From 4372e3c12fb02fe7ed6d13dd3cb67c7e36d2af81 Mon Sep 17 00:00:00 2001
From: Nicolas Schweitzer <nicolas.schweitzer@datadoghq.com>
Date: Fri, 2 Jun 2023 17:29:12 +0200
Subject: [PATCH 1/2] Update signing keys

---
 manifests/redhat.pp                       |  2 +-
 manifests/suse.pp                         |  2 +-
 manifests/ubuntu.pp                       |  2 +-
 spec/classes/datadog_agent_redhat_spec.rb | 14 +++++++-------
 spec/classes/datadog_agent_suse_spec.rb   |  4 ++--
 spec/classes/datadog_agent_ubuntu_spec.rb |  4 ++--
 6 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/manifests/redhat.pp b/manifests/redhat.pp
index 237e6aa0..ad365af2 100644
--- a/manifests/redhat.pp
+++ b/manifests/redhat.pp
@@ -17,7 +17,7 @@
     $keys = [
         'https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public',
         'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public',
-        'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public',
+        'https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public',
     ]
 
     if ($rpm_repo_gpgcheck != undef) {
diff --git a/manifests/suse.pp b/manifests/suse.pp
index fb67f00d..e24b5b3c 100644
--- a/manifests/suse.pp
+++ b/manifests/suse.pp
@@ -16,7 +16,7 @@
   $all_keys = [
     $current_key,
     'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public',
-    'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public',
+    'https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public',
   ]
 
   if ($rpm_repo_gpgcheck != undef) {
diff --git a/manifests/ubuntu.pp b/manifests/ubuntu.pp
index 0b5e30fe..f57f115a 100644
--- a/manifests/ubuntu.pp
+++ b/manifests/ubuntu.pp
@@ -14,7 +14,7 @@
   Optional[String] $apt_usr_share_keyring = '/usr/share/keyrings/datadog-archive-keyring.gpg',
   Optional[Hash[String, String]] $apt_default_keys = {
     'DATADOG_APT_KEY_CURRENT.public'           => 'https://keys.datadoghq.com/DATADOG_APT_KEY_CURRENT.public',
-    'D75CEA17048B9ACBF186794B32637D44F14F620E' => 'https://keys.datadoghq.com/DATADOG_APT_KEY_F14F620E.public',
+    '5F1E256061D813B125E156E8E6266D4AC0962C7D' => 'https://keys.datadoghq.com/DATADOG_APT_KEY_C0962C7D.public',
     'A2923DFF56EDA6E76E55E492D3A80E30382E94DE' => 'https://keys.datadoghq.com/DATADOG_APT_KEY_382E94DE.public',
   },
 ) inherits datadog_agent::params {
diff --git a/spec/classes/datadog_agent_redhat_spec.rb b/spec/classes/datadog_agent_redhat_spec.rb
index 27db5c34..129a1227 100644
--- a/spec/classes/datadog_agent_redhat_spec.rb
+++ b/spec/classes/datadog_agent_redhat_spec.rb
@@ -29,7 +29,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/rpm/x86_64/')\
           .with_repo_gpgcheck(false)
       end
@@ -77,7 +77,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/6/x86_64/')\
           .with_repo_gpgcheck(true)
       end
@@ -126,7 +126,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\
           .with_repo_gpgcheck(true)
       end
@@ -178,7 +178,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\
           .with_repo_gpgcheck(false)
       end
@@ -211,7 +211,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\
           .with_repo_gpgcheck(true)
       end
@@ -242,7 +242,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\
           .with_repo_gpgcheck(true)
       end
@@ -273,7 +273,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\
           .with_repo_gpgcheck(true)
       end
diff --git a/spec/classes/datadog_agent_suse_spec.rb b/spec/classes/datadog_agent_suse_spec.rb
index 4220bedb..afbb97fb 100644
--- a/spec/classes/datadog_agent_suse_spec.rb
+++ b/spec/classes/datadog_agent_suse_spec.rb
@@ -32,7 +32,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/suse/stable/6/x86_64')
         # .with_repo_gpgcheck(true)
       end
@@ -51,7 +51,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/suse/stable/7/x86_64')
         # .with_repo_gpgcheck(true)
       end
diff --git a/spec/classes/datadog_agent_ubuntu_spec.rb b/spec/classes/datadog_agent_ubuntu_spec.rb
index c3a498c6..cbf80c4d 100644
--- a/spec/classes/datadog_agent_ubuntu_spec.rb
+++ b/spec/classes/datadog_agent_ubuntu_spec.rb
@@ -5,7 +5,7 @@
     is_expected.to contain_file('/usr/share/keyrings/datadog-archive-keyring.gpg')
     is_expected.to contain_file('/etc/apt/trusted.gpg.d/datadog-archive-keyring.gpg')
     is_expected.to contain_exec('ensure key DATADOG_APT_KEY_CURRENT.public is imported in APT keyring')
-    is_expected.to contain_exec('ensure key D75CEA17048B9ACBF186794B32637D44F14F620E is imported in APT keyring')
+    is_expected.to contain_exec('ensure key 5F1E256061D813B125E156E8E6266D4AC0962C7D is imported in APT keyring')
     is_expected.to contain_exec('ensure key A2923DFF56EDA6E76E55E492D3A80E30382E94DE is imported in APT keyring')
   end
 end
@@ -15,7 +15,7 @@
     is_expected.to contain_file('/usr/share/keyrings/datadog-archive-keyring.gpg')
     is_expected.not_to contain_file('/etc/apt/trusted.gpg.d/datadog-archive-keyring.gpg')
     is_expected.to contain_exec('ensure key DATADOG_APT_KEY_CURRENT.public is imported in APT keyring')
-    is_expected.to contain_exec('ensure key D75CEA17048B9ACBF186794B32637D44F14F620E is imported in APT keyring')
+    is_expected.to contain_exec('ensure key 5F1E256061D813B125E156E8E6266D4AC0962C7D is imported in APT keyring')
     is_expected.to contain_exec('ensure key A2923DFF56EDA6E76E55E492D3A80E30382E94DE is imported in APT keyring')
   end
 end

