Puppet unable to fetch gpg key

Question

I am automating the following task with puppet https://www.getenvoy.io/install/envoy/ubuntu/

curl -sL 'https://getenvoy.io/gpg' | sudo apt-key add -
sudo add-apt-repository \
"deb [arch=amd64] https://dl.bintray.com/tetrate/getenvoy-deb \
$(lsb_release -cs) \
stable"
sudo apt-get update && sudo apt-get install -y getenvoy-envoy

I have the following puppet class

class envoy::install {

  apt::source { "envoy-${::lsbdistcodename}":
    location => 'https://dl.bintray.com/tetrate/getenvoy-deb',
    release  => $::lsbdistcodename,
    repos    => 'stable',
    key      => {
      'server' => 'https://getenvoy.io/gpg',
      'id'     => '5270CEAC57F63EBD9EA9005D0253D0B26FF974DB'
    }
  }

}

The server url https://getenvoy.io/gpg appears to be invalid because the module returns

erver Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Function Call, 
assert_type(): expects a match for 
Pattern[/\A((hkp|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?$/], got 'https://getenvoy.io/gpg' (file: /srv/puppetmaster/current/environments/envoy_apt/modules/apt/manifests/key.pp, line: 23, column: 5)

If I change https://getenvoy.io/gpg to https://getenvoy.io, puppet no longer errors, but instead returns

Error: Execution of '/usr/bin/apt-key adv --keyserver https://getenvoy.io --recv-keys 5270CEAC57F63EBD9EA9005D0253D0B26FF974DB' returned 2: Warning: apt-key output should not be parsed (stdout is not a terminal)
Executing: /tmp/apt-key-gpghome.DYIyo3MINv/gpg.1.sh --keyserver https://getenvoy.io --recv-keys 5270CEAC57F63EBD9EA9005D0253D0B26FF974DB
gpg: no valid OpenPGP data found.

Does puppet have a mechanism to support gpg keys that aren't stored at the root directory of a website? How can I get apt::source to support /gpg in the path?

Update

sudo apt-key adv --keyserver https://getenvoy.io/gpg --recv 6FF974DB
Executing: /tmp/apt-key-gpghome.7zAas2TfeV/gpg.1.sh --keyserver https://getenvoy.io/gpg --recv 6FF974DB
gpg: key 0253D0B26FF974DB: public key "GetEnvoy <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1

sudo apt-key adv --keyserver https://getenvoy.io --recv 6FF974DB
Executing: /tmp/apt-key-gpghome.DG7UFZ6Ogz/gpg.1.sh --keyserver https://getenvoy.io --recv 6FF974DB
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

sudo apt-key adv --keyserver https://getenvoy.io/gpg --recv 5270CEAC57F63EBD9EA9005D0253D0B26FF974DB
Executing: /tmp/apt-key-gpghome.eCuCy44ieF/gpg.1.sh --keyserver https://getenvoy.io/gpg --recv 5270CEAC57F63EBD9EA9005D0253D0B26FF974DB
gpg: key 0253D0B26FF974DB: "GetEnvoy <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

Answer 1

I was able to work around the issue by splitting apt::source and apt::key

  apt::key {'getenvoy':
    id      => '5270CEAC57F63EBD9EA9005D0253D0B26FF974DB',
    source  => 'https://getenvoy.io/gpg',
  }->
  apt::source { "envoy-${::lsbdistcodename}":
    location => 'https://dl.bintray.com/tetrate/getenvoy-deb',
    release  => $::lsbdistcodename,
    repos    => 'stable',
    notify   => [
      Class['apt::update'],
    ]
  }