Add support for multiple files in GlobalKnownHostsFile ssh option
Array option ssh_config_global_known_hosts_list implemented
This commit is contained in:
parent
5be19cd1d7
commit
0d936a954c
@ -640,6 +640,12 @@ File of the global known_hosts file
|
|||||||
|
|
||||||
- *Default*: '/etc/ssh/ssh_known_hosts'
|
- *Default*: '/etc/ssh/ssh_known_hosts'
|
||||||
|
|
||||||
|
ssh_config_global_known_hosts_list
|
||||||
|
----------------------------------
|
||||||
|
Array of additional known_hosts files to be added to GlobalKnownHostsFile option together with ssh_config_global_known_hosts_file
|
||||||
|
|
||||||
|
- *Default*: undefined
|
||||||
|
|
||||||
ssh_config_global_known_hosts_owner
|
ssh_config_global_known_hosts_owner
|
||||||
----------------------------------
|
----------------------------------
|
||||||
Owner of the global known_hosts file
|
Owner of the global known_hosts file
|
||||||
|
@ -95,6 +95,7 @@ class ssh (
|
|||||||
$ssh_key_import = true,
|
$ssh_key_import = true,
|
||||||
$ssh_key_type = 'ssh-rsa',
|
$ssh_key_type = 'ssh-rsa',
|
||||||
$ssh_config_global_known_hosts_file = '/etc/ssh/ssh_known_hosts',
|
$ssh_config_global_known_hosts_file = '/etc/ssh/ssh_known_hosts',
|
||||||
|
$ssh_config_global_known_hosts_list = undef,
|
||||||
$ssh_config_global_known_hosts_owner = 'root',
|
$ssh_config_global_known_hosts_owner = 'root',
|
||||||
$ssh_config_global_known_hosts_group = 'root',
|
$ssh_config_global_known_hosts_group = 'root',
|
||||||
$ssh_config_global_known_hosts_mode = '0644',
|
$ssh_config_global_known_hosts_mode = '0644',
|
||||||
@ -648,6 +649,15 @@ class ssh (
|
|||||||
}
|
}
|
||||||
|
|
||||||
validate_absolute_path($ssh_config_global_known_hosts_file)
|
validate_absolute_path($ssh_config_global_known_hosts_file)
|
||||||
|
$ssh_config_global_known_hosts_file_real = any2array($ssh_config_global_known_hosts_file)
|
||||||
|
|
||||||
|
if $ssh_config_global_known_hosts_list != undef {
|
||||||
|
validate_array($ssh_config_global_known_hosts_list)
|
||||||
|
validate_absolute_path($ssh_config_global_known_hosts_list)
|
||||||
|
$ssh_config_global_known_hosts_list_real = concat($ssh_config_global_known_hosts_file_real, $ssh_config_global_known_hosts_list)
|
||||||
|
} else {
|
||||||
|
$ssh_config_global_known_hosts_list_real = $ssh_config_global_known_hosts_file_real
|
||||||
|
}
|
||||||
|
|
||||||
if $ssh_config_user_known_hosts_file != undef {
|
if $ssh_config_user_known_hosts_file != undef {
|
||||||
validate_array($ssh_config_user_known_hosts_file)
|
validate_array($ssh_config_user_known_hosts_file)
|
||||||
|
@ -327,6 +327,9 @@ describe 'ssh' do
|
|||||||
'hmac-sha1-etm@openssh.com',
|
'hmac-sha1-etm@openssh.com',
|
||||||
],
|
],
|
||||||
:ssh_config_global_known_hosts_file => '/etc/ssh/ssh_known_hosts2',
|
:ssh_config_global_known_hosts_file => '/etc/ssh/ssh_known_hosts2',
|
||||||
|
:ssh_config_global_known_hosts_list => [ '/etc/ssh/ssh_known_hosts3',
|
||||||
|
'/etc/ssh/ssh_known_hosts4',
|
||||||
|
],
|
||||||
:ssh_config_user_known_hosts_file => [ '.ssh/known_hosts1',
|
:ssh_config_user_known_hosts_file => [ '.ssh/known_hosts1',
|
||||||
'.ssh/known_hosts2',
|
'.ssh/known_hosts2',
|
||||||
],
|
],
|
||||||
@ -361,7 +364,7 @@ describe 'ssh' do
|
|||||||
it { should contain_file('ssh_config').with_content(/^ SendEnv XMODIFIERS$/) }
|
it { should contain_file('ssh_config').with_content(/^ SendEnv XMODIFIERS$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^\s*Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc$/) }
|
