tests: fully refactor and expand deb822 unit tests

lib/charms/operator_libs_linux/v0/apt.py

@@ -127,6 +127,7 @@
 
 VALID_SOURCE_TYPES = ("deb", "deb-src")
 OPTIONS_MATCHER = re.compile(r"\[.*?\]")
+_GPG_KEY_DIR = "/etc/apt/trusted.gpg.d/"
 
 
 class Error(Exception):
@@ -894,7 +895,7 @@ def import_key(key: str) -> str:
             key_bytes = key.encode("utf-8")
             key_name = DebianRepository._get_keyid_by_gpg_key(key_bytes)
             key_gpg = DebianRepository._dearmor_gpg_key(key_bytes)
-            gpg_key_filename = "/etc/apt/trusted.gpg.d/{}.gpg".format(key_name)
+            gpg_key_filename = os.path.join(_GPG_KEY_DIR, "{}.gpg".format(key_name))
             DebianRepository._write_apt_gpg_keyfile(
                 key_name=gpg_key_filename, key_material=key_gpg
             )
@@ -915,7 +916,7 @@ def import_key(key: str) -> str:
         key_asc = DebianRepository._get_key_by_keyid(key)
         # write the key in GPG format so that apt-key list shows it
         key_gpg = DebianRepository._dearmor_gpg_key(key_asc.encode("utf-8"))
-        gpg_key_filename = "/etc/apt/trusted.gpg.d/{}.gpg".format(key)
+        gpg_key_filename = os.path.join(_GPG_KEY_DIR, "{}.gpg".format(key))
         DebianRepository._write_apt_gpg_keyfile(key_name=gpg_key_filename, key_material=key_gpg)
         return gpg_key_filename
 
@@ -1272,7 +1273,7 @@ class RepositoryMapping(Mapping[str, DebianRepository]):
     _sources_subdir = "sources.list.d"
     _default_list_name = "sources.list"
     _default_sources_name = "ubuntu.sources"
-    _last_errors: Iterable[Error] = ()
+    _last_errors: Tuple[Error, ...] = ()
 
     def __init__(self):
         self._repository_map: Dict[str, DebianRepository] = {}
@@ -1537,7 +1538,7 @@ def _add_apt_repository(
             raise ValueError("{repo}.enabled is {value}".format(repo=repo, value=repo.enabled))
         line = repo._to_line()  # pyright: ignore[reportPrivateUsage]
         cmd = [
-            "apt-add-repository",
+            "add-apt-repository",
             "--yes",
             "--sourceslist=" + line,
         ]
@@ -1597,9 +1598,10 @@ def repositories(self) -> Tuple[DebianRepository, ...]:
         return self._repositories
 
     def get_gpg_key_filename(self) -> str:
-        """Return the path to the GPG key for this repository.
+        """Return the path to the GPG key for this stanza.
 
         Import the key first, if the key itself was provided in the stanza.
+        Return an empty string if no filename or key was provided.
         """
         if self._gpg_key_filename:
             return self._gpg_key_filename

tests/unit/data/individual-files/bad-stanza-components-missing-without-exact-path.sources

@@ -0,0 +1,4 @@
+Types: deb
+URIs: http://nz.archive.ubuntu.com/ubuntu/
+Suites: noble noble-updates noble-backports
+# this is an error, must have at least one component if suites isn't an exact path

tests/unit/data/individual-files/bad-stanza-components-present-with-exact-path.sources

