Set UseRoaming parameter only on Linux clients

- add variable validation
- add tests

README.md

@@ -340,6 +340,12 @@ This module sets this option to 'yes' on Linux and undef on Solaris.
 
 - *Default*: 'USE_DEFAULTS'
 
+ssh_config_use_roaming
+----------------------
+String to enable or disable UseRoaming in client configuration ssh_config. Valid values are 'yes', 'no' and 'unset'. Using 'unset' will not use (print) this configuration parameter at all. Default is set to 'no' on Linux and 'unset' on Solaris.
+
+- *Default*: 'USE_DEFAULTS'
+
 sshd_client_alive_interval
 --------------------------
 ClientAliveInterval in sshd_config.

manifests/init.pp

@@ -22,7 +22,7 @@ class ssh (
   $ssh_config_sendenv_xmodifiers       = false,
   $ssh_config_ciphers                  = undef,
   $ssh_config_macs                     = undef,
-  $ssh_config_use_roaming              = 'no',
+  $ssh_config_use_roaming              = 'USE_DEFAULTS',
   $ssh_config_template                 = 'ssh/ssh_config.erb',
   $ssh_sendenv                         = 'USE_DEFAULTS',
   $ssh_gssapiauthentication            = 'yes',
@@ -108,6 +108,7 @@ class ssh (
       $default_ssh_package_source              = undef
       $default_ssh_package_adminfile           = undef
       $default_ssh_sendenv                     = true
+      $default_ssh_config_use_roaming          = 'no'
       $default_sshd_config_subsystem_sftp      = '/usr/libexec/openssh/sftp-server'
       $default_sshd_config_mode                = '0600'
       $default_sshd_config_use_dns             = 'yes'
@@ -128,6 +129,7 @@ class ssh (
       $default_ssh_package_source              = undef
       $default_ssh_package_adminfile           = undef
       $default_ssh_sendenv                     = true
+      $default_ssh_config_use_roaming          = 'no'
       $default_ssh_config_forward_x11_trusted  = 'yes'
       $default_sshd_config_mode                = '0600'
       $default_sshd_config_use_dns             = 'yes'
@@ -165,6 +167,7 @@ class ssh (
       $default_ssh_package_source              = undef
       $default_ssh_package_adminfile           = undef
       $default_ssh_sendenv                     = true
+      $default_ssh_config_use_roaming          = 'no'
       $default_sshd_config_subsystem_sftp      = '/usr/lib/openssh/sftp-server'
       $default_sshd_config_mode                = '0600'
       $default_sshd_config_use_dns             = 'yes'
@@ -182,6 +185,7 @@ class ssh (
       $default_ssh_config_hash_known_hosts     = undef
       $default_ssh_sendenv                     = false
       $default_ssh_config_forward_x11_trusted  = undef
+      $default_ssh_config_use_roaming          = 'unset'
       $default_sshd_config_subsystem_sftp      = '/usr/lib/ssh/sftp-server'
       $default_sshd_config_mode                = '0644'
       $default_sshd_config_use_dns             = undef
@@ -338,6 +342,12 @@ class ssh (
     $sshd_gssapicleanupcredentials_real = $sshd_gssapicleanupcredentials
   }
 
+  if $ssh_config_use_roaming == 'USE_DEFAULTS' {
+    $ssh_config_use_roaming_real = $default_ssh_config_use_roaming
+  } else {
+    $ssh_config_use_roaming_real = $ssh_config_use_roaming
+  }
+
   if $ssh_sendenv == 'USE_DEFAULTS' {
     $ssh_sendenv_real = $default_ssh_sendenv
   } else {
@@ -434,6 +444,9 @@ class ssh (
   if $sshd_config_serverkeybits_real != undef {
     if is_integer($sshd_config_serverkeybits_real) == false { fail("ssh::sshd_config_serverkeybits must be an integer and is set to <${sshd_config_serverkeybits}>.") }
   }
+  if $ssh_config_use_roaming_real != undef {
+    validate_re($ssh_config_use_roaming_real, '^(yes|no|unset)$', "ssh::ssh_config_use_roaming may be either 'yes', 'no' or 'unset' and is set to <${$ssh_config_use_roaming}>.")
+  }
   if is_integer($sshd_client_alive_interval) == false { fail("ssh::sshd_client_alive_interval must be an integer and is set to <${sshd_client_alive_interval}>.") }
   if is_integer($sshd_client_alive_count_max) == false { fail("ssh::sshd_client_alive_count_max must be an integer and is set to <${sshd_client_alive_count_max}>.") }
 

spec/classes/init_spec.rb

@@ -59,6 +59,7 @@ describe 'ssh' do
 
         it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
         it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
+        it { should contain_file('ssh_config').with_content(/^\s*UseRoaming no$/) }
         it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) }
 
         it {
@@ -204,6 +205,7 @@ describe 'ssh' do
 
     it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
     it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
+    it { should contain_file('ssh_config').without_content(/^\s*UseRoaming/) }
     it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) }
     it { should_not contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) }
     it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) }
@@ -326,6 +328,7 @@ describe 'ssh' do
 
     it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
     it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
+    it { should contain_file('ssh_config').without_content(/^\s*UseRoaming/) }
     it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) }
     it { should_not contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) }
     it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) }
@@ -446,6 +449,7 @@ describe 'ssh' do
 
     it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
     it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
+    it { should contain_file('ssh_config').without_content(/^\s*UseRoaming/) }
     it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) }
     it { should_not contain_file('ssh_config').with_content(/^\s*SendEnv L.*$/) }
     it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) }
@@ -567,6 +571,7 @@ describe 'ssh' do
 
