntu',
},
},
}
end
let(:params) do
{ confs: {
'foo' => {
'content' => 'foo',
},
'bar' => {
'content' => 'bar',
},
} }
end
it {
is_expected.to contain_apt__conf('foo').with(content: 'foo')
}
it {
is_expected.to contain_apt__conf('bar').with(content: 'bar')
}
end
context 'with keys defined on valid os.family' do
let :facts do
{
os: {
family: 'Debian',
name: 'Ubuntu',
release: {
major: '16',
full: '16.04',
},
distro: {
codename: 'xenial',
id: 'Ubuntu',
},
},
}
end
let(:params) do
{ keys: {
'55BE302B' => {
'server' => 'subkeys.pgp.net',
},
'EF8D349F' => {
'server' => 'pgp.mit.edu',
},
} }
end
it {
is_expected.to contain_apt__key('55BE302B').with(server: 'subkeys.pgp.net')
}
it {
is_expected.to contain_apt__key('EF8D349F').with(server: 'pgp.mit.edu')
}
end
context 'with ppas defined on valid os.family' do
let :facts do
{
os: {
family: 'Debian',
name: 'Ubuntu',
release: {
major: '16',
full: '16.04',
},
distro: {
codename: 'xenial',
id: 'Ubuntu',
},
},
}
end
let(:params) do
{ ppas: {
'ppa:drizzle-developers/ppa' => {},
'ppa:nginx/stable' => {},
} }
end
it { is_expected.to contain_apt__ppa('ppa:drizzle-developers/ppa') }
it { is_expected.to contain_apt__ppa('ppa:nginx/stable') }
end
context 'with settings defined on valid os.family' do
let :facts do
{
os: {
family: 'Debian',
name: 'Ubuntu',
release: {
major: '16',
full: '16.04',
},
distro: {
codename: 'xenial',
id: 'Ubuntu',
},
},
}
end
let(:params) do
{ settings: {
'conf-banana' => { 'content' => 'banana' },
'pref-banana' => { 'content' => 'banana' },
} }
end
it { is_expected.to contain_apt__setting('conf-banana') }
it { is_expected.to contain_apt__setting('pref-banana') }
end
context 'with pins defined on valid os.family' do
let :facts do
{
os: {
family: 'Debian',
name: 'Ubuntu',
release: {
major: '16',
full: '16.04',
},
distro: {
codename: 'xenial',
id: 'Ubuntu',
},
},
}
end
let(:params) do
{ pins: {
'stable' => { 'priority' => 600, 'order' => 50 },
'testing' => { 'priority' => 700, 'order' => 100 },
} }
end
it { is_expected.to contain_apt__pin('stable') }
it { is_expected.to contain_apt__pin('testing') }
end
describe 'failing tests' do
context "with purge['sources.list']=>'banana'" do
let(:params) { { purge: { 'sources.list' => 'banana' } } }
it do
is_expected.to raise_error(Puppet::Error)
end
end
context "with purge['sources.list.d']=>'banana'" do
let(:params) { { purge: { 'sources.list.d' => 'banana' } } }
it do
is_expected.to raise_error(Puppet::Error)
end
end
context "with purge['preferences']=>'banana'" do
let(:params) { { purge: { 'preferences' => 'banana' } } }
it do
is_expected.to raise_error(Puppet::Error)
end
end
context "with purge['preferences.d']=>'banana'" do
let(:params) { { purge: { 'preferences.d' => 'banana' } } }
it do
is_expected.to raise_error(Puppet::Error)
end
end
context "with purge['apt.conf.d']=>'banana'" do
let(:params) { { purge: { 'apt.conf.d' => 'banana' } } }
it do
is_expected.to raise_error(Puppet::Error)
end
end
end
end
diff --git a/templates/proxy.epp b/templates/proxy.epp
index ee663cb..34e1930 100644
--- a/templates/proxy.epp
+++ b/templates/proxy.epp
@@ -1,7 +1,10 @@
<%- | Hash $proxies | -%>
+<% $proxies['perhost'].each |$proxy| { -%>
+Acquire::<%= $proxy['scheme'] %>::proxy::<%= $proxy['scope'] %> "<%= $proxy['target'] %>";
+<% } -%>
Acquire::http::proxy "http://<%= $proxies['host'] %>:<%= $proxies['port'] %>/";
<%- if $proxies['https'] { %>
Acquire::https::proxy "https://<%= $proxies['host'] %>:<%= $proxies['port'] %>/";
<%- } elsif $proxies['direct'] { -%>
Acquire::https::proxy "DIRECT";
<%- } -%>
diff --git a/types/proxy.pp b/types/proxy.pp
index 20cbfec..ac00222 100644
--- a/types/proxy.pp
+++ b/types/proxy.pp
@@ -1,27 +1,28 @@
# @summary Configures Apt to connect to a proxy server.
#
# @param ensure
# Specifies whether the proxy should exist. Valid options: 'file', 'present', and 'absent'. Prefer 'file' over 'present'.
#
# @param host
# Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname.
#
# @param port
# Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number.
#
# @param https
# Specifies whether to enable https proxies.
#
# @param direct
# Specifies whether or not to use a `DIRECT` https proxy if http proxy is used but https is not.
#
type Apt::Proxy = Struct[
{
ensure => Optional[Enum['file', 'present', 'absent']],
host => Optional[String],
port => Optional[Integer[0, 65535]],
https => Optional[Boolean],
https_acng => Optional[Boolean],
direct => Optional[Boolean],
+ perhost => Optional[Array[Apt::Proxy_Per_Host]],
}
]
diff --git a/types/proxy_per_host.pp b/types/proxy_per_host.pp
new file mode 100644
index 0000000..5a3b6e6
--- /dev/null
+++ b/types/proxy_per_host.pp
@@ -0,0 +1,26 @@
+# @summary Adds per-host overrides to the system default APT proxy configuration
+#
+# @param scope
+# Specifies the scope of the override. Valid options: a string containing a hostname.
+#
+# @param host
+# Specifies a proxy host to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: a string containing a hostname.
+#
+# @param port
+# Specifies a proxy port to be stored in `/etc/apt/apt.conf.d/01proxy`. Valid options: an integer containing a port number.
+#
+# @param https
+# Specifies whether to enable https for this override.
+#
+# @param direct
+# Specifies whether or not to use a `DIRECT` target to bypass the system default proxy.
+#
+type Apt::Proxy_Per_Host = Struct[
+ {
+ scope => String,
+ host => Optional[String],
+ port => Optional[Integer[1, 65535]],
+ https => Optional[Boolean],
+ direct => Optional[Boolean],
+ }
+]