it { should contain_file('ssh_config').with_content(/^\s*Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^\s*MACs hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com$/) }
|
it { should contain_file('ssh_config').with_content(/^\s*MACs hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^\s*GlobalKnownHostsFile \/etc\/ssh\/ssh_known_hosts2$/) }
|
it { should contain_file('ssh_config').with_content(/^\s*GlobalKnownHostsFile \/etc\/ssh\/ssh_known_hosts2 \/etc\/ssh\/ssh_known_hosts3 \/etc\/ssh\/ssh_known_hosts4$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^\s*UserKnownHostsFile \.ssh\/known_hosts1 \.ssh\/known_hosts2$/) }
|
it { should contain_file('ssh_config').with_content(/^\s*UserKnownHostsFile \.ssh\/known_hosts1 \.ssh\/known_hosts2$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^\s*HostbasedAuthentication yes$/) }
|
it { should contain_file('ssh_config').with_content(/^\s*HostbasedAuthentication yes$/) }
|
||||||
it { should contain_file('ssh_config').with_content(/^\s*StrictHostKeyChecking ask$/) }
|
it { should contain_file('ssh_config').with_content(/^\s*StrictHostKeyChecking ask$/) }
|
||||||
@ -2294,6 +2297,47 @@ describe 'ssh' do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'with parameter ssh_config_global_known_hosts_list' do
|
||||||
|
let :facts do
|
||||||
|
default_facts.merge(
|
||||||
|
{
|
||||||
|
}
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when set to an array of valid absolute paths' do
|
||||||
|
let (:params) {{'ssh_config_global_known_hosts_list' => ['/valid/path1','/valid/path2'] }}
|
||||||
|
|
||||||
|
it { should contain_file('ssh_config').with_content(/^\s*GlobalKnownHostsFile.*\/valid\/path1 \/valid\/path2$/) }
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'specified as an invalid path' do
|
||||||
|
let(:params) {{ :ssh_config_global_known_hosts_list => ['/valid/path','invalid/path'] }}
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect {
|
||||||
|
should contain_class('ssh')
|
||||||
|
}.to raise_error(Puppet::Error,/\"invalid\/path\" is not an absolute path\./)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
['YES',true,2.42,a = { 'ha' => 'sh' }].each do |value|
|
||||||
|
context "specified as invalid value #{value} (as #{value.class})" do
|
||||||
|
let(:params) { { :ssh_config_global_known_hosts_list => value } }
|
||||||
|
|
||||||
|
if value.is_a?(Hash)
|
||||||
|
value = '{ha => sh}'
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect {
|
||||||
|
should contain_class('ssh')
|
||||||
|
}.to raise_error(Puppet::Error, /is not an Array/)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe 'with parameter ssh_config_user_known_hosts_file' do
|
describe 'with parameter ssh_config_user_known_hosts_file' do
|
||||||
let :facts do
|
let :facts do
|
||||||
default_facts.merge(
|
default_facts.merge(
|
||||||
|
@ -57,8 +57,8 @@
|
|||||||
<% if @ssh_config_hash_known_hosts_real != nil -%>
|
<% if @ssh_config_hash_known_hosts_real != nil -%>
|
||||||
HashKnownHosts <%= @ssh_config_hash_known_hosts_real %>
|
HashKnownHosts <%= @ssh_config_hash_known_hosts_real %>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
<% if @ssh_config_global_known_hosts_file -%>
|
<% if @ssh_config_global_known_hosts_list_real -%>
|
||||||
GlobalKnownHostsFile <%= @ssh_config_global_known_hosts_file %>
|
GlobalKnownHostsFile <%= @ssh_config_global_known_hosts_list_real.join(' ') %>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
Host *
|
Host *
|
||||||
# GSSAPIAuthentication yes
|
# GSSAPIAuthentication yes
|
||||||
|
Loading…
x
Reference in New Issue
Block a user