     it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
     it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
+    it { should contain_file('ssh_config').with_content(/^\s*UseRoaming no$/) }
     it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) }
     it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) }
     it { should contain_file('ssh_config').without_content(/^\s*MACs/) }
@@ -695,6 +700,7 @@ describe 'ssh' do
 
     it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
     it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
+    it { should contain_file('ssh_config').with_content(/^\s*UseRoaming no$/) }
     it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) }
     it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) }
     it { should contain_file('ssh_config').without_content(/^\s*MACs/) }
@@ -825,6 +831,7 @@ describe 'ssh' do
 
     it { should contain_file('ssh_config').without_content(/^\s*ForwardAgent$/) }
     it { should contain_file('ssh_config').without_content(/^\s*ForwardX11$/) }
+    it { should contain_file('ssh_config').with_content(/^\s*UseRoaming no$/) }
     it { should contain_file('ssh_config').without_content(/^\s*ServerAliveInterval$/) }
     it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) }
     it { should contain_file('ssh_config').without_content(/^\s*MACs/) }
@@ -953,6 +960,7 @@ describe 'ssh' do
 
     it { should_not contain_file('ssh_config').with_content(/^\s*ForwardAgent$/) }
     it { should_not contain_file('ssh_config').with_content(/^\s*ForwardX11$/) }
+    it { should contain_file('ssh_config').with_content(/^\s*UseRoaming no$/) }
     it { should_not contain_file('ssh_config').with_content(/^\s*ServerAliveInterval$/) }
     it { should contain_file('ssh_config').without_content(/^\s*Ciphers/) }
     it { should contain_file('ssh_config').without_content(/^\s*MACs/) }
@@ -1062,6 +1070,7 @@ describe 'ssh' do
         :ssh_config_hash_known_hosts        => 'yes',
         :ssh_config_forward_agent           => 'yes',
         :ssh_config_forward_x11             => 'yes',
+        :ssh_config_use_roaming             => 'yes',
         :ssh_config_server_alive_interval   => '300',
         :ssh_config_sendenv_xmodifiers      => true,
         :ssh_config_ciphers                 => [ 'aes128-cbc',
@@ -1099,6 +1108,7 @@ describe 'ssh' do
     it { should contain_file('ssh_config').with_content(/^  ForwardAgent yes$/) }
     it { should contain_file('ssh_config').with_content(/^  ForwardX11 yes$/) }
     it { should contain_file('ssh_config').with_content(/^\s*GSSAPIAuthentication yes$/) }
+    it { should contain_file('ssh_config').with_content(/^\s*UseRoaming yes$/) }
     it { should contain_file('ssh_config').with_content(/^  ServerAliveInterval 300$/) }
     it { should contain_file('ssh_config').with_content(/^  SendEnv XMODIFIERS$/) }
     it { should contain_file('ssh_config').with_content(/^\s*Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc$/) }
@@ -3440,4 +3450,63 @@ describe 'ssh' do
       end
     end
   end
+
+  describe 'with parameter ssh_config_use_roaming' do
+    let(:facts) { { :osfamily  => 'RedHat' } }
+
+    ['yes','no','unset'].each do |value|
+      context "set to valid value #{value}" do
+        let(:params) { { :ssh_config_use_roaming => value } }
+        if value == 'unset'
+          it { should contain_file('ssh_config').without_content(/^\s*UseRoaming/) }
+        else
+          it { should contain_file('ssh_config').with_content(/^\s*UseRoaming #{value}$/) }
+        end
+      end
+    end
+  end
+
+  describe 'variable type and content validations' do
+    # set needed custom facts and variables
+    let(:facts) do
+      {
+        :osfamily => 'RedHat',
+      }
+    end
+    let(:mandatory_params) do
+      {
+        #:param => 'value',
+      }
+    end
+
+    validations = {
+      'regex (yes|no|unset)' => {
+        :name    => %w(ssh_config_use_roaming),
+        :valid   => ['yes', 'no', 'unset'],
+        :invalid => ['string', %w(array), { 'ha' => 'sh' }, 3, 2.42, true, false, nil],
+        :message => 'may be either \'yes\', \'no\' or \'unset\'',
+      },
+    }
+
+    validations.sort.each do |type, var|
+      var[:name].each do |var_name|
+        var[:params] = {} if var[:params].nil?
+        var[:valid].each do |valid|
+          context "when #{var_name} (#{type}) is set to valid #{valid} (as #{valid.class})" do
+            let(:params) { [mandatory_params, var[:params], { :"#{var_name}" => valid, }].reduce(:merge) }
+            it { should compile }
+          end
+        end
+
+        var[:invalid].each do |invalid|
+          context "when #{var_name} (#{type}) is set to invalid #{invalid} (as #{invalid.class})" do
+            let(:params) { [mandatory_params, var[:params], { :"#{var_name}" => invalid, }].reduce(:merge) }
+            it 'should fail' do
+              expect { should contain_class(subject) }.to raise_error(Puppet::Error, /#{var[:message]}/)
+            end
+          end
+        end
+      end # var[:name].each
+    end # validations.sort.each
+  end # describe 'variable type and content validations'
 end

templates/ssh_config.erb

@@ -72,8 +72,8 @@ GSSAPIDelegateCredentials <%= @ssh_gssapidelegatecredentials %>
 <% if @ssh_config_forward_x11 != nil -%>
   ForwardX11 <%= @ssh_config_forward_x11 %>
 <% end -%>
-<% if @ssh_config_use_roaming != nil -%>
+<% if (@ssh_config_use_roaming_real == 'yes') or (@ssh_config_use_roaming_real == 'no') -%>
-  UseRoaming <%= @ssh_config_use_roaming %>
+  UseRoaming <%= @ssh_config_use_roaming_real %>
 <% end -%>
 <% if @ssh_config_server_alive_interval != nil -%>
   ServerAliveInterval <%= @ssh_config_server_alive_interval %>