From 09c994a8b7026d5337f3d077db26b14aa89ba430 Mon Sep 17 00:00:00 2001
From: Nicolas Schweitzer <nicolas.schweitzer@datadoghq.com>
Date: Fri, 9 Jun 2023 22:47:01 +0200
Subject: [PATCH 2/2] AP-2104 append keys instead of replacing

---
 manifests/redhat.pp                       | 1 +
 manifests/suse.pp                         | 1 +
 manifests/ubuntu.pp                       | 1 +
 spec/classes/datadog_agent_redhat_spec.rb | 7 +++++++
 spec/classes/datadog_agent_suse_spec.rb   | 2 ++
 spec/classes/datadog_agent_ubuntu_spec.rb | 2 ++
 6 files changed, 14 insertions(+)

diff --git a/manifests/redhat.pp b/manifests/redhat.pp
index ad365af2..398be603 100644
--- a/manifests/redhat.pp
+++ b/manifests/redhat.pp
@@ -17,6 +17,7 @@
     $keys = [
         'https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public',
         'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public',
+        'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public',
         'https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public',
     ]
 
diff --git a/manifests/suse.pp b/manifests/suse.pp
index e24b5b3c..e837b1f3 100644
--- a/manifests/suse.pp
+++ b/manifests/suse.pp
@@ -16,6 +16,7 @@
   $all_keys = [
     $current_key,
     'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public',
+    'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public',
     'https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public',
   ]
 
