Refresh expired gpg key when using keyring (#1253)

Author: deric

REFERENCE.md

@@ -772,7 +772,7 @@ Default value: `undef`
 
 ##### <a name="-apt--keyring--ensure"></a>`ensure`
 
-Data type: `Enum['present','absent']`
+Data type: `Enum['present','refreshed','absent']`
 
 Ensure presence or absence of the resource.
 

manifests/keyring.pp

@@ -38,7 +38,7 @@
   Stdlib::Filemode $mode = '0644',
   Optional[Stdlib::Filesource] $source = undef,
   Optional[String[1]] $content = undef,
-  Enum['present','absent'] $ensure = 'present',
+  Enum['present','refreshed','absent'] $ensure = 'present',
 ) {
   ensure_resource('file', $dir, { ensure => 'directory', mode => '0755', })
   if $source and $content {
@@ -50,7 +50,7 @@
   $file = "${dir}/${filename}"
 
   case $ensure {
-    'present': {
+    /^(refreshed|present)$/: {
       file { $file:
         ensure  => 'file',
         mode    => $mode,
@@ -59,6 +59,15 @@
         source  => $source,
         content => $content,
       }
+
+      if $ensure == 'refreshed' {
+        exec {"check_keyring_${name}":
+          command => "rm ${file}",
+          onlyif  => "test -f ${file} && gpg --show-keys --list-options show-sig-expire ${file} | grep expired",
+          path    => $facts['path'],
+          notify  => File[$file],
+        }
+      }
     }
     'absent': {
       file { $file:

spec/defines/keyring_spec.rb

@@ -17,4 +17,21 @@
       it { is_expected.to compile }
     end
   end
+
+  describe 'ensure => refreshed' do
+    let :params do
+      {
+        ensure: 'refreshed',
+        name: 'puppetlabs.gpg',
+        source: 'http://apt.puppetlabs.com/pubkey.gpg',
+      }
+    end
+
+    it {
+      is_expected.to contain_exec('check_keyring_puppetlabs.gpg').with(
+      command: 'rm /etc/apt/keyrings/puppetlabs.gpg',
+      onlyif: 'test -f /etc/apt/keyrings/puppetlabs.gpg && gpg --show-keys --list-options show-sig-expire /etc/apt/keyrings/puppetlabs.gpg | grep expired',
+    )
+    }
+  end
 end