[AP-2104] Add new APT and RPM signing keys (#782)

* Update signing keys

* AP-2104 append keys instead of replacing

Author: chouetz

manifests/redhat.pp

@@ -18,6 +18,7 @@
         'https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public',
         'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public',
         'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public',
+        'https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public',
     ]
 
     if ($rpm_repo_gpgcheck != undef) {

manifests/suse.pp

@@ -17,6 +17,7 @@
     $current_key,
     'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public',
     'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public',
+    'https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public',
   ]
 
   if ($rpm_repo_gpgcheck != undef) {

manifests/ubuntu.pp

@@ -14,6 +14,7 @@
   Optional[String] $apt_usr_share_keyring = '/usr/share/keyrings/datadog-archive-keyring.gpg',
   Optional[Hash[String, String]] $apt_default_keys = {
     'DATADOG_APT_KEY_CURRENT.public'           => 'https://keys.datadoghq.com/DATADOG_APT_KEY_CURRENT.public',
+    '5F1E256061D813B125E156E8E6266D4AC0962C7D' => 'https://keys.datadoghq.com/DATADOG_APT_KEY_C0962C7D.public',
     'D75CEA17048B9ACBF186794B32637D44F14F620E' => 'https://keys.datadoghq.com/DATADOG_APT_KEY_F14F620E.public',
     'A2923DFF56EDA6E76E55E492D3A80E30382E94DE' => 'https://keys.datadoghq.com/DATADOG_APT_KEY_382E94DE.public',
   },

spec/classes/datadog_agent_redhat_spec.rb

@@ -29,7 +29,8 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/rpm/x86_64/')\
           .with_repo_gpgcheck(false)
       end
@@ -77,7 +78,8 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/6/x86_64/')\
           .with_repo_gpgcheck(true)
       end
@@ -126,7 +128,8 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\
           .with_repo_gpgcheck(true)
       end
@@ -178,7 +181,8 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\
           .with_repo_gpgcheck(false)
       end
@@ -211,7 +215,8 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\
           .with_repo_gpgcheck(true)
       end
@@ -242,7 +247,8 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\
           .with_repo_gpgcheck(true)
       end
@@ -273,7 +279,8 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/stable/7/x86_64/')\
           .with_repo_gpgcheck(true)
       end

spec/classes/datadog_agent_suse_spec.rb

@@ -32,7 +32,8 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/suse/stable/6/x86_64')
         # .with_repo_gpgcheck(true)
       end
@@ -51,7 +52,8 @@
           .with_gpgcheck(1)\
           .with_gpgkey('https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public
        https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public
-       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public')\
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public
+       https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public')\
           .with_baseurl('https://yum.datadoghq.com/suse/stable/7/x86_64')
         # .with_repo_gpgcheck(true)
       end

spec/classes/datadog_agent_ubuntu_spec.rb

@@ -5,6 +5,7 @@
     is_expected.to contain_file('/usr/share/keyrings/datadog-archive-keyring.gpg')
     is_expected.to contain_file('/etc/apt/trusted.gpg.d/datadog-archive-keyring.gpg')
     is_expected.to contain_exec('ensure key DATADOG_APT_KEY_CURRENT.public is imported in APT keyring')
+    is_expected.to contain_exec('ensure key 5F1E256061D813B125E156E8E6266D4AC0962C7D is imported in APT keyring')
     is_expected.to contain_exec('ensure key D75CEA17048B9ACBF186794B32637D44F14F620E is imported in APT keyring')
     is_expected.to contain_exec('ensure key A2923DFF56EDA6E76E55E492D3A80E30382E94DE is imported in APT keyring')
   end
@@ -15,6 +16,7 @@
     is_expected.to contain_file('/usr/share/keyrings/datadog-archive-keyring.gpg')
     is_expected.not_to contain_file('/etc/apt/trusted.gpg.d/datadog-archive-keyring.gpg')
     is_expected.to contain_exec('ensure key DATADOG_APT_KEY_CURRENT.public is imported in APT keyring')
+    is_expected.to contain_exec('ensure key 5F1E256061D813B125E156E8E6266D4AC0962C7D is imported in APT keyring')
     is_expected.to contain_exec('ensure key D75CEA17048B9ACBF186794B32637D44F14F620E is imported in APT keyring')
     is_expected.to contain_exec('ensure key A2923DFF56EDA6E76E55E492D3A80E30382E94DE is imported in APT keyring')
   end