issues/1196

In response to @smortex comment:
#1199 (review)

* Trickled up the checksum-related parameters for `apt::source`
* Modified test for source, all green.

manifests/source.pp

@@ -14,13 +14,27 @@
 #   extension. Absence of extension will result in file formation with just name and no extension.
 #   apt::source { 'puppetlabs':
 #     location => 'http://apt.puppetlabs.com',
-#     comment  => 'Puppet8',
+#     repos    => 'puppet8'
+#     comment  => 'Puppet 8 release',
 #     key      => {
-#       'name'   => 'puppetlabs.gpg',
+#       'name'   => 'puppetlabs-keyring.gpg',
 #       'source' => 'https://apt.puppetlabs.com/keyring.gpg',
 #     },
 #   }
 #
+# @example Deploy the apt source and associated keyring file with checksum
+#   apt::source { 'puppetlabs':
+#     location => 'http://apt.puppetlabs.com',
+#     repos    => 'puppet8',
+#     comment  => 'Puppet 8 release',
+#     key      => {
+#       name           => 'puppetlabs-keyring.gpg',
+#       source         => 'https://apt.puppetlabs.com/keyring.gpg'
+#       checksum       => 'sha256',
+#       checksum_value => '9d7a61ab06b18454e9373edec4fc7c87f9a91bacfc891893ba0da37a33069771',
+#     }
+#   }
+#
 # @param location
 #   Required, unless ensure is set to 'absent'. Specifies an Apt repository. Valid options: a string containing a repository URL.
 #
@@ -47,7 +61,7 @@
 #
 # @param key
 #   Creates an `apt::keyring` in `/etc/apt/keyrings` (or anywhere on disk given `filename`) Valid options:
-#     * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename`
+#     * a hash of `parameter => value` pairs to be passed to `file`: `name` (title), `content`, `source`, `filename`, `checksum`, `checksum_value`.
 #
 #   The following inputs are valid for the (deprecated) `apt::key` defined type. Valid options:
 #     * a string to be passed to the `id` parameter of the `apt::key` defined type
@@ -177,13 +191,15 @@
     # Modern apt keyrings
     elsif $_key =~ Hash and $_key['name'] {
       apt::keyring { $_key['name']:
-        ensure   => $_key_ensure,
-        content  => $_key['content'],
-        source   => $_key['source'],
-        dir      => $_key['dir'],
-        filename => $_key['filename'],
-        mode     => $_key['mode'],
-        before   => $_before,
+        ensure          => $_key_ensure,
+        content         => $_key['content'],
+        source          => $_key['source'],
+        dir             => $_key['dir'],
+        filename        => $_key['filename'],
+        mode            => $_key['mode'],
+        checksum        => $_key['checksum'],
+        checksum_value  => $_key['checksum_value'],
+        before          => $_before,
       }
 
       $_list_keyring = if $_key['dir'] and $_key['filename'] {

spec/defines/source_spec.rb

@@ -103,21 +103,20 @@
           release: 'sid',
           repos: 'testing',
           key: {
-            'ensure' => 'refreshed',
-            'id' => id,
-            'server' => 'pgp.mit.edu',
-            'content' => 'GPG key content',
-            'source' => 'http://apt.puppetlabs.com/pubkey.gpg',
-            'weak_ssl' => true
+            'name' => 'puppetlabs-keyring.gpg',
+            'ensure' => 'present',
+            'source' => 'https://apt.puppetlabs.com/pubkey.gpg',
+            'checksum' => 'sha256',
+            'checksum_value' => '050e8c0c43d4b43449ea89ffbea8a1c912a1bb3d008a70ad9623912024933e01',
           },
           pin: '10',
           architecture: 'x86_64',
-          allow_unsigned: true
+          allow_insecure: true
         }
       end
 
       it {
-        expect(subject).to contain_apt__setting('list-my_source').with(ensure: 'present').with_content(%r{# foo\ndeb \[arch=x86_64 trusted=yes\] http://debian.mirror.iweb.ca/debian/ sid testing\n})
+        expect(subject).to contain_apt__setting('list-my_source').with(ensure: 'present').with_content(%r{# foo\ndeb \[arch=x86_64 allow-insecure=yes signed-by=/etc/apt/keyrings/puppetlabs-keyring.gpg\] http://debian.mirror.iweb.ca/debian/ sid testing\n})
                                                                  .without_content(%r{deb-src})
       }
 
@@ -128,12 +127,11 @@
       }
 
       it {
-        expect(subject).to contain_apt__key("Add key: #{id} from Apt::Source my_source").that_comes_before('Apt::Setting[list-my_source]').with(ensure: 'refreshed',
-                                                                                                                                                id: id,
-                                                                                                                                                server: 'pgp.mit.edu',
-                                                                                                                                                content: 'GPG key content',
-                                                                                                                                                source: 'http://apt.puppetlabs.com/pubkey.gpg',
-                                                                                                                                                weak_ssl: true)
+        expect(subject).to contain_apt__keyring("puppetlabs-keyring.gpg").that_comes_before('Apt::Setting[list-my_source]').with(ensure: 'present',
+                                                                                                                                                name: 'puppetlabs-keyring.gpg',
+                                                                                                                                                source: 'https://apt.puppetlabs.com/pubkey.gpg',
+                                                                                                                                                checksum: 'sha256',
+                                                                                                                                                checksum_value: '050e8c0c43d4b43449ea89ffbea8a1c912a1bb3d008a70ad9623912024933e01')
       }
     end
   end