From 4cefc650697e913a59092ce2180907c1d72fb09c Mon Sep 17 00:00:00 2001
From: David Hollinger <david.hollinger@nttsecurity.com>
Date: Mon, 24 Jul 2017 14:26:57 -0500
Subject: [PATCH] Update hostcertificated to take both Strings and Arrays

---
 manifests/init.pp         |  4 +++-
 spec/classes/init_spec.rb | 14 ++++++++------
 templates/sshd_config.erb |  4 +++-
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index e15e608..5f6a972 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -845,7 +845,9 @@ class ssh (
   }
 
   if $sshd_config_hostcertificate_real != undef {
-    validate_array($sshd_config_hostcertificate_real)
+    if is_array($sshd_config_hostcertificate_real) {
+      validate_array($sshd_config_hostcertificate_real)
+    }
     validate_absolute_path($sshd_config_hostcertificate_real)
   }
 
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index f224b85..256d52c 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -1075,7 +1075,7 @@ describe 'sshd_config_print_last_log param' do
     end
 
     context 'with a certificate' do
-      let(:params) { { :sshd_config_hostcertificate => ['/etc/ssh/ssh_host_key-cert.pub'] } }
+      let(:params) { { :sshd_config_hostcertificate => '/etc/ssh/ssh_host_key-cert.pub' } }
 
       it { should contain_file('sshd_config').with_content(/^HostCertificate \/etc\/ssh\/ssh_host_key-cert\.pub/) }
     end
@@ -1088,12 +1088,14 @@ describe 'sshd_config_print_last_log param' do
   end
 
   context 'with sshd_config_hostcertificate set to invalid value on valid osfamily' do
-    let(:params) { { :sshd_config_hostcertificate => 'invalid' } }
+    context 'with string' do
+      let(:params) { { :sshd_config_hostcertificate => 'invalid' } }
 
-    it 'should fail' do
-      expect {
-        should contain_class('ssh')
-      }.to raise_error(Puppet::PreformattedError,/"invalid" is not an Array/)
+      it 'should fail' do
+        expect {
+          should contain_class('ssh')
+        }.to raise_error(Puppet::Error,/"invalid" is not an absolute path/)
+      end
     end
   end
 
diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb
index 0bc1881..b3b9ca1 100644
--- a/templates/sshd_config.erb
+++ b/templates/sshd_config.erb
@@ -263,10 +263,12 @@ Match <%= key %>
 <%     end -%>
 <%   end -%>
 <% end -%>
-<% if @sshd_config_hostcertificate_real -%>
+<% if @sshd_config_hostcertificate_real.class == Array -%>
 <%   @sshd_config_hostcertificate_real.each do |cert| -%>
 HostCertificate <%= cert %>
 <%   end -%>
+<% elsif @sshd_config_hostcertificate_real.class == String -%>
+HostCertificate <%= @sshd_config_hostcertificate_real %>
 <% end -%>
 <% if @sshd_config_trustedusercakeys_real -%>
 TrustedUserCAKeys <%= @sshd_config_trustedusercakeys_real %>