diff --git a/manifests/ubuntu.pp b/manifests/ubuntu.pp
index f57f115a..d7237ff4 100644
--- a/manifests/ubuntu.pp
+++ b/manifests/ubuntu.pp
@@ -15,6 +15,7 @@
   Optional[Hash[String, String]] $apt_default_keys = {
     'DATADOG_APT_KEY_CURRENT.public'           => 'https://keys.datadoghq.com/DATADOG_APT_KEY_CURRENT.public',
     '5F1E256061D813B125E156E8E6266D4AC0962C7D' => 'https://keys.datadoghq.com/DATADOG_APT_KEY_C0962C7D.public',
+    'D75CEA17048B9ACBF186794B32637D44F14F620E' => 'https://keys.datadoghq.com/DATADOG_APT_KEY_F14F620E.public',
     'A2923DFF56EDA6E76E55E492D3A80E30382E94DE' => 'https://keys.datadoghq.com/DATADOG_APT_KEY_382E94DE.public',
   },
 ) inherits datadog_agent::params {
diff --git a/spec/classes/datadog_agent_redhat_spec.rb b/spec/classes/datadog_agent_redhat_spec.rb
index 129a1227..4597ef5b 100644
--- a/spec/classes/datadog_agent_redhat_spec.rb
+++ b/spec/classes/datadog_agent_redhat_spec.rb
@@ -29,6 +29,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/rpm/x86_64/')\
           .with_repo_gpgcheck(false)
@@ -77,6 +78,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/6/x86_64/')\
           .with_repo_gpgcheck(true)
@@ -126,6 +128,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\
           .with_repo_gpgcheck(true)
@@ -178,6 +181,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\
           .with_repo_gpgcheck(false)
@@ -211,6 +215,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\
           .with_repo_gpgcheck(true)
@@ -242,6 +247,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\
           .with_repo_gpgcheck(true)
@@ -273,6 +279,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\
           .with_repo_gpgcheck(true)
diff --git a/spec/classes/datadog_agent_suse_spec.rb b/spec/classes/datadog_agent_suse_spec.rb
index afbb97fb..ab0ead18 100644
--- a/spec/classes/datadog_agent_suse_spec.rb
+++ b/spec/classes/datadog_agent_suse_spec.rb
@@ -32,6 +32,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/suse/stable/6/x86_64')
         # .with_repo_gpgcheck(true)
@@ -51,6 +52,7 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/suse/stable/7/x86_64')
         # .with_repo_gpgcheck(true)
diff --git a/spec/classes/datadog_agent_ubuntu_spec.rb b/spec/classes/datadog_agent_ubuntu_spec.rb
index cbf80c4d..d7335aa6 100644
--- a/spec/classes/datadog_agent_ubuntu_spec.rb
+++ b/spec/classes/datadog_agent_ubuntu_spec.rb
@@ -6,6 +6,7 @@
     is_expected.to contain_file('/etc/apt/trusted.gpg.d/datadog-archive-keyring.gpg')
     is_expected.to contain_exec('ensure key DATADOG_APT_KEY_CURRENT.public is imported in APT keyring')
     is_expected.to contain_exec('ensure key 5F1E256061D813B125E156E8E6266D4AC0962C7D is imported in APT keyring')
+    is_expected.to contain_exec('ensure key D75CEA17048B9ACBF186794B32637D44F14F620E is imported in APT keyring')
     is_expected.to contain_exec('ensure key A2923DFF56EDA6E76E55E492D3A80E30382E94DE is imported in APT keyring')
   end
 end
@@ -16,6 +17,7 @@
     is_expected.not_to contain_file('/etc/apt/trusted.gpg.d/datadog-archive-keyring.gpg')
     is_expected.to contain_exec('ensure key DATADOG_APT_KEY_CURRENT.public is imported in APT keyring')
     is_expected.to contain_exec('ensure key 5F1E256061D813B125E156E8E6266D4AC0962C7D is imported in APT keyring')
+    is_expected.to contain_exec('ensure key D75CEA17048B9ACBF186794B32637D44F14F620E is imported in APT keyring')
     is_expected.to contain_exec('ensure key A2923DFF56EDA6E76E55E492D3A80E30382E94DE is imported in APT keyring')
   end
 end