From cc1b82d7ddcf8b5904d01a57e1db308f34552688 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Couralet?= <cedric.couralet@insee.fr>
Date: Thu, 18 Feb 2021 08:38:04 +0100
Subject: [PATCH] Add parameters to `apt::source` to avoid requiring an
 internet connexion
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Cédric Couralet <cedric.couralet@insee.fr>
---
 REFERENCE.md      | 27 +++++++++++++++++++++++++++
 manifests/init.pp | 44 +++++++++++++++++++++++++++-----------------
 manifests/repo.pp | 17 ++++++++++++-----
 3 files changed, 66 insertions(+), 22 deletions(-)

diff --git a/REFERENCE.md b/REFERENCE.md
index 862d69e..ddeef4e 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -167,6 +167,33 @@ Data type: `Optional[Stdlib::Fqdn]`
 
 The keyserver which should be used to get the repository key.
 
+Default value: `undef`
+
+##### `repo_keycontent`
+
+Data type: `Optional[String]`
+
+The key content to use, useful when internet connexion is not available.
+
+Default value: `undef`
+
+##### `repo_keysource`
+
+Data type: `Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]`
+
+The key source to use, useful when internet connexion is not available and you want to use 
+an internal source.
+
+Default value: `undef`
+
+##### `repo_keyweak_ssl`
+
+Data type: `Boolean`
+
+Specifies whether strict SSL verification on a https URL should be disabled when fetching the key. 
+Valid options: true or false.
+
+
 Default value: `undef`
 
 ##### `config_path`
diff --git a/manifests/init.pp b/manifests/init.pp
index b6d1bd3..3d65137 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -43,27 +43,37 @@
 #   The base repository url.
 # @param repo_keyserver
 #   The keyserver which should be used to get the repository key.
+# @param repo_keycontent
+#   Supplies the entire GPG key. Useful in case the key can't be fetched from a remote location and using a file resource is inconvenient.
+# @param repo_keysource
+#   Specifies the location of an existing GPG key file to copy. Valid options: a string containing a URL (ftp://, http://, or https://) or 
+#   an absolute path.
+# @param repo_keyweak_ssl
+#    Specifies whether strict SSL verification on a https URL should be disabled. Valid options: true or false.
 # @param config_path
 #   The path to the config file of Gitlab runner.
 #
 class gitlab_ci_runner (
-  String                     $xz_package_name, # Defaults in module hieradata
-  Hash                       $runners                  = {},
-  Hash                       $runner_defaults          = {},
-  Optional[Integer]          $concurrent               = undef,
-  Optional[Integer]          $check_interval           = undef,
-  Optional[String]           $builds_dir               = undef,
-  Optional[String]           $cache_dir                = undef,
-  Optional[Pattern[/.*:.+/]] $metrics_server           = undef,
-  Optional[Pattern[/.*:.+/]] $listen_address           = undef,
-  Optional[String]           $sentry_dsn               = undef,
-  Boolean                    $manage_docker            = false,
-  Boolean                    $manage_repo              = true,
-  String                     $package_ensure           = installed,
-  String                     $package_name             = 'gitlab-runner',
-  Stdlib::HTTPUrl            $repo_base_url            = 'https://packages.gitlab.com',
-  Optional[Stdlib::Fqdn]     $repo_keyserver           = undef,
-  String                     $config_path              = '/etc/gitlab-runner/config.toml',
+  String                                                      $xz_package_name, # Defaults in module hieradata
+  Hash                                                        $runners                  = {},
+  Hash                                                        $runner_defaults          = {},
+  Optional[Integer]                                           $concurrent               = undef,
+  Optional[Integer]                                           $check_interval           = undef,
+  Optional[String]                                            $builds_dir               = undef,
+  Optional[String]                                            $cache_dir                = undef,
+  Optional[Pattern[/.*:.+/]]                                  $metrics_server           = undef,
+  Optional[Pattern[/.*:.+/]]                                  $listen_address           = undef,
+  Optional[String]                                            $sentry_dsn               = undef,
+  Boolean                                                     $manage_docker            = false,
+  Boolean                                                     $manage_repo              = true,
+  String                                                      $package_ensure           = installed,
+  String                                                      $package_name             = 'gitlab-runner',
+  Stdlib::HTTPUrl                                             $repo_base_url            = 'https://packages.gitlab.com',
+  Optional[Stdlib::Fqdn]                                      $repo_keyserver           = undef,
+  Optional[String]                                            $repo_keycontent          = undef,
+  Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $repo_keysource           = undef,
+  Boolean                                                     $repo_keyweak_ssl         = false,
+  String                                                      $config_path              = '/etc/gitlab-runner/config.toml',
 ) {
   if $manage_docker {
     # workaround for cirunner issue #1617
diff --git a/manifests/repo.pp b/manifests/repo.pp
index 6ac58bd..58d4611 100644
--- a/manifests/repo.pp
+++ b/manifests/repo.pp
@@ -3,9 +3,13 @@
 # @api private
 #
 class gitlab_ci_runner::repo (
-  $repo_base_url  = $gitlab_ci_runner::repo_base_url,
-  $repo_keyserver = $gitlab_ci_runner::repo_keyserver,
-  $package_name   = $gitlab_ci_runner::package_name,
+  $repo_base_url        = $gitlab_ci_runner::repo_base_url,
+  $repo_keyserver       = $gitlab_ci_runner::repo_keyserver,
+  $repo_keyid           = $gitlab_ci_runner::repo_keyid,
+  $repo_keycontent      = $gitlab_ci_runner::repo_keycontent,
+  $repo_keysource       = $gitlab_ci_runner::repo_keysource,
+  $repo_keyweak_ssl     = $gitlab_ci_runner::repo_keyweak_ssl,
+  $package_name         = $gitlab_ci_runner::package_name,
 ) {
   assert_private()
   case $facts['os']['family'] {
@@ -15,8 +19,11 @@
         location => "${repo_base_url}/runner/${package_name}/${facts['os']['distro']['id'].downcase}/",
         repos    => 'main',
         key      => {
-          'id'     => 'F6403F6544A38863DAA0B6E03F01618A51312F3F',
-          'server' => $repo_keyserver,
+          'id'       => 'F6403F6544A38863DAA0B6E03F01618A51312F3F',
+          'server'   => $repo_keyserver,
+          'content'  => $repo_keycontent,
+          'source'   => $repo_keysource,
+          'weak_ssl' => $repo_keyweak_ssl,
         },
         include  => {
           'src' => false,