@@ -0,0 +1,4 @@
+Types: deb
+URIs: http://nz.archive.ubuntu.com/ubuntu/
+Suites: an/exact/path/
+Components: main  # this is an error, can't have components with an exact path

tests/unit/data/individual-files/bad-stanza-enabled-bad.sources

@@ -0,0 +1,5 @@
+Types: deb
+URIs: http://nz.archive.ubuntu.com/ubuntu/
+Suites: noble noble-updates noble-backports
+Components: main restricted universe multiverse
+Enabled: bad

tests/unit/data/individual-files/bad-stanza-missing-required-keys.sources

@@ -0,0 +1,3 @@
+# a comment
+
+Foo: Bar  # this is a separate (malformed) entry

tests/unit/data/individual-files/good-stanza-comments.sources

@@ -0,0 +1,9 @@
+Components: main restricted universe multiverse  # Components first! I don't think deb822 cares about ordering
+Types: deb deb-src # this could be one or both of these options
+URIs: http://nz.archive.ubuntu.com/ubuntu/ http://archive.ubuntu.com/ubuntu/
+    # there can be multiple space separated URIs
+    # sources are specified in priority order
+    # apt does some de-duplication of sources after parsing too
+#Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+#    let's make this insecure! (jk, just testing parsing)
+Suites: noble noble-updates noble-backports

tests/unit/data/individual-files/good-stanza-enabled-no.sources

@@ -0,0 +1,5 @@
+Types: deb
+URIs: http://nz.archive.ubuntu.com/ubuntu/
+Suites: noble noble-updates noble-backports
+Components: main restricted universe multiverse
+Enabled: no

tests/unit/data/individual-files/good-stanza-exact-path.sources

@@ -0,0 +1,3 @@
+Types: deb
+URIs: http://nz.archive.ubuntu.com/ubuntu/
+Suites: an/exact/path/

tests/unit/data/individual-files/good-stanza-noble-main-etc.sources

@@ -0,0 +1,5 @@
+Types: deb
+URIs: http://nz.archive.ubuntu.com/ubuntu/
+Suites: noble noble-updates noble-backports
+Components: main restricted universe multiverse
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg

tests/unit/data/individual-files/good-stanza-noble-security.sources

@@ -0,0 +1,5 @@
+Types: deb
+URIs: http://security.ubuntu.com/ubuntu
+Suites: noble-security
+Components: main restricted universe multiverse
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg

