diff --git a/manifests/init.pp b/manifests/init.pp index bf8f19a..eb3cfbb 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -130,6 +130,25 @@ # # - *Default*: "# This file is being maintained by Puppet.\n# DO NOT EDIT\n" # +# keys +# ---- +# Keys for user's ~/.ssh/authorized_keys +# +# - *Default*: undefined +# +# Sample usage: +# # Push authorized key "root_for_userX" and remove key "root_for_userY" with hiera +# +# ssh::keys: +# root_for_userX: +# ensure: present +# user: root +# type: dsa +# key: AAAA...== +# root_for_userY: +# ensure: absent +# user: root +# class ssh ( $packages = ['openssh-server', 'openssh-server', @@ -154,6 +173,7 @@ class ssh ( $ssh_key_type = 'ssh-rsa', $manage_root_ssh_config = 'false', $root_ssh_config_content = "# This file is being maintained by Puppet.\n# DO NOT EDIT\n", + $keys = undef, ) { case $permit_root_login { @@ -276,4 +296,12 @@ class ssh ( resources { 'sshkey': purge => $purge_keys, } + + # push ssh authorized keys + if $keys != undef { + $keytype = type($keys) + if $keytype == 'hash' { + create_resources(ssh_authorized_key, $keys) + } + } } diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 5cbdae8..eb7d7e6 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -247,4 +247,30 @@ describe 'ssh' do }) } end + context 'with keys defined' do + let(:params) { { :keys => { + 'root_for_userX' => { + 'ensure' => 'present', + 'user' => 'root', + 'type' => 'dsa', + 'key' => 'AAAA==', + }, + 'root_for_userY' => { + 'ensure' => 'absent', + 'user' => 'root', + } + } } } + it { + should contain_ssh_authorized_key('root_for_userX').with({ + 'ensure' => 'present', + 'user' => 'root', + 'type' => 'dsa', + 'key' => 'AAAA==', + }) + should contain_ssh_authorized_key('root_for_userY').with({ + 'ensure' => 'absent', + 'user' => 'root', + }) + } + end end