tests/unit/data/individual-files/good-stanza-with-gpg-key.sources

@@ -0,0 +1,34 @@
+Types: deb
+URIs: https://ppa.launchpadcontent.net/inkscape.dev/stable/ubuntu/
+Suites: noble
+Components: main
+Signed-By: 
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ .
+ mQINBGY0ViQBEACsQsdIRXzyEkk38x2oDt1yQ/Kt3dsiDKJFNLbs/xiDHrgIW6cU
+ 1wZB0pfb3lCyG3/ZH5uvR0arCSHJvCvkdCFTqqkZndSA+/pXreCSLeP8CNawf/RM
+ 3cNbdJlE8jXzaX2qzSEC9FDNqu4cQHIHR7xMAbSCPW8rxKvRCWmkZccfndDuQyN2
+ vg3b2x9DWKS3DBRffivglF3yT49OuLemG5qJHujKOmNJZ32JoRniIivsuk1CCS1U
+ NDK6xWkr13aNe056QhVAh2iPF6MRE85zail+mQxt4LAgl/aLR0JSDSpWkbQH7kbu
+ 5cJVan8nYF9HelVJ3QuMwdz3VQn4YVO2Wc8s0YfnNdQttYaUx3lz35Fct6CaOqjP
+ pgsZ4467lmB9ut74G+wDCQXmT232hsBkTz4D0DyVPB/ziBgGWUKti0AWNT/3kFww
+ 2VM/80XADaDz0Sc/Hzi/cr9ZrbW3drMwoVvKtfMtOT7FMbeuPRWZKYZnDbvNm62e
+ ToKVudE0ijfsksxbcHKmGdvWntCxlinp0i39Jfz6y54pppjmbHRQgasmqm2EQLfA
+ RUNW/zB7gX80KTUCGjcLOTPajBIN5ZfjVITetryAFjv7fnK0qpf2OpqwF832W4V/
+ S3GZtErupPktYG77Z9jOUxcJeEGYjWbVlbit8mTKDRdQUXOeOO6TzB4RcwARAQAB
+ tCVMYXVuY2hwYWQgUFBBIGZvciBJbmtzY2FwZSBEZXZlbG9wZXJziQJOBBMBCgA4
+ FiEEVr3/0vHJaz0VdeO4XJoLhs0vyzgFAmY0ViQCGwMFCwkIBwIGFQoJCAsCBBYC
+ AwECHgECF4AACgkQXJoLhs0vyzh3RBAAo7Hee8i2I4n03/iq58lqml/OVJH9ZEle
+ amk3e0wsiVS0QdT/zB8/AMVDB1obazBfrHKJP9Ck+JKH0uxaGRxYBohTbO3Y3sBO
+ qRHz5VLcFzuyk7AA53AZkNx8Zbv6D0O4JTCPDJn9Gwbd/PpnvJm9Ri+zEiVPhXNu
+ oSBryGM09un2Yvi0DA+ulouSKTy9dkbI1R7flPZ2M/mKT8Lk0n1pJu5FvgPC4E6R
+ PT0Njw9+k/iHtP76U4SqHJZZx2I/TGlXMD1memyTK4adWZeGLaAiFadsoeJsDoDE
+ MkHFxFkr9n0E4wJhRGgL0OxDWugJemkUvHbzXFNUaeX5Spw/aO7r1CtTh8lyqiom
+ 4ebAkURjESRFOFzcsM7nyQnmt2OgQkEShSL3NrDMkj1+3+FgQtd8sbeVpmpGBq87
+ J3iq0YMsUysWq8DJSz4RnBTfeGlJWJkl3XxB9VbG3BqqbN9fRp+ccgZ51g5/DEA/
+ q8jYS7Ur5bAlSoeA4M3SvKSlQM8+aT35dteFzejvo1N+2n0E0KoymuRsDBdzby0z
+ lJDKe244L5D6UPJo9YTmtE4kG/fGNZ5/JdRA+pbe7f/z84HVcJ3ziGdF/Nio/D8k
+ uFjZP2M/mxC7j+WnmKAruqmY+5vkAEqUPTobsloDjT3B+z0rzWk8FG/G5KFccsBO
+ 2ekz6IVTXVA=
+ =VF33
+ -----END PGP PUBLIC KEY BLOCK-----

tests/unit/data/individual-files/stanzas-fully-commented-out.sources

@@ -0,0 +1,13 @@
+#a fully commented out stanza
+#Types: deb  # with an inline comment too
+#URIs: http://security.ubuntu.com/ubuntu
+#Suites: noble-security
+#Components: main restricted universe multiverse
+#Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+
+#another fully commented out stanza
+#Types: deb-src  # with an inline comment too
+#URIs: http://security.ubuntu.com/ubuntu
+#Suites: noble-security
+#Components: main restricted universe multiverse
+#Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg

tests/unit/data/individual-files/stanzas-noble.sources

@@ -0,0 +1,11 @@
+Types: deb
+URIs: http://nz.archive.ubuntu.com/ubuntu/
+Suites: noble noble-updates noble-backports
+Components: main restricted universe multiverse
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+
+Types: deb
+URIs: http://security.ubuntu.com/ubuntu
+Suites: noble-security
+Components: main restricted universe multiverse
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg

tests/unit/data/individual-files/stanzas-one-good-one-bad-comments.sources

@@ -0,0 +1,15 @@
+# a good entry that defines one repository
+Types: deb
+URIs: http://nz.archive.ubuntu.com/ubuntu/
+Suites: noble
+Components: main
+
+Foo: Bar  # this is a separate (malformed) entry
+
+# this is fully commented out and will be skipped entirely
+#Types: deb
+#URIs: http://security.ubuntu.com/ubuntu
+#Suites: noble-security
+#Components: main restricted universe multiverse
+#Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+## disable security updates while we're at it